IT audit: map, prioritise and secure your information system
A factual review of your information system: workstations, servers, network, cloud, licences, backups and security. Each identified risk is assessed, ranked, then translated into a prioritised action plan, presented to your management in clear language. In Paris and across Île-de-France.
Heterogeneous machines, missing or outdated documentation, dependence on a single person or a long-standing provider: no one knows exactly what the information system is made of any more, or who holds which access.
02
Risks that have never been measured
Backups never tested for restore, dormant accounts, end-of-support systems, permissions accumulated over the years: the weaknesses exist, but without a documented review they remain invisible until an incident occurs.
03
Decisions made in the dark
Growth, an office move, a change of provider or budget trade-offs to settle: without a map of the estate and a clear order of priorities, every IT decision rests on impressions rather than verified facts.
What we cover
The scope of the service.
01 / WORKSTATIONS & ACCOUNTS
Workstations, accounts and licences
Inventory of the estate and Windows versions, review of accounts and permissions in Entra ID, workstation management policies, Microsoft 365 licences and how they are actually assigned.
Inventory of workstations and systems
Accounts, permissions and dormant accounts (Entra ID)
Microsoft 365 licences and actual usage
Workstation management (Intune)
02 / SERVERS & BACKUPS
Servers, virtualisation and backups
Review of Windows and Linux servers, of Hyper-V, VMware or Proxmox environments and of storage, then verification of backups: coverage, restorability, documentation.
Windows and Linux servers
Hyper-V, VMware and Proxmox virtualisation
Storage and capacity
Backup coverage and restore testing
03 / NETWORK & ACCESS
Network, connectivity and remote access
FTTO or FTTH internet links, network equipment, VLAN segmentation, quality of service, Wi-Fi and remote access: the infrastructure that carries everything else.
FTTO / FTTH links and redundancy
VLAN segmentation and QoS
Wi-Fi coverage and security
Remote access and VPN
04 / SECURITY & PROCESSES
Security, documentation and processes
Service exposure, authentication, joiner and leaver management, existing documentation and third-party dependencies — all checked against reality through interviews with your teams.
Authentication and access management
Employee joiner and leaver processes
Documentation and provider dependencies
Interviews with management and key users
How we proceed
From scoping to follow-up.
The exact scope, deliverables and timelines are formalised in the proposal, before any commitment.
1
Scoping
Definition of the scope, the sites involved, the access required and the prerequisites. Everything is formalised in an engagement letter before the first technical survey.
2
Collection and inventory
Technical surveys carried out remotely and on site, review of existing documentation, inventory of equipment, accounts and services.
3
Interviews
Discussions with management and key users to compare how the system actually operates with how it is documented, and to identify points of friction.
4
Analysis and risk scoring
Each finding is assessed for impact and likelihood, then ranked to separate what is urgent from what belongs to longer-term structural work.
5
Presentation and action plan
Presentation to your management: a map of the information system, a risk register and a prioritised action plan, in clear language and free of jargon.
Frequently asked questions — managed it
The answers describe how the service works. Quantified commitments are formalised in your contract.
Depending on your needs, the analysis covers workstations, accounts and licences, servers and virtualisation, the network, cloud services such as Microsoft 365, backups, security and internal processes. The exact content is settled during scoping and formalised in the engagement letter, together with the list of sites and systems concerned.
The duration depends on the number of sites and users, the depth of analysis requested and the availability of your contacts for interviews. We do not publish a standard duration: the schedule is set during scoping and appears in the engagement letter.
The cost depends on the scope: the number of sites and workstations, the presence of servers and virtualised environments, the depth of the interviews and the level of detail expected in the deliverables. A precise quote is drawn up after an initial scoping discussion, with no commitment on your part.
Deliverables typically include a map of the information system, a ranked risk register and a prioritised action plan, presented to your management at a findings session. The exact list of documents handed over is defined in the engagement letter.
The audit is a standalone engagement, governed by an engagement letter that sets out its scope and deliverables. Any follow-up — implementing the action plan, managed IT — is the subject of a separate proposal, which you are free to accept or decline.
Technical data collection is carried out mostly remotely and in read-only mode, limiting interventions on your systems; the access required is agreed with you beforehand. Interviews and site visits are scheduled with you to limit the impact on your teams' work.
Yes, provided the necessary read-only access can be obtained. The analysis can be run in coordination with the incumbent provider or independently, depending on your situation. It serves both to assess the quality of the current setup objectively and to prepare a transition.
They belong to you. The map, the risk register and the action plan are handed over in usable formats and can be used with the provider of your choice, including as part of a call for tenders.
Yes. Remote-work workstations, VPN access and cloud services such as Microsoft 365 are among the areas that can be analysed. For sites outside Île-de-France, on-site surveys are organised with our regional partners; the geographic scope is specified during scoping.