No opaque in-house methodology. We align with the international standards your auditors, insurers and customers already know.
OWASP Top 10 & ASVS
Industry standard for application security.
The Open Web Application Security Project publishes two references we apply on every audit. The Top 10 lists the most critical web app risks. The ASVS (Application Security Verification Standard) defines 286 controls across 3 verification levels.
OWASP tooling: ZAP (DAST), Dependency-Check (SCA), Cheat Sheets for developers
At OmniX we target ASVS Level 2 by default — Level 3 for health, finance or sensitive e-commerce apps.
ISO/IEC 27001
Information security management system.
International standard certifying that an organisation runs a robust Information Security Management System (ISMS), continuously improved. Covers governance, processes, technical controls, legal alignment.
114 controls across 14 domains (policy, HR, access, crypto, operations…)
PDCA cycle (Plan-Do-Check-Act) with mandatory annual internal audit
Certification by accredited body, valid 3 years with surveillance audits
Compatible with ISO 27017 (cloud), 27018 (PII), 27701 (privacy)
We help prepare certification: gap analysis, ISMS documentation, remediation plan, mock audit.
US National Institute of Standards and Technology Cybersecurity Framework. Version 2.0 (2024) adds the Govern function to the original 5. Global reference to structure a cybersecurity program, regardless of org size.
23 categories, 108 sub-categories — comprehensive and pragmatic reference
Implementation Tiers 1-4 to measure maturity
Maps to ISO 27001, NIST 800-53, CIS Controls, GDPR
It's the grid we use across our audits — clear for CISOs and non-technical execs alike.
ANSSI · guides & PASSI
French agency hygiene guides, cloud recommendations.
France's National Cybersecurity Agency publishes reference guides and qualifies providers (PASSI for audit, PRIS for incident response). Essential in France, recognised across the EU.
Hygiene guide: 42 concrete rules for SMBs and mid-market
SecNumCloud (sovereignty), GDPR, AI recommendations
CERT-FR alerts: vulnerability feeds and indicators of compromise
We use ANSSI guides to frame our French-side audits and NIS2 compliance work.
GDPR · NIS2
EU compliance — personal data & NIS2 directive.
Two mandatory EU texts. GDPR (since 2018) protects personal data. NIS2 directive (transposed in 2024) strengthens cybersecurity of essential and important entities — critical sectors included, fines up to 2 % of global revenue.
GDPR fines up to €20M or 4 % global revenue; NIS2 up to €10M or 2 %
Covers all sectors: health, energy, transport, banking, digital services, food
We map your processing activities, produce legal docs, and harden the technical controls both texts require.
PCI DSS 4.0
Standard for handling payment card data.
Payment Card Industry Data Security Standard. Mandatory for any entity storing, processing or transmitting card data (Visa, Mastercard, Amex…). Version 4.0 (2024) enforces stricter controls and continuous assessment.
