Reference Framework for the Qualification of Information System Security Audit Service Providers

In accordance with the provisions of Decree No. 2-21-406 for the application of Law No. 05-20 on cybersecurity, entities and critical infrastructures with sensitive information systems must conduct periodic audits of their systems by audit providers qualified by the General Directorate of Information System Security (DGSSI).

The objective of this document is to compile the requirements that audit providers must meet to be qualified by this directorate.

This qualification system serves as a guarantee of trust to assign audit missions to qualified providers. It relies on verifying several criteria, including:

  •  The references of the providers in the field;
  •  The qualification of their human resources;
  •  The effectiveness and suitability of the methods and tools used;
  •  The organization of the work and adherence to ethical and security rules.

To report any criminal digital content, including threats to the security of individuals and groups, praise or incitement of terrorism, and violations of the rights and freedoms of children, please use the following platform : www.e-blagh.ma

DGSSI2024 All rights reserved