Home · IT & Cybersecurity Audit
First audit complimentary

Know where you stand — before deciding anything.

QSS conducts an independent, structured assessment of your technology and cybersecurity posture. Three days of analysis, a board-ready report, a prioritized remediation plan. No commitment on the path forward.

3 days
Assessment duration
2 business days
Report delivery
~20 pages
Executive report
Free
First audit
— What the audit covers

Six dimensions. One complete view.

The assessment covers your entire technology environment. The report is built to be read by your leadership or transmitted to your headquarters.

CY

Cybersecurity posture

External exposure, access management, email and endpoint protection, vulnerabilities, alignment with recognized standards.
CL

Cloud & Microsoft 365

Tenant configuration, access governance, backup, license compliance, mobility-related exposure.
IN

Infrastructure & network

Architecture, performance, segmentation, capacity, equipment lifecycle, critical dependencies and SPOF.
CO

Regulatory compliance

Moroccan Law 09-08, sector requirements, alignment with the National Cybersecurity Strategy 2030, HQ expectations.
RE

Continuity & recovery

Backup plans, restoration capability, ransomware exposure, measured RTO/RPO targets.
GV

IT governance

Documentation, processes, incident management, internal capability, vendor dependencies.
— The process

Four steps. Five business days total.

Structured to minimize team mobilization on your side while producing a deliverable immediately usable by your leadership.

1
Day 0

Initial scoping

30-minute call with your IT or executive lead. No preparation required.
2
Days 1–3

Assessment

Remote technical analyses and targeted interviews. No intrusion.
3
Days 4–5

Drafting

Synthesis, prioritization, recommendations. Independently readable sections.
4
Day 6

Restitution

One-hour presentation to leadership. Open Q&A. No pressure.
— Frequently asked

What you should know before requesting.

Why is the audit complimentary?
It is our best way to show you how we work. If our analyses suit you, you will engage us. If not, you will leave with a useful report and no obligation. This applies to your first audit. Subsequent or targeted assessments start at 15,000 MAD HT.
What preparation is required from our teams?
Very little. A 30-minute scoping call, read access to certain technical elements, and 2 to 3 one-hour interviews with your IT leads. Everything is scoped in advance to avoid disrupting your operations.
Is the audit intrusive?
No. Combination of non-intrusive external analyses and interviews. No penetration testing or intervention on your systems without explicit validation and a separate formal scoping.
What happens after the audit?
Three scenarios. You implement internally — that is your right, the report is yours. You engage us on priority actions. Or you opt for a QSS managed plan. None is imposed.
Our HQ requires regular audits. Can you produce a compliant report?
Yes. Delivered in French or English, structured to meet international group governance requirements. Several of our clients use it as their annual deliverable to HQ.
Response time?
A senior team member contacts you within one business day. If urgent — ongoing incident, HQ deadline — flag it and we respond within hours.

The best moment to assess your IT posture — is now.

Before an incident, before an HQ request, before a regulatory change. Three days, one report, no obligation.

Back to the form →