What is Homologation DGSSI ?
Information system security accreditation is a mandatory process in Morocco for public organizations and critical infrastructure, defined by the DGSSI under the DNSSI and Law 05-20. It consists of a formal security evaluation of an information system before deployment or at regular intervals. The process includes 4 phases: launch phase (scope and strategy definition), instruction phase (risk analysis, audit, testing), decision phase (accreditation decision by the authority), and monitoring phase (security maintenance).
Key Points
- Phase 1 - Launch: IS scope definition, accreditation authority appointment, commission setup
- Phase 2 - Instruction: risk analysis (EBIOS RM recommended), security audit, penetration testing, security file
- Phase 3 - Decision: accreditation pronouncement (full, conditional, or refusal) by the competent authority
- Phase 4 - Monitoring: security maintenance, incident management, periodic review, renewal
- Limited validity period: accreditation must be renewed periodically or upon major IS changes
Why Zaxyr
Zaxyr facilitates the DGSSI accreditation process by structuring the security file, automating risk analysis and evidence collection, and generating the documents required for the accreditation commission. The platform ensures security maintenance tracking and alerts when accreditation approaches its renewal deadline.