Information Systems Accreditation
A structured process to certify the security of your sensitive information systems, from classification to authorization.
The generic accreditation process
A 4-phase workflow to structure the accreditation of each information system.
Scoping & Planning
IS identification, perimeter definition, accreditation file setup and milestone planning.
Risk Analysis
Risk assessment on the IS, threat and vulnerability identification, sensitivity classification.
Évaluation & Authorization
File review, requirements compliance check, accreditation decision by the competent authority.
Continuous Monitoring
Ongoing compliance monitoring, periodic review, accreditation renewal or revocation.
Example: DGSSI Accreditation (Morocco)
Article 19 of Law 05-20, Decrée 2-21-406 : The Moroccan regulatory framework for sensitive IS accreditation.
- Article 19 of Law 05-20 on cybersecurity
- Application Decrée 2-21-406
- IS Classification: Class A (sensitive)
- Final accreditation: validity from 6 months to 3 years
- Provisional accreditation: 6 months, renewable once
- Tracking by information system
- Auto-generated document templates (Word)
- Per-IS progress tracking
Key Features
Everything you need to manage your accreditation files end-to-end.
Auto-generated templates
Pre-filled accreditation documents in Word format, adapted to each framework.
Multi-IS tracking
Centralized dashboard to track the accreditation status of each information system.
Automatic classification
IS classification by sensitivity, with automatic class suggestion.
Approval workflow
Configurable validation circuit with notifications and automatic escalation.
Real-time dashboard
Overview of all ongoing, upcoming, and expired accreditations.
Complete file export
One-click generation of the full accreditation file for authority submission.
Supported accreditation frameworks
Currently supported frameworks and those under integration.