Expertise engineering
We are pure players in cybersecurity. Our team of experts therefore delivers a top-quality engineering service, in line with the business constraints of our corporate customers.
Since our inception, we decided to devote our cyber expertise to a few areas of business including critical and embedded systems.
We are therefore very much aware of all of your business constraints and apply them to every step of the support process, whatever your needs.
We have created Skills Centres in order to ensure responsiveness and relevance when choosing our engineers, for the missions you entrust to us.

Our skill centers : vacancies per sector
Benefiting from our Skills Centre means having the best profiles in our various divisions, according to the context of your business. We have a multi-skilled team (hacker, functional, risk analysis, architecture, developers, CDP, etc.) dedicated to your project. The benefits: we mobilise the right skills at the right time for you; our top professionals are made available to you, your project is well-structured and we work very closely with your team.
AERONAUTICS AND AIR TRAFFIC CONTROL
Security by Design and assessment of critical air navigation infrastructures and systems & securing aircraft components within the framework of its certification.
DEFENCE AND SPACE
Our Centre of Expertise and Excellence makes multidisciplinary engineers available to players in the space sector, capable of meeting the specific needs of the sector in terms of the accreditation of systems, ground segments and cybersecurity (GNSS and EGN).
FORENSIC
Our Computer Forensic Laboratory houses all the tools and skills necessary to manage security incidents and to file complaints.
HEALTH AND PUBLIC SECTOR
We support health care facilities in their GDPR compliance and achieving ISO 27001 HDS certification, in line with the priority of data protection and patient care protection.
AUTOMOTIVE
Risk analysis, securing and assessment of embedded automotive, public transport and cloud components on the specific vehicle.
IOT INDUSTRIAL
Today's R&D department produces tomorrow's tools to improve the security of IoT systems at the level of equipment, connections and cloud backend.
Use cases
Management of the risks and conformity of the information systems is essential when working in numerous industries. It must be systematically implemented and organised to ensure full control of the operations. SCASSI engineers advise you through every step of the process, from diagnostics right through to implementing, inspecting and improving your equipment, in order to ensure they conform with the regulations and your risk management policies.
SCASSI supports you in implementing a security management system through an approach based on the risk analysis.
Our cybersecurity technical skills
- EBIOS risk analysis on a complete system
- Risk analysis, definition and processing of security requirements on dual systems (civil/military)
- Risk analysis on business referentials (e.g. TARA)
- Compliance with the French Committee for Banking Organisation and Standardisation (CFONB) for online banking systems
- ISO 27001 HDS certification support
- Organisational and physical audits
- Support with designing secure software architecture
- Performance of “custom” risk analyses or packaged offers
- Securing the processing of personal data (CNIL, GDPR)
- Analysis and support for regulatory and normative compliance: ISO 27001, MPL, ii901, GDPR, RGS, HDS, PCI-DSS
- Security process: approval of IS, security in projects, access management, etc.
- CISO coaching and security policies
- Security guidance and management (indicators, dashboards, master plans, etc.)
- BCP and BRP: emergency strategies, steering, crisis management
- Provision of requirements and security specifications – Business project management support/IT project management support
- Support towards MPL conformity

The information system is at the heart of the production tool. It is vital to guarantee an optimum protection level to the company and its resources. SCASSI engineers support you in ensuring that the security infrastructures are designed and operated optimally. The objective: to guarantee applications and users a secure and robust communication platform and support the business effectively.
Our cybersecurity technical skills
- Infrastructure audit
- Security by Design of business information systems
- Creation and management of a business-focussed SOC (WINSOC offer)
- Optimisation of cybersecurity infrastructures (OPTIMIZE offer)
- Securing of ICS and SCADA architectures and infrastructures (automatons, ModBUS, etc.)
- II901 conformity
- Management of vulnerabilities
- Access control (authentication, rights management, etc.)
- L2/L3 architecture (high availability, optimisation, etc.)
- Defence in depth, perimeter security (WAF, Proxy, etc.)
- Incident monitoring & management (SIEM, logs, alerts, etc.)
- Laws and regulations

SCASSI engineers assess the resistance of the system and support you in defining and implementing the security requirements for all industrial projects, until the necessary approvals are obtained
Our scopes of action are business information systems, critical and embedded systems and information systems.
Our cybersecurity technical skills
- Intrusion tests (PENTEST):
- Black box, grey box and white box mode
- From internal infrastructures or from the outside,
- Public information research
- Code audit (C/C++, PHP, Python, Java, Node.js, etc.)
- Configuration audit
- Joint audit (website + mobile application , IOT + management infrastructure)
- Web domains, applications, systems, critical embedded, IOT, mobile
- Management of cybersecurity in software development projects
- Application security and development practices audit
- Development environment audit
- Forensic analysis (dead or live), evidence gathering, analysis of the sources of an intrusion
- Software Vulnerability Analysis (SVA) methodology
- Designing secure architectures OR cybersecurity embedded/COTS architecture
- Vulnerability management: COTS mapping (e.g.: AUTOSAR component, Linux Yocto project, etc.), vulnerability flow control
- Intrusion tests on IS and Product LifeCycle Management applications
- Cybersecurity support in certification processes (DO-178C, ECSS, ARINC, etc.)
- Support to secure technologies under Export Control
- Assessment of vulnerabilities in relation to PCI-DSS
- State of play and action plan
- Project management of the roadmap
- Dry run audit – preparation for the certification audit

STANDARDS USED
- Common standards ISO 15408 - CVE/CWE - CAPEC - OWASP - OSSTMM - ISAAF
- ARINC standards for aeronautics
TECHNICAL ENVIRONMENTS
- Linux - Windows - C/C++ - PHP - JAVA Tomcat - Apache

Cybersecurity support during projects
We are involved in every phase of your projects

en construction ...
ON-DEMAND SERVICES
IMPLEMENTATION OF FIXED-PRICE PROJECTS
For over 13 years, in order to meet our customers’ requirements, SCASSI has worked on industrialising its processes using different methods: PASSI, Agile… and using different tools on the market (EGERIE) and its own tools (Auditool, GDPR Platform, PASSED), as part of a continuous improvement initiative.
As a trusted third-party, our customers benefit from a standardised framework ensuring better management in order to meet their needs. This industrialised model therefore allows us to capitalise on the services delivered, to standardise them and to benefit from feedback in order to further improve the service provided.
At SCASSI, over 70% of our activities are delivered on a fixed-price basis. We pool certain driving forces on several projects and have real experience of improving the skills of our employees across the various projects.
CENTRE OF EXPERTISE AND EXCELLENCE - SKILL CENTER
At Scassi, our mission boasts a comprehensive approach, including both the technical skills and excellent knowledge of our customers’ professions. To do this, we are structured in the form of a Centre of Expertise and Excellence which enables all the technical/functional skills to be grouped together for each customer's business sector: Defence & Space, Aeronautics, Health & Public Sector, Automotive, Industry.
This structure is a major differentiating factor! Knowledge of each industry's challenges and constraints experienced by our customers allows us to be more relevant and effective in achieving our missions.
TECHNICAL ASSISTANCE
We make the skills of our employees available to our customers in the form of technical assistance: functional, technical, support.