Interested in learning more about SIM3 and OCF? Become an auditor! As a Certified SIM3 Auditor you will have the chance to improve your skills and learn from an experienced security team.

A certified SIM3 Auditor has the following rights:

  • Show accreditation as Certified SIM3 Auditor and have direct QA contact with the OCF
  • Perform SIM3 assessments and issue reports and assessment validations using OCF & SIM3 logo
  • Perform SIM3 audits and issue reports and audit certificates using OCF & SIM3 logo
  • Attend OCF/SIM3 development/sharing workshops at marginal cost only & receive updated materials
  • Mentioned with name and photo on OCF website as seen below – unless you wish to stay unnamed)

And the following duties:

  • Perform SIM3 assessments and audits adhering to OCF/SIM3 code of ethics – ethics will be common sense
  • Attend at least one OCF/SIM3 development/sharing workshop every 3 years
  • Show to have done at least 1 assessment or audit per year, by sending in a short report with findings and recommendations for SIM3 development – nothing confidential!
  • Report audits to OCF – only name and date, no content
  • Annual fee for maintenance of status: based on not-for-profit – first year after training is free

The current auditors of OCF are from the following countries: Czech Republic, France, Germany, Greece, Japan, Latvia, Lithuania, Luxembourg, the Netherlands, Nigeria & Poland – and are shown below, categorised per country:

OCF & other global organisations




Latin America

North America

Open CSIRT Foundation



European Union

Czech Republic


All other countries :

auditors being re-added due to website migration and improvement