WIS International

Security Auditing Services

A security audit is essentially a systematic evaluation of how effectively an organization’s security policy is being implemented, measured against established criteria. Of course, this assumes that the organization has a security policy in place which, unfortunately, is not always the case. Even today, it is possible to find a number of organizations where a written security policy does not exist. Security policies are a means of standardizing security practices by having them codified in writing. Staff should be aware of the security practices in place so they are understood and practiced by all. In some cases these are signed of by staff as having been read and understood.

Most popular related searches

When security practices are unwritten or informal,...

When security practices are unwritten or informal, they may not be generally understood and practiced by all employees in the organization. Furthermore, until all employees have read and signed off on the security policy, compliance of the policy cannot be enforced. Written security policies are not about questioning the integrity and competency of employees; rather, they ensure that everyone at every level understands how to protect company assets and agrees to fulfill their obligations in order to do so.

Advance Planning

Because of the breadth of data to be examined, auditors will want to work with the client to determine the scope of the audit. Factors to consider include: the site business plan, the type of data being protected and the value/importance of that data to the client organization and its customers, previous security incidents, the time available to complete the audit and the competences of the auditors. Good auditors will want to have the scope of the audit clearly defined, understood and agreed to by the client from the outset.

Next, the auditors will develop an audit plan. This plan will cover how the audit will be executed, involving which personnel, and using what tools. They will then discuss the plan with the requesting agency. Next they discuss the objective of the audit with site personnel along with some of the logistical details, such as the time of the audit, which site staff may be involved and how the audit will affect daily operations. Next, the auditors should ensure audit objectives are understood.

Conducting the Audit

In undertaking the audit, the auditor normally studies relevant documentation, conducts interviews with relevant staff and conducts a physical inspection of the property. Observations and responses are then compared to the security standard operating procedures (SOPS) and operating standards (OS) that have been laid down in the organizations security policy. Where there are deficiencies these are then recorded and recommendations made.

Security auditors should review previous security incidents at the client organization to gain an idea of historical weak points in the organization’s security profile, and what action was taken to address those points. It should also examine current conditions to ensure that repeat incidents cannot occur.

The audit report should be objective, concise and cover all the relevant OS and SOPs in place. It should also include an overview of the company, executive summary of the major findings, observations and recommendations. The audit report is then presented to the client for consideration. It is usual following this that the client may wish the auditor to expand upon any points with a view to implementing the recommendations made.

Customer reviews

No reviews were found for Security Auditing Services. Be the first to review!

Contact supplier

Loading... Drop file here or browse Great, file uploaded. Change File Drop file here or browse

Yes, please send to similar suppliers.

Security Auditing Services

Most popular related searches

When security practices are unwritten or informal,...

Customer reviews