What is a security audit?
With today’s ever-evolving threats it would be irresponsible for an organisation not to perform checks on their security controls. Security controls do not necessarily have to be IT orientated, like firewall settings, they can be physical as well, like access controlled doors. Also with the ever-growing list of security standards that organisations have to comply to, auditing is essential.
A security audit is an evaluation of an organisation’s controls they have in place to protect their assets. A thorough security audit will take in all aspects of security, the physical and logical. Security Audits can also determine compliance to legislation, such as the Data Protection Act, or to a standard, such as ISO/IEC 27001:2013.
However, security audits do not necessarily need to be for legislative or compliance reasons. They can be a useful tool in assessing how certain business procedures or areas are operating. A security audit can also be a tool to remind staff of how they should be operating in a secure manner.
Security audits can either be performed by your own organisation or an external auditor can be brought in. There are downfalls in doing a security audit by yourself. If performed by your own organisation there can be a level of bias. Sometimes an internal auditor can often be unwilling to raise non-conformities against colleagues. With an external independent auditor, your organisation will benefit from an unbiased view and experience of a person who knows what exactly to look for.
For more information on security audits please contact ERS or go to our website.