Title Page

  • Audit Title

  • Client/Company Name

  • Location
  • Conducted on

  • Conducted by

Security Audit

  • Progress through the following sections, answering each question. When an item is non-compliant or marked as fail, be sure to add notes and/or media as evidence.

Access Controls

  • Are user accounts created with strong passwords?

  • Is multi-factor authentication (MFA) implemented for privileged accounts?

  • Are access rights regularly reviewed and revoked for terminated employees?

  • Does the facility use an automated access control system?

  • Are card readers utilized at all access points?

  • Are card readers securely fastened and in good working order?

Network Security

  • Is a firewall in place to control incoming and outgoing network traffic?

  • Are intrusion detection and prevention systems (IDPS) deployed?

  • Are network devices regularly patched and updated?

Data Protection

  • Is sensitive data encrypted both at rest and in transit?

  • Are regular data backups performed and tested for recoverability?

  • Are data access and usage monitored and logged?

Physical Security

  • Are all the doors and windows secure and able to be locked?

  • Are physical access controls implemented, such as access badges or biometric systems?

  • Are server rooms and data centers secured with appropriate physical safeguards?

  • Is there a visitor log and escort policy for visitors entering restricted areas?

  • Are perimeter doors alarmed?

  • Are perimeter doors supported by cameras?

  • Are computers marked with serial numbers or company information?

  • Is an intrusion alarm system used in the facility?

  • Are fire prevention and suppression systems in place?

  • Are power backups available?

Incident Response

  • Is an incident response plan in place and regularly tested?

  • Are security incidents and breaches promptly reported and investigated?

  • Is there a process for notifying affected parties in the event of a data breach?

Employee Awareness and Training

  • Are employees provided with security awareness training?

  • Do they understand the importance of vigilance and challenging suspicious activity?

  • Do employees sign an acceptable use policy regarding information security?

  • Are employees regularly reminded of security best practices and policies?

  • Are employees aware of and compliant on how to report suspicious activities or incidents?

Compliance

  • Is the organization compliant with relevant security regulations and standards?

  • Are security audits conducted by third-party assessors periodically?

  • Is there a process for addressing security audit findings and implementing corrective actions?

  • Are all security policies and procedures documented?

  • Are vendor and third-party risk management plans in place?

Information Security

  • Is there an effective information security strategy?

  • Is there an effective IT strategy?

General Facility Impressions and Security Posture

  • What is the estimated volume of daily visitors?

  • Have there been security problems in the past? Describe in detail.

  • What are the biggest threats to security?

  • What assets at the facility need to be protected?

Completion

  • Summary of Findings

  • Remediation and Action Plans

  • Date of Next Audit

  • Auditor's Name and Signature

The templates available in our Public Library have been created by our customers and employees to help get you started using SafetyCulture's solutions. The templates are intended to be used as hypothetical examples only and should not be used as a substitute for professional advice. You should seek your own professional advice to determine if the use of a template is permissible in your workplace or jurisdiction. You should independently determine whether the template is suitable for your circumstances.