Title Page

  • Audit Title

  • Client/Company Name

  • Location
  • Conducted on

  • Conducted by

Security Audit

  • Progress through the following sections, answering each question. When an item is non-compliant or marked as fail, be sure to add notes and/or media as evidence.

Access Controls

  • Are user accounts created with strong passwords?

  • Is multi-factor authentication (MFA) implemented for privileged accounts?

  • Are access rights regularly reviewed and revoked for terminated employees?

  • Does the facility use an automated access control system?

  • Are card readers utilized at all access points?

  • Are card readers securely fastened and in good working order?

Network Security

  • Is a firewall in place to control incoming and outgoing network traffic?

  • Are intrusion detection and prevention systems (IDPS) deployed?

  • Are network devices regularly patched and updated?

Data Protection

  • Is sensitive data encrypted both at rest and in transit?

  • Are regular data backups performed and tested for recoverability?

  • Are data access and usage monitored and logged?

Physical Security

  • Are all the doors and windows secure and able to be locked?

  • Are physical access controls implemented, such as access badges or biometric systems?

  • Are server rooms and data centers secured with appropriate physical safeguards?

  • Is after-hours access to server rooms monitored/controlled?

  • Are the external walls fit for purpose and are they secure?

  • Is there a visitor log and escort policy for visitors entering restricted areas?

  • Are perimeter doors alarmed?

  • Are alarms active during the day or are areas shut off?

  • Is there a regular lock-up routine?

  • Are perimeter doors supported by cameras?

  • Are computers marked with serial numbers or company information?

  • Is an intrusion alarm system used in the facility?

  • Is the intrusion alarm system in good working order?

  • Does the alarm system have a power backup?

  • Are fire prevention and suppression systems in place?

  • Are power backups available?

  • Is environmental monitoring implemented?

Incident Response

  • Is an incident response plan in place and regularly tested?

  • Are security incidents and breaches promptly reported and investigated?

  • Is there a process for notifying affected parties in the event of a data breach?

Employee Awareness and Training

  • Are employees provided with security awareness training?

  • Do they understand the importance of vigilance and challenging suspicious activity?

  • Do employees sign an acceptable use policy regarding information security?

  • Are employees regularly reminded of security best practices and policies?

  • Are employees aware of and compliant on how to report suspicious activities or incidents?


  • Is the organization compliant with relevant security regulations and standards?

  • Are security audits conducted by third-party assessors periodically?

  • Is there a process for addressing security audit findings and implementing corrective actions?

  • Are all security policies and procedures documented?

  • Are vendor and third-party risk management plans in place?

Electronic Security

  • Is there ample/well-maintained lighting?

  • Are cameras installed?

  • How many cameras are functional?

  • How many cameras are inoperable?

  • Are cameras managed by security, IT, facilities, or others?

  • Are monitors clear?

  • Have cameras/CCTVs installed for maximum security. Assign this as an action if needed.

  • Attach photos and other relevant files as evidence.

Information Security

  • Is there an effective information security strategy?

  • Is there an effective IT strategy?

Visitors Vehicle Access

  • Is there an access control system in place for visitor vehicles?

  • Do visitors have to show ID?

  • Are visitors announced?

  • Are visitors required to park in certain areas?

  • Are there passes issued? If yes, describe the types of passes issued.

General Facility Impressions and Security Posture

  • What is the estimated volume of daily visitors?

  • Have there been security problems in the past? Describe in detail.

  • What are the biggest threats to security?

  • What assets at the facility need to be protected?


  • Summary of Findings

  • Remediation and Action Plans

  • Date of Next Audit

  • Auditor's Name and Signature

The templates available in our Public Library have been created by our customers and employees to help get you started using SafetyCulture's solutions. The templates are intended to be used as hypothetical examples only and should not be used as a substitute for professional advice. You should seek your own professional advice to determine if the use of a template is permissible in your workplace or jurisdiction. You should independently determine whether the template is suitable for your circumstances.