‍What it is‍ ‍

An independent review of your existing security controls, procedures, and performance to confirm whether they are operating effectively and as intended. Security audits and reviews identify control failures, compliance gaps, and practical improvements to strengthen your security posture.

When to use this service

• You want to confirm whether current controls are effective, not just installed

• You have had incidents and need to test whether controls and procedures are working

• You have undergone organisational change and security responsibilities are unclear

• You need to validate compliance against an internal standard, client requirement, or regulatory obligation

• You have multiple sites and need a consistent review approach

• You want assurance for executives, boards, or governance committees

What you will receive

• Audit or review report with findings, evidence, and practical recommendations

• Assessment of control effectiveness across physical, procedural, and human controls

• Compliance gap analysis against the agreed standard or benchmark (where applicable)

• Prioritised action plan with staged implementation options

• Optional re-audit plan to confirm improvements have been implemented and are effective

Our process

1. Define audit scope and criteria: Confirm what will be audited, the standard or benchmark, and the required level of assurance

2. Document review: Review policies, procedures, incident reports, training records, access control logs (where available), and governance arrangements

3. Site inspection and observation: Inspect physical controls and observe how procedures operate in practice

4. Stakeholder interviews: Engage operational staff and managers to understand how controls are used and where workarounds exist

5. Control testing (where appropriate): Test selected controls for effectiveness, including access control, key management, CCTV coverage, and response procedures

6. Findings and root cause analysis: Identify why controls fail (design, implementation, maintenance, training, supervision)

7. Recommendations and prioritisation: Provide practical improvements aligned to risk and operational constraints

8. Reporting and debrief: Deliver the report and brief stakeholders on findings and next steps

Common audit focus areas

• Access control and credential management

• Mechanical key systems and traceability

• CCTV coverage, retention, and monitoring arrangements

• Perimeter integrity, lighting, and entry point security

• Security procedures, incident reporting, and escalation pathways

• Staff security awareness and behavioural vulnerabilities

• Contractor and visitor management ‍

Frequently asked questions

1. What is the difference between an audit and a risk assessment? A risk assessment identifies what could go wrong and recommends controls. An audit tests whether existing controls are working as intended and whether procedures are being followed.

2. Can you audit against PSPF or another framework? Yes. We can audit against PSPF requirements, internal standards, client requirements, or agreed benchmarks.

3. Do audits require disruption to operations? We plan audits to minimise disruption. Most work involves observation, interviews, and targeted control testing. Where testing could affect operations, we agree the approach in advance.

4. How often should we audit security controls? Many organisations benefit from an annual review of key controls, with targeted audits after incidents, major changes, or system upgrades.

5. Can you re-audit after improvements are implemented? Yes. A re-audit confirms whether improvements have been implemented correctly and are delivering the intended outcomes.

Related services

• Security Risk Assessment

• Security Management Plans

• Physical Penetration Testing

• PSPF Implementation & Compliance

‍ ‍‍Need assurance that your controls are effective? Contact us for a confidential consultation

‍ ‍