Security audits are intended to test the security measures taken (organisational, architectural and electronic) on all desired components (environment, building, transport and transportation, people, relations and ICT) for (combined) effectiveness, The objective is the manageability of calamities so that business continuity is not jeopardised.
We believe that a security audit should be more than a one-off examination of the security measures taken.
It should have a repetitive character so that the security audit and any resulting advice are always tailored to the most current situation.
Not only testing the security measures taken (organisational control) but also testing their actual implementation contribute to this.
An advice resulting from a security audit could be the use of so-called mystery site visits and intruder tests. More information can be found under the tab Red Teaming.
Obviously, training employees in security awareness is of great value in preventing calamities. More information on this training can be found under the tab Training.