Editor’s Note: This post was originally posted on April 21, 2016 and has been updated for accuracy and comprehensiveness.

According to TechTarget, “a security audit is a systematic evaluation of the security of a company’s system by measuring how well it conforms to a set of established criteria.”

Security audits can ensure your business’ safety by evaluating the health of various security assets and functions, such as configuration and software—but only when done right.

To start a security audit, you need a set of standards for your company’s IT and physical security. Everything you review will be measured against that criteria to determine whether it’s meeting the necessary standards to protect against all types of threats. These standards should be agreed upon by your leadership team in advance of your audit. A high-quality security vendor could help you determine those standards, if needed.

Then you’re ready to start preparing for the audit. Follow the tips and best practices here to get ready.

1. Assess Your Equipment

First, decide what will be audited to determine project scope. Evaluate (if applicable to your business) the following equipment:

2. Determine Your Business’ Threats

Once you have prioritized your equipment, sit down and figure out your business’ risks, such as weak networks, unprotected devices or malicious activity. When determining your list of potential threats, ask yourself the following questions:

Diving into these questions will help you, your security vendor and your IT team decide how in-depth your audit should be.

3. Connect with Your IT Team

Now that you have identified your sensitive assets and risk for threat, it’s time to work with your IT team to get your audit rolling. Prior to beginning your security audit, set up a meeting with your IT crew to establish the following criteria:

  • Discuss team roles and responsibilities, such as who will be auditing specific equipment and who the main point of contact is for updates.
  • Ensure necessary training is in place, such as qualifications to assess certain software or systems. If your internal IT team does not have the necessary qualifications, consider outsourcing to a third-party vendor.
  • Determine a timeframe in which the audit will be conducted.
  • Schedule meetings on a regular basis to touch base with your IT team to discuss audit progress and status.

Once the audit is complete, you may discover a need for improving your company’s security. If you have questions about how to update or upgrade your system, just reach out to the Vector Security team of experts.