This pre-audit survey is a structured questionnaire to guide the QTTR auditors in testing the third floor of XYZ Company being audited.
Scoping and pre-audit survey
During this phase, the QTTR auditors determine the area (the third floor) of focus for the audit that is explicitly out-of-scope, based on an initial risk-based assessment plus discussion with clients and director.
During the pre-audit survey, the QTTR auditors identify and ideally make contact with the manager/s, security architects, and other influential figures such as the CIO and CEO, taking the opportunity to request pertinent documentation etc. that will be reviewed during the audit. The organization normally nominates one or more audit “escorts”, individuals who are responsible for ensuring that the auditors can move freely about the organization and rapidly finds the people, information etc. necessary to conduct our work, and act as management liaison points.
The primary output of this phase is an agreed audit scope, engagement letter. Contact lists and other preliminary documents are also obtained and the audit files are opened to contain documentation (audit working papers, evidence, reports etc.) arising from the audit.
Information Provided in Confidence
The purpose of this questionnaire is gather the necessary information on the audit site prior to undertaking an on-site audit. The questionnaire covers each area of environmental concern, and is supplemented by information checklists for each of these areas. This questionnaire is designed to familiarize the environmental audit team with the site operations prior to the audit visit, while information checklists highlight a list of the documents required prior to the audit.
Please complete the forms as thoroughly and accurately as possible. Where a question does not apply or cannot be answered, please respond with not applicable or unknown. Respondents are encouraged to provide responses which reflect the actual conditions as opposed to the 'ideal' situation. Provision of pertinent information prior to the audit visit will allow the audit team to be adequately prepared resulting in a more effective audit.
Specific Risks: Unauthorized physical access to the facility and building (the third floor and outside area) by intruders.
Q: Does the property topography provide security or reduce the means of attack or access?
Q: How many points of entry are there to the third floor? Are those entrances monitored?
Q: Do all persons entering and exiting the building go through a security check point?
Q: Are employees required to attend any type of training class for fire emergencies and/or bomb threats?
All employees should be required to attend a training session explaining the procedures in the case of a fire or bomb threat and all employees should be required to sign an agreement stating that they have attended the training.
Q: Is part of the facility owned by another party?
Security can be maximized if the entire facility is owned a single company. If the facility is shared, security procedures must be agreed upon by both parties.
Q. Is there a process for issuing keys, codes, and/or cards that requires proper authorization and background checks?
Q. Are keys and codes changed on a regular basis to prevent unauthorized persons from obtaining access.
Q: What types of hinges are used to hang doors?
All doors should be on fixed hinged doors, or at least not removable hinges. Removable hinges are standard household door hinges that can be easily removed. Fixed door hinges cannot be removed once in place.
Q: Are windows conducive to forced entry?
The location and characteristics of windows needs to be inspected. Windows have the highest vulnerability to forced entry.
Windows are more than 18 feet from the ground and are not easily accessible from the building exterior. Windows do not have openings