This sample audit report records the results of a of security policies and procedures evaluation. The review illustrates security policy issues and leading practices regarding controls and responsibilities and provides a useful format for reporting the results. Sections in this report include details of specific policy and procedure findings, gaps and recommendations regarding policy changes, and security controls and practices a company can incorporate in their review.

Examples include access control policies, personnel information security considerations, security program implementation guidelines and rules for managing the security program.