Unlike a 'Penetration Test', a 'Vulnerability Audit' involves a straightforward examination of key components of a computer system or network. The range of elements that need to be examined is easily understood, and in most cases the examination tests can be automated using one or more general-purpose auditing tools available to the testing team.

Typical audits would include an organisation's mail gateway, web presence, firewalls or key internal server systems. An audit can provide a valuable baseline of security against which the organisation can be repeatedly and easily assessed on a quarterly or monthly basis as required.

IRM consultants can advise clients on whether a full-scale, intrusive penetration test or a low-impact audit of potential system vulnerabilities is likely to provide appropriate and meaningful results. For most clients, an initial penetration test followed by periodic audits has proved to be the most useful approach.