Compliance Audit

Compliance audit is a process of figuring out whether a given object follows all the rules written out in a compliance policy. Compliance policy is defined by security professionals who specify desired settings (often in the form of a checklist) that are to be used in the computing environment.

The policy is then used by a security auditor (either in person or using a program) that goes through the checklist and asserts if the defined settings are in place on the target computer systems. Note that some of security policy requirements cannot be easily expressed in the form of checklist and thus such requirements are not subject of compliance audit.