ISACA Introduces New Audit Program for Physical and Environmental Security

Schaumburg, Ill. (June 27, 2022) — Organizations’ physical and environmental security has often been overlooked as focus has largely shifted from on premise data centers to the cloud environment. However, audit and security practitioners know that effective physical and environmental controls remain crucial in preventing the circumvention of administrative and technical controls, theft or damage to critical IT equipment, loss of sensitive business information, service disruption and more. With this in mind, global digital trust association ISACA has introduced the new Physical and Environmental Security Audit Program to provide audit practitioners with the tools to help enterprises assess their defenses in these areas.

This new audit program provides auditors with a unified and holistic approach to conducting a detailed assessment of controls within the physical and environmental security domain. It is designed to provide assurance to management regarding the effectiveness of controls in the following areas:

  • Governance and other oversight activities
  • Site location considerations and other external risk factors
  • Building construction and layout
  • Planning, design and configuration of environmental safeguards
  • Offsite location of physical assets
  • Emergency and contingency procedures

The Physical and Environmental Security Audit Program not only considers the protection of enterprise physical assets and the environmental hazards that those assets may be exposed to, but also the governance and other oversight activities that are integral to the successful management of associated risks. It concentrates on those aspects of security that relate to the protection of information, IT equipment, infrastructure and buildings that house those assets. The audit program was designed to be relevant for organizations in any industry, environment or country.

“While the COVID-19 pandemic brought much-needed attention to cybersecurity in many respects, audit and security professionals would be remiss to minimize the importance of the critical physical and environmental security elements of IT operations.,” says Robin Lyons, ISACA IT Audit Professional Practices Principal. “ISACA is committed to providing the IT audit community with the programs, tools and resources it needs to keep skills current and relative in the face of continuous change.”

The Physical and Environmental Security Audit Program is free for ISACA members and US$49 for nonmembers and can be accessed at

For additional information on ISACA’s audit programs, tools, and resources, please visit


ISACA® ( is a global community advancing individuals and  organizations in their pursuit of digital trust. For more than 50 years, ISACA  has equipped individuals and enterprises with the knowledge, credentials,  education, training and community to progress their careers, transform their  organizations, and build a more trusted and ethical digital world. ISACA is a  global professional association and learning organization that leverages the  expertise of its more than 165,000 members who work in digital trust fields  such as information security, governance, assurance, risk, privacy and quality.  It has a presence in 188 countries, including 225 chapters worldwide. Through  its foundation One In Tech, ISACA supports IT education and career pathways for  underresourced and underrepresented populations.