National Institute of Corrections
You are not signed in! To post comments and participate in discussions you need to sign in or create a free account.
Developing a Security Audit System: You Get What You Inspect
NIC News & Updates


SpotlightPrisonsDivisionThe problem is that you are in your facility every day. Things you see on a daily basis look normal to you. The key to enhancing institutional security is to develop a system of internal security auditing that allows you to see the operations and facility through new eyes. The NIC Prisons Division’s “Conducting Security Audits” training program, one of several security-related resources offered, can do that for you.  The National Institute of Corrections (NIC) can help!


NIC’s Conducting Security Audits: A Solution to Consider

Wayne Hill, NIC Prison’s Division Correctional Program Specialist, says “the security audit training gives agencies the ability to re-invent themselves. It lets them take a new look at things.”

Conducting Security Audits, a 4 1/2 day program, is truly hands-on training.  There is only one day of formal classroom instruction. After that, participants, working in 3 teams assisted by one of the instructors, actually conduct a security audit using the guidelines provided. The training is hosted by a correctional agency that makes one or more of its institutions available for the security audit practicum.

“It’s a win-win situation” says Hill. “Everyone gets training and information: both the host and the participants. The participants gain auditing skills while the host agency gets a very thorough set of findings about its security program. It is truly a learning and sharing environment. As a bonus, the host agency also ends up having staff trained in security auditing.  Like I say, it’s a win-win!”


Why Security Auditing

Most institutions are designed and built to be secure, but strong physical security structures do not necessarily make a safe and secure operation.  Serious security breaches occur because staff take shortcuts, are confused over expectations, or simply don’t follow established procedures. In other words,  it’s not a physical plant/structural failure as much as a “people/performance” failure.  A security audit system is simply a process for communicating to the administration and staff the level to which policy, procedure, standards, practices, and training are being combined and implemented on a daily basis to provide for a safe and secure environment. Of course, along the way, physical plant, security technology, and hardware issues are also identified.


The Security Audit: Watching for Slippage, Cracks, and Vulnerabilities

Basically effective security auditing means looking for weaknesses, deficiencies, and vulnerabilities in the security operation in a formal and consistent manner. This includes assessing compliance with agency standards, policies, and procedures as well as the effectiveness of physical equipment and human behavior.  Security audits don’t just happen, they are planned, organized, and implemented in a conscious effort to obtain relevant information about security.  In essence, a well planned and implemented security audit system can be described as risk management for the administration, staff, inmates, and the community. The security audit needs to be based on a formal set of security standards/guidelines.  Successful implementation requires administrative support, explicit policy and procedure defining, describing and requiring  the audit system, and comprehensive training for the auditing staff.


The NIC Prisons Division Can Help

Conducting Security Audits” is offered several  times a year by NIC. While originally targeted for prisons, it has recently been expanded to include large jail systems as well.  Agencies send teams of three  for this week-long program.  For additional  information, contact Wayne Hill, NIC Correctional Program Specialist and view the NIC website.


Some Resources To Get You Started

As you explore the possibility of participating in NIC’s “Conducting Security Audits”, don’t wait to start enhancing the safety and security of your facility.  Take a look at these resources and initiate or update  an internal security audit program.  Develop a team and assess your current practices. Next design a comprehensive audit instrument, field test it, and train a corps of security auditors for your agency. The first step, of course, will be to obtain full support from the administration, and make sure you implement a formal system for follow up action for any deficiencies identified through the audits.


National Institute of Corrections:




American Correctional Association:




Virginia Department of Corrections:

Corrections Vulnerability Assessment (CVA) Resources:





Posted Wed, Sep 26 2012 9:03 AM by Anonymous


Be the first to comment on this article!
You must sign in or create an account to comment.
Brought to you by:
National Institute of Corrections
U.S. Dept. of Justice | 320 First Street | Washington, DC 20534 | 800.995.6423

This blog is funded by a contract from the National Institute of Corrections, U.S. Department of Justice. Points of view or opinions stated in this document are those of the authors and do not necessarily represent the official position or policies of the U.S. Department of Justice.