A security audit consists of relying on a trustworthy third party (generally a company that specialises in computing security) to validate, based on the security policy, the protective measures that are in place.
The goal of the audit is to verify that each rule of the security policy is properly applied and that all of the measures taken form a coherent whole.
A security audit makes sure that all of the measures taken by the company have a reputation of being safe.
