Cyber Security Audit Program

The Cyber Security Audit Program is part of a series of free tools for auditors to use to assess the cyber security status of their organizations. They were developed by CSE’s internal audit team, with support from the Canadian Centre for Cyber Security (Cyber Centre).

These tools are designed for auditors in both government and private sector organizations. No previous IT security audit knowledge is required for using the tools.

Please note that some tools reference the Government of Canada and federal departments. The tools were initially developed for government but can be used by all Canadian organizations.

Tool 1: Placemat

The placemat is a one-page overview of cyber security audit criteria and key sub-criteria. We recommend you review this placemat before viewing the other tools.

Tool 2: Audit guide

The audit guide compiles definitions of cyber security terms, an overview of a cyber security audit, and different audit types that auditors can conduct.

Tool 3: Preliminary survey tool (PST)

The preliminary survey tool (PST) assesses your organization’s overall cyber security status, which helps determine the focus of your audit.

Tool 4: Audit Program

The audit program is a detailed document outlining the audit criteria and sub-criteria for many types of cyber security audits. Auditors should use the document by following the audit guidance relevant to their organization.

Contact information

To access these tools, please contact the audit team at

Report a problem on this page

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, please contact us.

Date modified: