It wasn't that long ago that complying with an audited standard meant copious amounts of paperwork, signed off to verify that people were doing the right things and procedures were being followed. These documents were often still being administered to while the auditors were in the building. These days the process is more transparent and less officious.

According to Michael Brophy, modern auditing concentrates on practices and processes and how people understand what they have to do and if they can demonstrate it. "It's far more hands-on and the audit process is quite in-depth. We talk to a lot of people and look at what they do. There are a lot of ways to verify how something is done other than just seeing it on paper," he says.

"So it's not as bureaucratic and paperwork-centric - it's much more based on practical implementation of security controls."