As the inherent security of any IT product is fundamental to its global success, many schemes and manufacturers consider carrying out security audits of the IT product itself and of the development and production sites. In both cases, the audit is used to gain the assurance that the assets handled by an IT product are placed and stored in a secure manner. We perform both types of security audits: code audits to analyse the source code of a product with the intent of discovering potential vulnerabilities, as well as site audits to determine the adequacy of physical and logical site security measures.