Access Control System Audit Checklist [FREE PDF]

Access control system audits are essential to maintaining the integrity of physical security programs and ensuring that electronic and mechanical systems function as intended per NFPA 731 and ASIS Physical Security Standard PSC.1-2012. Regular audits identify credential misuse, system misconfigurations, outdated access rights, and hardware failures before they result in unauthorized entry or regulatory non-compliance. Organizations subject to DHS CFATS and other critical infrastructure security

• Industry: Corporate Security
• Frequency: Quarterly
• Estimated Time: 45-75 minutes
• Role: Access Control Manager
• Total Items: 36
• Compliance: ASIS Physical Security Standard PSC.1-2012, NFPA 731 Standard for the Installation of Electronic Premises Security Systems, DHS CFATS 6 CFR Part 27 Section 27.230, UL 2050 Standard for National Industrial Security Systems, NFPA 730 Guide for Premises Security Chapter 6

Access Control Hardware Inspection

Physically inspect all access control hardware including readers, panels, locks, and request-to-exit devices.

• Are all card readers, biometric scanners, and keypads physically intact with no signs of tampering or damage?
• Are door controllers and access control panels secured in locked enclosures with tamper alarms active?
• Are all electric door strikes, magnetic locks, and electrified hardware functioning correctly upon credential presentation?
• Are request-to-exit (REX) devices and door position sensors (DPS) functioning without false triggers?
• Photo documentation of any hardware deficiencies identified?

Software & System Configuration Review

Review access control software settings, database integrity, and system configuration for compliance and security.

• Is the access control software running the most current approved firmware and software version?
• Are system administrator accounts protected with strong passwords and multi-factor authentication where supported?
• Are access control system audit logs enabled, retained for the required period, and protected from modification?
• Is the system database backed up regularly with backup integrity verified?
• Are time zones, holiday schedules, and access level configurations current and accurately reflecting operational requirements?

Credential & Access Rights Review

Audit all active credentials, access levels, and cardholder records to identify privilege creep, orphaned accounts, or policy violations.

• Have all terminated employee credentials been deactivated within the policy-required timeframe?
• Are contractor, vendor, and visitor credentials time-limited and set to expire at project or visit completion?
• Have active credentials been reviewed against current HR records to identify orphaned or unauthorized accounts?
• Is the principle of least privilege applied so that personnel only have access to areas required for their job function?
• Total number of active credentials in the system?
• Total number of credentials flagged for deactivation or review during this audit?

Controlled Door & Zone Testing

Perform functional testing of controlled doors and security zones to validate correct access grant/deny behavior.

• Do controlled doors correctly grant access only to credentialed personnel with appropriate access levels?
• Do controlled doors correctly deny access and generate an alarm for invalid or expired credentials?
• Do controlled doors fail to the correct state (fail-safe or fail-secure) upon power loss or system failure?
• Are door prop alarms triggering correctly when doors are held open beyond the configured time threshold?
• Are anti-passback rules configured and enforced in areas requiring strict access control?

Alarm & Event Log Review

Review access control event logs for anomalies, unacknowledged alarms, and evidence of policy violations.

• Have all access denied events from the prior audit period been reviewed for patterns or anomalies?
• Have all forced-door or door-held-open alarms been reviewed and resolved with appropriate documentation?
• Are there any unacknowledged alarms or open events in the system requiring immediate resolution?
• Have after-hours access events by non-authorized roles been flagged and investigated?
• Summary of significant event log findings from this audit period?

Emergency & Life Safety Integration

Verify that access control system integrations with fire alarm, emergency egress, and lockdown systems function correctly.

• Does the access control system integrate with the fire alarm panel to unlock all egress doors upon alarm activation?
• Is a lockdown mode configured and has it been tested within the required testing interval?
• Are manual override mechanisms available at all access-controlled fire egress doors?
• Is battery backup power for the access control system tested and confirmed to meet minimum runtime requirements?
• Is the access control system integrated with video surveillance for alarm-triggered recording at controlled doors?

Compliance Documentation & Corrective Actions

Review maintenance records, prior audit findings, and document corrective actions identified during this audit.

• Is the access control system maintenance log current with all service events documented by a qualified technician?
• Have all corrective actions from the previous access control audit been fully resolved and documented?
• Is the access control system included in the facility security plan with current specifications documented?
• List all corrective actions identified during this audit with responsible party and target resolution date?
• Overall access control system compliance rating for this audit period?

Related Security Checklists

• Visitor Management Procedure Audit Checklist [FREE PDF]
• Visitor Management Procedure Audit Checklist [FREE PDF]
• Key Control and Management Audit Checklist [FREE PDF]
• Badge and Credential Verification Inspection Checklist [FREE PDF]
• CCTV Surveillance System Inspection Checklist [FREE PDF]
• Perimeter Fence & Barrier Inspection Checklist [FREE PDF]
• Alarm System Testing Inspection Checklist [FREE PDF]
• Security Lighting Inspection Checklist [FREE PDF]

Related Access Control Checklists

• Access Control System Daily Inspection Checklist [FREE PDF] - FREE Download
• Visitor Management and Screening Procedure Checklist [FREE PDF] - FREE Download
• Key and Lock Management Audit Checklist [FREE PDF] - FREE Download
• Badge and Credential Verification Audit Checklist [FREE PDF] - FREE Download
• Vehicle Search and Screening Checklist [FREE PDF] - FREE Download
• Physical Access Control System Audit Checklist [FREE PDF] - FREE Download
• Visitor Management & Badging Compliance Checklist [FREE PDF] - FREE Download
• Data Center Physical Security Inspection Checklist [FREE PDF] - FREE Download
• Cybersecurity Physical Security Integration Checklist [FREE PDF] - FREE Download
• Visitor Management Procedure Audit Checklist [FREE PDF] - FREE Download

Why Use This Access Control System Audit Checklist [FREE PDF]?

This access control system audit checklist [free pdf] helps corporate security teams maintain compliance and operational excellence. Designed for access control manager professionals, this checklist covers 36 critical inspection points across 7 sections. Recommended frequency: quarterly.

Ensures compliance with ASIS Physical Security Standard PSC.1-2012, NFPA 731 Standard for the Installation of Electronic Premises Security Systems, DHS CFATS 6 CFR Part 27 Section 27.230, UL 2050 Standard for National Industrial Security Systems, NFPA 730 Guide for Premises Security Chapter 6. Regulatory-aligned for audit readiness and inspection documentation.

Frequently Asked Questions

Browse More Checklists

• All Access Control Checklists
• Security Checklists
• Browse 10,000+ Free Checklist Templates
• Operations Blog
• Book a Demo