Physical Security Audit. Cyber, OT, and physical security audited from one team.

Cyber security, machine and equipment controls (OT) and physical security belong together. We audit your physical security on site, find the weaknesses that really matter to your business, and tell you plainly what is secure and what is not.

Request now

What comes after cyber and OT security

You’ve invested in cyber and OT security. Segmentation, patch management, access control. A strong foundation.

The next step: audit the physical paths into your OT just as thoroughly. How effective are your perimeter, gates, and locks in practice? How secure do control cabinets and maintenance access points stay? How would your team respond to an unfamiliar person standing at a control panel?

Some attack paths can’t be closed by a firewall. They run through an unlocked gate, an open control cabinet, a maintenance access point with no oversight. An audit uncovers them before someone else does.

OT, IT, and Physical Security belong together

As certified penetration testers and physical security experts, we know both worlds and find the touchpoints where they meet.

What we look at on-site:

Production lines, PLCs, and machine controls
Control cabinets, maintenance access, and shop-floor network ports
Server rooms, network infrastructure, and backup systems
Reception, delivery entrances, and visitor traffic

How your Security Audit works

Minimal effort for you, maximum insights for your security

Brief Call

30-45 min.

Clarify assets and scope, schedule the on-site test

On-site Test

4 hrs - 3 days

Grounds, building, access and locking systems, with minimal disruption to your operations

Report

Within 5 days

Executive summary, photos and evidence, prioritized recommendations (Quick wins / medium-term / Investment)

Debrief

30-60 min.

Review action plan together, set priorities, plan next steps

What we test

Request Audit

Grounds & Perimeter

Fences, gates, lighting, cameras, motion detectors. We test how effective your outer perimeter is in practice.

Access Control

Badge systems, locks, biometrics, visitor management. We test how effective your access restrictions really are.

Production & Critical Infrastructure

Production lines, machine controls, OT systems, server rooms, and network technology. The areas where physical and digital security are most closely intertwined.

Thank you!

We'll get back to you shortly.

Request your audit

Three scopes, one foundation. Every audit covers the same baseline checks — the touchpoints most often overlooked in everyday operations. What changes between packages is scope and depth.

Which package fits your situation?

from €990 net

Compact Audit

up to 200 m², single site, day visit

Reception, tailgating, server and equipment room

individual

Extended Audit

multiple areas or floors, 1–3 days on-site

Extended methodology including awareness tests and staff interviews

individual

Industrial / KRITIS Audit

production lines, OT segments, multiple sites

Uncover critical physical attack paths across multiple sites and facilities

Included in every audit

Locks and key management practice
Windows and exterior access points
Unsecured network ports and patch cabinets
Document and file handling
Reception and visitor flow
Photo-evidenced report with prioritization

How can we reach you? *

We will contact you via your preferred method.

Response within 24h

Proven Security Expertise

Certified Covert Access Specialists through the Covert Access Team. We master professional techniques for covert entry and audit your security at a level others overlook.

As triple OffSec-certified experts (OSCP, OSWE, OSEP) and Top-100 Bug Bounty hunters, we know attack techniques first-hand and bring this experience into every Physical Security Audit.

Audited Security as Evidence

We deliver an independent, photo-backed report of the physical attack paths we found at your site — prioritized by impact, with concrete recommendations on which to close first. From experts who understand IT, OT, and the physical world.

Critical infrastructure operators face increasing regulatory requirements to demonstrate adequate physical protection. Our audit provides the independent test: where could attackers get through, and which measures close those paths most effectively?

Confidentiality from day one. Every audit begins with a mutual non-disclosure agreement. Observations, photos, and reports are stored encrypted and, on request, returned or destroyed at project end.

Let's have a brief conversation

In 15 minutes we can clarify whether an audit makes sense for your situation. An honest assessment, no obligation, free of charge.

Book a Consultation Now