[F16.3. In order to confirm that security measures are implemented, the conduct of a security audit shall be based on a systematic gathering of information by one or more of the following techniques: U.K.
(a)
examination of documents;
(b)
observations;
(c)
interviews;
(d)
verifications.]