Which part of the security survey process involves collecting information about current security measures?

The part of the security survey process that involves collecting information about current security measures is the document collection or reviews phase. This step is crucial as it allows the assessor to gather detailed information on existing policies, procedures, and security systems in place. By reviewing documents such as security plans, incident reports, and access control logs, the assessor gains insights into how security is currently managed and identifies any gaps or overlaps in the security measures.

This collection of existing documents serves as a foundation for evaluating the effectiveness of current security practices. It helps in understanding the operational context and the rationale behind existing security protocols, which is essential for making informed recommendations for improvement. This comprehensive overview aids in establishing a baseline for comparison with industry standards or best practices, making it a pivotal phase in the overall security assessment process.

The other phases, while important to the overall survey, focus on different aspects of information gathering and analysis that support but do not directly involve the collection of current security measures.