This is a significant step for the Auditor as the Auditor has to select a profile from the predetermined profiles or has to enforce the Organization's existing policies. The Secure Auditor has the following profiles available for the Auditor to use:

• CIS Profile - This profile is designed by following the standards of Center for internet Security and NSA.
• ISACA Profile - This profile is designed by following the Information Systems Audit & Control Association standards which use COBIT framework.
• SANS Profile - This profile is designed by following System Administration, Audit, Networking and Security standards for Auditing.
• Secure Auditor Profile - This profile is designed by security experts at Secure Bytes and is dependant on the auditor that you are using. (Example if you are using Secure Ora Auditor then the profile generated would be SOA Profile)

In this step the Auditor can use one of the default Audit Profiles or he/she can create one according to his/her Company Policies.