IT security audits may be characterized according to the degree of information the testers and the administrators of the systems in scope have when the tests are carried out. The OSSTMM defines blind as the audit type where the testers do not have any knowledge about the systems to be tested prior to the audit, whereas the administrators of the tested systems are fully aware of the security audit.