IT security audits may be characterized according to the degree of information the testers and the administrators of the systems in scope have when the tests are carried out. According to the OSSTMM, in a double-blind audit the testers do not have any knowledge about the systems to be tested prior to the audit and the administrators of the tested systems are unaware of the security audit. The double-blind test type is the most realistic approach, but not the most efficient.