Most strata buildings accumulate technology infrastructure the same way a house accumulates clutter — gradually, without a plan, and with nobody keeping track of the whole picture.
The CCTV system was installed by one contractor five years ago. The access control came from another company during a lobby renovation. NBN Co connected the building network when the building was first wired for fibre. The lift emergency phone was fitted by the lift maintenance company and has been quietly running ever since. Nobody has ever looked at all of these systems together, in the same room, with the same set of eyes.
A technology infrastructure audit does exactly that. It is a structured, professional assessment of every system in a strata building that relies on network or communications infrastructure — conducted to identify gaps, risks, compliance failures, and anything that has drifted out of date. For strata managers, owners corporation committees, and building managers, it produces something that is often completely absent: a single, reliable document describing what is installed, how it is configured, and what needs attention.
This article explains what a Pickle technology audit covers, why buildings commission them, and what the audit produces.
Why Strata Buildings Request a Technology Audit
Audits are rarely booked out of nowhere. In most cases, something prompts the conversation. The most common triggers are:
A system failure with no clear explanation. The CCTV drops out and nobody knows whether it is the cameras, the NVR, the network switch, or the internet connection. The access control stops responding. A lift phone fails its annual test call. When the cause is unclear, a structured audit of the underlying infrastructure is often the fastest way to find it.
A change of strata management company. Incoming strata managers frequently inherit buildings with little or no documentation of what technology is installed, who the service providers are, or how the systems are configured. A technology audit establishes the baseline so the new manager is not relying on institutional knowledge that walked out the door with the previous company.
An insurance renewal that asks about cybersecurity. This is increasingly common. Insurers are asking owners corporations about network security controls, CCTV configurations, and access management. When a committee cannot answer those questions, it is a signal that an audit is overdue.
A committee member raises security concerns. Reports of cyber incidents at strata buildings — hacked CCTV systems, compromised access control, ransom demands — are no longer rare. A committee member who reads one of these stories and asks "could that happen here?" deserves a real answer, not a guess.
A major renovation or upgrade project. Before new infrastructure is designed and commissioned, it helps to know what is already in place. An audit provides the baseline so that new works do not duplicate existing systems or create conflicts.
Routine due diligence. A building gets a structural inspection periodically — not because anything is visibly wrong, but because responsible management requires it. The same logic applies to technology infrastructure. A periodic audit is simply good governance.
What a Pickle Technology Audit Covers
A Pickle technology audit is not a checklist filled in by a generalist. Pickle's professional IT services team physically attends the building, inspects and tests each system, reads active network configurations, and assesses what they find against current best practice and applicable compliance requirements.
The audit covers the following areas.
Internet and Network Connectivity
The assessor identifies the type of NBN connection serving the building — FTTB (Fibre to the Building), FTTP (Fibre to the Premises), Fixed Wireless, or another technology — and reviews whether the current service tier is adequate for the building's actual and planned use.
A critical question at this stage is whether there is a dedicated common area internet connection for building systems, separate from the residents' connections. Many buildings run all systems — CCTV, access control, intercoms, and building management — over a single shared connection with no separation. This is both a performance risk and a security risk.
The audit also reviews the router and modem: current firmware, known vulnerabilities, and, importantly, who holds the login credentials. Credential ownership is a recurring issue in strata buildings — service providers frequently retain access credentials and do not hand them over when relationships end.
For further context on building connectivity infrastructure, see Pickle's strata management communications solutions.
Network Architecture and Segmentation
Beyond the internet connection itself, the audit assesses the internal network architecture. Is the building running on a managed switch or a consumer-grade device? Are VLANs (Virtual Local Area Networks) configured to separate resident internet traffic from CCTV, access control, and building management systems?
Network segmentation is one of the most important security controls in a strata building. When all systems share a single flat network, a compromised resident device can reach a CCTV NVR, an access control server, or a building management system. Proper VLAN configuration prevents this.
The audit also reviews the firewall — whether one exists, whether it is actively managed, and whether it is running a default configuration that offers limited real-world protection. Pickle's detailed guidance on this topic is covered in secure network design for apartment buildings.
CCTV System
The audit documents the camera count, coverage areas, and whether coverage maps to the areas the building's by-laws and insurance requirements specify. It then looks at how the system is configured: are the cameras on a dedicated VLAN, or are they mixed in with resident or building management traffic?
Remote access to the NVR (Network Video Recorder) receives particular attention. Many CCTV systems are configured for remote access via direct port forwarding — a method that exposes the NVR directly to the internet and is a known, well-documented security risk. A properly configured system uses a VPN or a secure cloud relay instead.
The audit also checks NVR firmware currency, default password status (factory default passwords on CCTV equipment are among the most commonly exploited entry points in building networks), and whether footage retention meets the building's obligations. See Pickle's article on CCTV and network security in buildings for a deeper treatment of these risks.
Access Control
The assessor identifies the access control system type — IP-based, standalone, or proprietary — and reviews how it is integrated with the building network. Is the controller on a dedicated VLAN? Is communication between components encrypted?
Operationally, the audit reviews whether the strata manager can remotely deactivate credentials when a resident departs, and whether there is an audit log of access events available for review. Credential hygiene is assessed: departed residents whose fobs or codes are still active represent a security exposure that is easy to create and easy to miss. Further technical detail on access control configuration is covered in Pickle's article on strata building access control and network requirements.
Intercom System
The audit determines whether the intercom is audio-only or video, and whether it operates on an analogue or IP-based architecture. For IP intercoms that are connected to the building network, the same segmentation questions that apply to CCTV and access control apply here: is the intercom on its own VLAN, or does it share network segments with other systems?
Any known faults are documented, along with the relationship between the intercom system and the lift — noting that the intercom-to-lift connection is a different system from the AS1735.19 emergency phone inside the lift car.
Lift Emergency Phones
This is one of the highest-priority areas in any strata technology audit, and one of the most commonly found to be non-compliant.
Under Australian Standard AS1735.19, every passenger lift must be fitted with a compliant emergency communication device capable of making a call and being audible. The annual test call must be conducted and the result logged. In practice, many buildings have lift phones that have not been tested, are running on service accounts nobody manages, or are still connected via GSM or analogue infrastructure that is in the process of being decommissioned by carriers.
The audit confirms whether each lift has a compliant device, whether the device is 4G-capable (not reliant on analogue or GSM networks that are being progressively retired), who the service provider is, and whether the account is current and the billing is under the building's control. Pickle's dedicated article on lift emergency phone requirements in Australia covers the compliance obligations in detail.
Phone System
Where the building has a main phone number — for the building manager, the intercom front desk, or the owners corporation — the audit reviews whether that number is documented, who controls the account, and how the service is configured. After-hours routing and voicemail monitoring are assessed. Phone system arrangements in strata buildings are frequently informal and undocumented, creating gaps when staff change or management companies transition.
Mobile Coverage
The audit identifies any known dead zones within the building where mobile coverage is inadequate. This matters for resident amenity, but more critically for emergency access: a person in an underground carpark, a plant room, or a basement corridor who cannot make a 000 call is in a genuinely dangerous position.
Where gaps exist, the audit considers whether a Distributed Antenna System (DAS) or Wi-Fi calling infrastructure would address them, and documents the findings for the committee's consideration. The broader context of cybersecurity and connectivity in smart buildings is discussed in Pickle's article on cyber security in smart buildings.
What the Audit Produces
At the conclusion of the assessment, Pickle produces a written report that the strata manager can table at a committee meeting, act on directly, or use to brief contractors.
The report covers:
- Current state of each system — what is installed, how it is configured, who manages it, and who holds the credentials
- Identified risks, ranked by severity — from critical (a lift phone that will not connect, an NVR with the factory default password exposed to the internet) to moderate (firmware that is several versions behind) to low (minor documentation gaps)
- Compliance gaps — with particular attention to AS1735.19 lift phone requirements, which carry direct legal exposure for owners corporations
- Recommended remediation actions in priority order — what to fix first, what can wait, and what requires specialist contractors rather than a general IT provider
The report is written for a strata management audience, not a technical one. A committee member does not need to understand what a VLAN is to follow the finding "CCTV cameras are on the same network as resident devices — this should be corrected."
When to Re-Audit
A technology audit is not a one-time event. Pickle recommends re-auditing every two to three years as a baseline cadence, and additionally following:
- A change of strata management company
- A significant renovation or technology upgrade
- A cyber incident or near-miss — including incidents at comparable buildings that prompt a committee review
- An insurance renewal that introduces new questions about security controls
- The addition of a significant new system (EV charger infrastructure, smart building sensors, upgraded CCTV)
Buildings that treat their technology infrastructure as a living system — one that is documented, reviewed, and updated — are materially better positioned than those that wait for a failure to force the conversation.
Who Conducts the Audit
A Pickle technology audit is conducted by Pickle's professional IT services team. The assessors who attend the building are experienced with strata building infrastructure specifically — not general residential IT, not commercial office networks, but the particular combination of systems found in apartment buildings and mixed-use strata: building management systems, lift phones, access control, CCTV, and shared network infrastructure serving both residents and building operations.
This matters because the assessment requires someone who can read and interpret a network configuration, test active systems under real conditions, and evaluate what they find against current best practice and applicable compliance standards. It is not a form that a building manager fills in, and it is not a visual inspection by a general tradesperson.
Pickle is a managed IT, business internet, and phone systems provider with direct experience across strata building environments. More on Pickle's managed IT services background is available in the article on managed IT services for Australian businesses.
Frequently Asked Questions
Q: How long does a technology audit take?
A: For a typical residential strata building, the on-site assessment takes between two and four hours depending on the number of systems, the size of the building, and how accessible the infrastructure is. Report preparation following the site visit typically takes a further two to three business days. Larger or more complex buildings — those with multiple network risers, extensive CCTV installations, or multiple lifts — may require longer.
Q: Does the building need to be vacant during the audit?
A: No. The audit is conducted during normal building hours and does not require residents to be absent. The assessors will need access to the communications room, server or patch panel locations, the lift motor room (for emergency phone testing), and potentially the basement or carpark. The strata manager or building manager should be available or have arranged access to these areas in advance.
Q: What happens after the audit — does Pickle fix the issues?
A: Pickle can. Where the recommended remediation falls within Pickle's service scope — network reconfiguration, firewall management, phone system changes, CCTV or access control improvements — Pickle can provide a separate quote to address the findings. Some items may require specialist contractors (lift maintenance companies for emergency phone compliance, for example), and the report will make clear which items sit in which category. There is no obligation to engage Pickle for remediation work.
Q: How much does a technology audit cost?
A: Audit pricing depends on the size of the building and the number of systems to be assessed. Contact Pickle directly for a quote specific to your building — call 1300 688 588 or email [email protected].
Q: Can the audit report be used for insurance purposes?
A: Yes. The written report is a formal document that strata managers and committees have used to respond to insurer questionnaires, support claims discussions, and demonstrate due diligence. It is not a certification or an insurance product, but it provides documented evidence of the building's current technology posture and the steps taken or planned to address identified risks.
Get a Technology Audit for Your Building
If your building has never had a technology infrastructure audit — or if the last review was more than two or three years ago — contact Pickle to discuss what an assessment would cover for your specific building.
Call 1300 688 588 or email [email protected].
Pickle provides managed IT, business internet, and phone systems services to strata buildings and businesses across Australia. Visit thinkpickle.com.au/solutions/strata-management-communications to learn more about Pickle's strata services.