Skip to content
  • Home
  • Social Media Auditors

Social Media Auditors

Guidance on Social Media Auditor activity, for Security Personnel and General Staff

Last Updated 15 December 2023


There is a small but increasing number of reports within the United Kingdom involving individuals who attend premises and outside spaces, with the aim of capturing staff and property on camera, the content from which is often uploaded to social media and video platforms. We refer to them as Auditors in this guidance as it's the term most associated with them online. Other terms include Social Media Auditors and Citizen Journalists.

Auditors take advantage of the understandable concerns from personnel when staff premises are photographed or filmed. Auditors often attempt to provoke staff and security in order to elicit heightened reactions, at times asserting that staff are overstepping legal boundaries. They are well versed in their own rights and frequently cite legislation when challenged.

It is not an offence to be an Auditor of to film personnel and property from a place the Auditor is allowed to be. This includes filming private property with a drone where a drone is allowed to fly. 

Auditing activity is mostly harmless, and the amount of compromising information gathered by filming vehicles, personnel, equipment or the facility itself is generally minimal. Issues typically arise when staff and security engage in a hostile manner, by quoting legislation incorrectly, or by giving inaccurate statements such as "You are not allowed to film here".

While the Auditors themselves might not have hostile intent, the content they create and post online could be viewed by genuine hostile actors. As such, conveying an air of a professional security culture is helpful - such as highlighting the CCTV which alerted you to their presence - but without giving unnecessary insight into your security infrastructure or procedures. 

When interacting with suspected Auditors, we recommend a CALM approach - Chat, Assess, Limit, Monitor.

  • Chat in a friendly manner
  • Assess for hostile intent
  • Limit interactions beyond what's necessary
  • Monitor risk of escalation 

It is important that all personnel remain polite and professional if responding to a situation where someone is recording premises and/or staff. When engaging, remember that your first words will often dictate the tone of the interaction. 

Auditors want their content to go viral.

Remember that the goal of auditing is often to generate controversial content. The best defence is to make their interactions with you forgettable. 

Social Media Auditors Guidance

Social Media Auditors

View Video Transcript

There is a small but growing trend where individuals visit premises and outside spaces, often with the intention of generating controversial content to post online.

They may do this by filming, voice recording or even with drone footage.

These self-styled 'Auditors' and their activities are mostly harmless. But if approached incorrectly, such activities may cause issues for the organisations visited and the individuals recorded.

This video will show you how to spot potential Auditors, how best to respond to Auditor activities and when you should escalate your response.

Everyone within the organisation should be made aware of the potential for Auditor activity and remain on the look out for it. While the threat posed by genuine Auditors is usually low, even well-meaning comments or interactions from staff can be used to generate controversial online content. Anyone who spots suspected Auditor activity should notify security, allowing them to respond accordingly.

When faced with a suspected Auditor, security staff should continue to follow the See, Check and Notify framework on identifying suspicious activity.

With the Check phase, we recommend taking a CALM approach - Chat, Assess, Limit, Monitor.

Step one - Chat. First, alert your control room and engage the suspected Auditor in a friendly manner with a professional approach such as “How is it going today?” or “I was curious what you were up to”. This sets a neutral tone and minimises the risk of the kind of controversial content they generally seek.

Step two - Assess. Next, confirm the suspected Auditors intent. Generally, Auditors won’t try to hide their activities – and may even narrate them. Remember to remain alert for wider hostile intent.

Step three - Limit. If you feel the suspected Auditor is not a direct threat, limit unnecessary interactions and escalations. Not only will this reduce the possibility of you saying something they can find fault with, but it will also minimise the value of the content they generate from the encounter.

And step four - Monitor. You should continue to monitor Auditor activities, remaining vigilant for signs of wider hostile intent or escalation, such as attempts to breach a perimeter, until they leave.

If you are suspicious or have concerns during an encounter with an Auditor, contact your control room or supervisor.

If there are any concerns that there is an immediate risk, or a crime may be committed, call the police on 999 providing as much information as possible.

If after an encounter you suspect hostile reconnaissance, complete an external report to the police by calling 101.

Remember that Auditor activities are designed to generate content for social media.

By acting in a CALM way, you not only stay vigilant to potential threats, but offer the least chance of generating controversial content for them to post.

This should help to minimise the impact of such incidents, while reducing an incentive for repeat visits.

To find out more including some reminders on what is and is not permitted of Auditors in public spaces, along with specific advice on the use of drones, download our guidance document at

The downloadable guidance document contains advice on hostile reconnaissance, how to engage with suspected auditors, reminders on what is and is not permitted of Auditors in public spaces, along with specific advice on the use of drones. 

Social Media Auditors Guidance Cover showing 2 men with a phone and camera and a drone flying above them.

Guidance document on Social Media Auditors activity, for Security Personnel and General Staff.

Social Media Auditors want to generate controversial content to post online. Don't give it to them. 

Guidance for Security Personnel

When faced with a suspected Auditor, security staff should continue to follow the See, Check and Notify (SCaN) framework on suspicious activity. We recommend taking a CALM approach - Chat, Assess, Limit, Monitor. See our full guidance document above for more details. 

NPSA Social Media Auditors Security Staff poster - CALM

Download Social Media Auditors Poster - Security Staff

Guidance for General Staff

Not only does everyone have a role to play in security, but there have been incidents where suspecting members of staff have been approached when entering or exiting various parts of a property. Because Auditors can rely on confusion and intimidation, make staff aware - and prepared - is an important aspect of protecting against such tactics. 

NPSA Social Media Auditors General Staff poster - Don't go viral for the wrong reasons.

Download Social Media Auditors Poster - General Staff

White-label Posters

Versions of the guidance assets are available without NPSA branding and are made available for organisations to edit and apply their own branding and logos for their internal use. These are provided under the terms of the Open Government Licence Agreement and the following attribution statement must always be included in the guidance assets: “© crown copyright NPSA."

Training Slides

NPSA has produced a PowerPoint slide deck to assist organisation to train their personnel. The slides include speaker notes on relevant slides, and a playable copy of the animation on slide 2.

Rolodex / Business Cards

Handout cards are available to download which can be used in Security Control rooms, and given out to security staff to act as reminders in the event of suspected auditor activity.

See, Check and Notify (SCaN)

All suspicious activity should be investigated. Stay vigilant, and continue to follow the See, Check and Notify (SCaN) guidance. You can find out more about the wider See, Check and Notify guidance on the SCaN section.

Did you find this page useful? Yes No