Information security is a fundamental aspect to any organization, not something exclusive to large companies. Implementing good practices in security management is relevant to being competitive in the context, however, adopting a standard in this regard is a tedious and expensive process for small companies. Audits are part of the proper management of information security, as these help to prevent incidents and mitigate risks on information assets. Many auditing applications are developed and executed in private technological settings, are expensive and not available to the community, or focus on functionality, but have serious difficulties in guaranteeing or documenting confidentiality and anonymity services. With this problem in mind, SANI, an alternative tool that implements these capabilities, was designed, developed, and tested in a real operating scenario.