Memory cue
Last-day cue
A.8.32 = control changes. A.8.33 = control test data. A.8.34 = control audit testing on live systems.
What the exam is likely testing
| Control | Exam cue |
|---|---|
| A.8.32 | Changes need impact assessment, approval, testing, rollback, logging, and review |
| A.8.33 | Test information should be selected, protected, managed, and deleted |
| A.8.34 | Audit testing on operational systems should be planned and agreed |
Common wrong answers
- Treating approval alone as full change management.
- Treating emergency changes as exempt from control.
- Treating test data as low risk because it is outside production.
- Ignoring logs, caches, debug files, and reports created by testing.
- Letting audit tools run on live systems without scope, authorization, or safeguards.
Quick comparison
| Topic | A.8.32 Change management | A.8.33 Test information | A.8.34 Audit testing protection |
|---|---|---|---|
| Main risk | Uncontrolled change disrupts or weakens systems | Test data leaks or is mismanaged | Assurance activity harms live systems |
| Core evidence | Change records, impact assessment, testing, approval, rollback | Test data approvals, masking, access, deletion | Audit test plan, authorization, tool logs, results protection |
| Common trap | Approval is enough | Test environment means low risk | Auditor activity is automatically safe |
Related notes
- Iso27001
- Exam
- Change management
- Test information
- Audit testing
Note Metadata
Aliases: EXAM-041
Source: 09-Exam-Preparation/EXAM-041-Change-Test-Information-and-Audit-Testing.md