When to use this
Use this checklist during an internal audit of secure development rules, competence, code review, vulnerability follow-up, and supplier development.
Related controls
- A.8.25 Secure Development Life Cycle
- A.8.25 Audit Evidence Pack
- Secure Development Policy
- Secure Development Compliance Review Checklist
- Secure Code Review Record
- Developer Security Training Matrix
Audit checklist
- Review secure development policy/standard.
- Check developer and reviewer training.
- Sample secure code review records.
- Review vulnerability remediation records.
- Check supplier/contractor development requirements.
- Verify compliance checks are routine.
- Check standards review and update evidence.
Findings table
| Development area | Expected evidence | Observed evidence | Gap | Finding type | Action owner |
|---|---|---|---|---|---|
| TBD | TBD | TBD | TBD | NC / observation / conforming | TBD |
- Template
- Audit
- Iso27001
- A8 25
Note Metadata
Aliases: A.8.25 Secure Development Audit Checklist
Source: 90 Templates/A.8.25 Audit Checklist.md
Graph-sourced resources
Templates and evidence
Auditor evidence packs
Evidence collections and audit-facing verification material.
Related Notes
- A.8.25 Audit Evidence Pack
- Audit Evidence MOC
- ISO 27001 A.8.25 - Secure Development Life Cycle
- A.8 Technological Controls MOC
- A.8 Technological Controls Audit Guide
- A.8 Technological Controls Implementation Audit Risk Mapping
- Developer Security Training Matrix
- Secure Code Review Record
- Secure Development Compliance Review Checklist
- Secure Development Policy
- Audit Evidence Index
- Templates MOC