When to use this
Use this checklist during an internal audit of secure architecture and engineering principles.
Related controls
- A.8.27 Secure System Architecture and Engineering Principles
- A.8.27 Audit Evidence Pack
- Secure Architecture Principles Standard
- Security Architecture Review Record
- Security Engineering Deviation Record
Audit checklist
- Review secure architecture principles.
- Check principles are tailored and maintained.
- Sample architecture review records.
- Check threat model or design risk evidence.
- Review deviations and approvals.
- Check contractor/supplier communication.
- Interview architecture/security engineering role holders.
Findings table
| Architecture area | Expected evidence | Observed evidence | Gap | Finding type | Action owner |
|---|---|---|---|---|---|
| TBD | TBD | TBD | TBD | NC / observation / conforming | TBD |
- Template
- Audit
- Iso27001
- A8 27
Note Metadata
Aliases: A.8.27 Secure Architecture Audit Checklist
Source: 90 Templates/A.8.27 Audit Checklist.md
Graph-sourced resources
Templates and evidence
Auditor evidence packs
Evidence collections and audit-facing verification material.
Related Notes
- A.8.27 Audit Evidence Pack
- Audit Evidence MOC
- ISO 27001 A.8.27 - Secure System Architecture and Engineering Principles
- A.8 Technological Controls MOC
- A.8 Technological Controls Audit Guide
- A.8 Technological Controls Implementation Audit Risk Mapping
- Secure Architecture Principles Standard
- Security Architecture Review Record
- Security Engineering Deviation Record
- Audit Evidence Index
- Templates MOC