When to use this
Use this checklist during an internal audit of secure coding principles, standards, tools, reviews, generated code, and exceptions.
Related controls
- A.8.28 Secure Coding
- A.8.28 Audit Evidence Pack
- Secure Coding Standard
- Secure Coding Compliance Review Checklist
- Secure Code Review Record
- Secure Coding Exception Record
- AI-Generated Code Security Review Checklist
Audit checklist
- Identify coding activities in ISMS scope.
- Review applicable secure coding standards.
- Interview developers on standards awareness.
- Review automated coding/security tool evidence.
- Sample secure code review records.
- Review exception records.
- Check supplier or AI-generated code review.
- Check internal audit/technical review evidence.
Findings table
| Coding area | Expected evidence | Observed evidence | Gap | Finding type | Action owner |
|---|---|---|---|---|---|
| TBD | TBD | TBD | TBD | NC / observation / conforming | TBD |
- Template
- Audit
- Iso27001
- A8 28
Note Metadata
Aliases: A.8.28 Secure Coding Audit Checklist
Source: 90 Templates/A.8.28 Audit Checklist.md
Graph-sourced resources
Templates and evidence
Auditor evidence packs
Evidence collections and audit-facing verification material.
Related Notes
- A.8.28 Audit Evidence Pack
- Audit Evidence MOC
- ISO 27001 A.8.28 - Secure Coding
- A.8 Technological Controls MOC
- A.8 Technological Controls Audit Guide
- A.8 Technological Controls Implementation Audit Risk Mapping
- AI-Generated Code Security Review Checklist
- Secure Code Review Record
- Secure Coding Compliance Review Checklist
- Secure Coding Exception Record
- Secure Coding Standard
- Audit Evidence Index
- Templates MOC