UnixTime

Research Note

A.8.28 Audit Checklist

Use this checklist during an internal audit of secure coding principles, standards, tools, reviews, generated code, and exceptions.

On this page

When to use this

Use this checklist during an internal audit of secure coding principles, standards, tools, reviews, generated code, and exceptions.

Audit checklist

  • Identify coding activities in ISMS scope.
  • Review applicable secure coding standards.
  • Interview developers on standards awareness.
  • Review automated coding/security tool evidence.
  • Sample secure code review records.
  • Review exception records.
  • Check supplier or AI-generated code review.
  • Check internal audit/technical review evidence.

Findings table

Coding area Expected evidence Observed evidence Gap Finding type Action owner
TBD TBD TBD TBD NC / observation / conforming TBD