When to use this
Use this checklist during an internal audit of security testing in development and acceptance.
Related controls
- A.8.29 Security Testing in Development and Acceptance
- A.8.29 Audit Evidence Pack
- Security Test Plan
- Security Acceptance Criteria Checklist
- Security Test Results and Remediation Tracker
- Security Acceptance Sign-Off Record
Audit checklist
- Review security testing process.
- Check test depth and frequency are risk-based.
- Review security acceptance criteria.
- Sample test results.
- Review findings, remediation, and retest evidence.
- Check regression, defective input, and access control testing.
- Check user/operations involvement where relevant.
- Review final acceptance sign-off.
Findings table
| Testing area | Expected evidence | Observed evidence | Gap | Finding type | Action owner |
|---|---|---|---|---|---|
| TBD | TBD | TBD | TBD | NC / observation / conforming | TBD |
- Template
- Audit
- Iso27001
- A8 29
Note Metadata
Aliases: A.8.29 Security Testing Audit Checklist
Source: 90 Templates/A.8.29 Audit Checklist.md
Graph-sourced resources
Templates and evidence
Auditor evidence packs
Evidence collections and audit-facing verification material.
Related Notes
- A.8.29 Audit Evidence Pack
- Audit Evidence MOC
- ISO 27001 A.8.29 - Security Testing in Development and Acceptance
- A.8 Technological Controls MOC
- A.8 Technological Controls Audit Guide
- A.8 Technological Controls Implementation Audit Risk Mapping
- Security Acceptance Criteria Checklist
- Security Acceptance Sign-Off Record
- Security Test Plan
- Security Test Results and Remediation Tracker
- Audit Evidence Index
- Templates MOC