When to use this
Use this checklist when auditing outsourced system development.
Related controls
Audit checklist
- Outsourced development scope is identified.
- Supplier development risk assessment exists.
- Contract/SOW includes security requirements.
- IP ownership and licence obligations are defined.
- Security testing and code quality requirements are defined.
- Audit rights or assurance evidence requirements are defined.
- Supplier monitoring records exist.
- Supplier findings are tracked to closure.
- Deliverables are security-reviewed before acceptance.
- Subcontractor or indirect supply chain risks are considered.
Sampling record
| Supplier/project sampled | Evidence reviewed | Result | Gap/action |
|---|---|---|---|
| TBD | TBD | TBD | TBD |
- Template
- Audit
- Iso27001
- A8 30
Note Metadata
Aliases: Outsourced Development Audit Checklist
Source: 90 Templates/A.8.30 Audit Checklist.md
Graph-sourced resources
Templates and evidence
Auditor evidence packs
Evidence collections and audit-facing verification material.