UnixTime

Research Note

A.8.30 Audit Checklist

- Outsourced development scope is identified. - Supplier development risk assessment exists. - Contract/SOW includes security requirements. - IP ownership and licence obligation...

On this page

When to use this

Use this checklist when auditing outsourced system development.

Audit checklist

  • Outsourced development scope is identified.
  • Supplier development risk assessment exists.
  • Contract/SOW includes security requirements.
  • IP ownership and licence obligations are defined.
  • Security testing and code quality requirements are defined.
  • Audit rights or assurance evidence requirements are defined.
  • Supplier monitoring records exist.
  • Supplier findings are tracked to closure.
  • Deliverables are security-reviewed before acceptance.
  • Subcontractor or indirect supply chain risks are considered.

Sampling record

Supplier/project sampled Evidence reviewed Result Gap/action
TBD TBD TBD TBD
  • Template
  • Audit
  • Iso27001
  • A8 30

Note Metadata

Aliases: Outsourced Development Audit Checklist

Source: 90 Templates/A.8.30 Audit Checklist.md

Graph-sourced resources

Templates and evidence

Auditor evidence packs

Evidence collections and audit-facing verification material.