When to use this
Use this checklist when auditing separation of development, test, staging, and production environments.
Related controls
Audit checklist
- Environment inventory is documented.
- Access rights differ by environment.
- Production access is restricted and approved.
- Network and administrative paths are controlled.
- Shared identity/admin back ends are risk-assessed.
- CI/CD and release routes enforce change control.
- Production data in test is avoided or formally controlled.
- Non-production environments are secured according to risk.
- Users understand expected environment behavior.
- Evidence proves separation in configuration, not only diagrams.
Sampling record
| Environment/path sampled | Evidence reviewed | Result | Gap/action |
|---|---|---|---|
| TBD | TBD | TBD | TBD |
- Template
- Audit
- Iso27001
- A8 31
Note Metadata
Aliases: Environment Separation Audit Checklist
Source: 90 Templates/A.8.31 Audit Checklist.md
Graph-sourced resources
Templates and evidence
Auditor evidence packs
Evidence collections and audit-facing verification material.