UnixTime

Research Note

A.8.31 Audit Checklist

Use this checklist when auditing separation of development, test, staging, and production environments.

On this page

When to use this

Use this checklist when auditing separation of development, test, staging, and production environments.

Audit checklist

  • Environment inventory is documented.
  • Access rights differ by environment.
  • Production access is restricted and approved.
  • Network and administrative paths are controlled.
  • Shared identity/admin back ends are risk-assessed.
  • CI/CD and release routes enforce change control.
  • Production data in test is avoided or formally controlled.
  • Non-production environments are secured according to risk.
  • Users understand expected environment behavior.
  • Evidence proves separation in configuration, not only diagrams.

Sampling record

Environment/path sampled Evidence reviewed Result Gap/action
TBD TBD TBD TBD
  • Template
  • Audit
  • Iso27001
  • A8 31

Note Metadata

Aliases: Environment Separation Audit Checklist

Source: 90 Templates/A.8.31 Audit Checklist.md

Graph-sourced resources

Templates and evidence

Auditor evidence packs

Evidence collections and audit-facing verification material.