UnixTime

Research Note

A.8.32 Audit Checklist

Use this checklist when auditing change management for information systems and information processing facilities.

On this page

When to use this

Use this checklist when auditing change management for information systems and information processing facilities.

Audit checklist

  • Change procedure exists.
  • Scope includes systems, infrastructure, code, networks, and environments.
  • Security impact is assessed.
  • Approval is risk-based.
  • Testing is evidenced.
  • Rollback/failback is planned.
  • Implementation is logged.
  • Release records identify included changes.
  • Emergency changes are reviewed.
  • Documentation and configuration records are updated.

Sampling record

Change sampled Evidence reviewed Result Gap/action
TBD TBD TBD TBD
  • Template
  • Audit
  • Iso27001
  • A8 32

Note Metadata

Aliases: Change Management Audit Checklist

Source: 90 Templates/A.8.32 Audit Checklist.md

Graph-sourced resources

Templates and evidence

Auditor evidence packs

Evidence collections and audit-facing verification material.