When to use this
Use this checklist when auditing change management for information systems and information processing facilities.
Related controls
Audit checklist
- Change procedure exists.
- Scope includes systems, infrastructure, code, networks, and environments.
- Security impact is assessed.
- Approval is risk-based.
- Testing is evidenced.
- Rollback/failback is planned.
- Implementation is logged.
- Release records identify included changes.
- Emergency changes are reviewed.
- Documentation and configuration records are updated.
Sampling record
| Change sampled | Evidence reviewed | Result | Gap/action |
|---|---|---|---|
| TBD | TBD | TBD | TBD |
- Template
- Audit
- Iso27001
- A8 32
Note Metadata
Aliases: Change Management Audit Checklist
Source: 90 Templates/A.8.32 Audit Checklist.md
Graph-sourced resources
Templates and evidence
Auditor evidence packs
Evidence collections and audit-facing verification material.