UnixTime

Research Note

A.8.4 Audit Checklist

Use this checklist during an internal audit of source code, development tools, software libraries, and code-impacting scripts or macros.

On this page

When to use this

Use this checklist during an internal audit of source code, development tools, software libraries, and code-impacting scripts or macros.

Audit checklist

  • Review source code repository register.
  • Sample repository read/write/merge/admin access.
  • Check branch protection and approval rules.
  • Review code change records and test evidence.
  • Check CI/CD and build tool access.
  • Review dependency/library source controls.
  • Check production systems for source code or development tools.
  • Review macros, reports, scripts, and stored procedures where relevant.
  • Review source code access review/removal evidence.

Findings table

Repository/tool Expected evidence Observed evidence Gap Finding type Action owner
TBD TBD TBD TBD NC / observation / conforming TBD
  • Template
  • Audit
  • Iso27001
  • A8 4

Note Metadata

Aliases: A.8.4 Source Code Audit Checklist

Source: 90 Templates/A.8.4 Audit Checklist.md

Graph-sourced resources

Templates and evidence

Auditor evidence packs

Evidence collections and audit-facing verification material.