When to use this
Use this checklist for applications that perform payments, customer transactions, public-network transactions, or legally significant actions.
Related controls
Checklist
- User and party identity verification defined.
- Authorization rules defined.
- Segregation of duties considered.
- Secure communication protocol required.
- Confidentiality and integrity controls defined.
- Digital signature/non-repudiation need assessed.
- Certificate authority process reviewed.
- Transaction logging and monitoring defined.
- Legal/regulatory requirements reviewed.
- Fraud or dispute handling considered.
Transaction requirement record
| Application | Transaction type | Required controls | Approval | Test evidence | Notes |
|---|---|---|---|---|---|
| TBD | TBD | TBD | TBD | TBD | TBD |
- Template
- Iso27001
- Technological controls
- Application security
- Transactions
Note Metadata
Aliases: Transaction Security Checklist
Source: 90 Templates/Application Transaction Security Checklist.md
Related Notes
- A.8.26 Audit Evidence Pack
- ISO 27001 A.8.20 - Networks Security
- ISO 27001 A.8.24 - Use of Cryptography
- ISO 27001 A.8.26 - Application Security Requirements
- A.8 Technological Controls MOC
- A.8 Technological Controls Implementation Guide
- A.8 Technological Controls Audit Guide
- A.8 Technological Controls Implementation Audit Risk Mapping
- A.8.26 Audit Checklist
- Templates MOC