UnixTime

Research Note

Audit Testing Plan and Authorization Record

Use this record before audit tests, scans, assurance checks, or tool-assisted reviews are performed on operational systems.

On this page

When to use this

Use this record before audit tests, scans, assurance checks, or tool-assisted reviews are performed on operational systems.

Plan and authorization

Field Value
Test name TBD
Systems in scope TBD
Systems out of scope TBD
Tester TBD
Independence basis TBD
Tools/techniques TBD
Planned window TBD
Business constraints TBD
Access required TBD
Stop criteria TBD
Escalation contacts TBD
Operational approver TBD
Security approver TBD

Minimum checks

  • Scope is agreed.
  • Operational management approved.
  • Tool use is recorded.
  • Business disruption is minimized.
  • Results storage is restricted.
  • Testing will not modify data unless explicitly approved.