When to use this
Use this record before audit tests, scans, assurance checks, or tool-assisted reviews are performed on operational systems.
Related controls
Plan and authorization
| Field | Value |
|---|---|
| Test name | TBD |
| Systems in scope | TBD |
| Systems out of scope | TBD |
| Tester | TBD |
| Independence basis | TBD |
| Tools/techniques | TBD |
| Planned window | TBD |
| Business constraints | TBD |
| Access required | TBD |
| Stop criteria | TBD |
| Escalation contacts | TBD |
| Operational approver | TBD |
| Security approver | TBD |
Minimum checks
- Scope is agreed.
- Operational management approved.
- Tool use is recorded.
- Business disruption is minimized.
- Results storage is restricted.
- Testing will not modify data unless explicitly approved.
- Template
- Iso27001
- Audit testing
- Assurance
Note Metadata
Aliases: Audit Testing Authorization Record
Source: 90 Templates/Audit Testing Plan and Authorization Record.md
Related Notes
- Internal Audit
- A.8.34 Audit Evidence Pack
- ISO 27001 A.8.34 - Protection of Information Systems During Audit Testing
- A.8 Technological Controls MOC
- A.8 Technological Controls Implementation Guide
- A.8 Technological Controls Audit Guide
- A.8 Technological Controls Implementation Audit Risk Mapping
- ISO 27002 Annex A Control Interpretation Map
- Templates MOC