When to use this
Use this record to document secure code review, reviewer independence, findings, and remediation.
Related controls
Review record
| Review ID | Component | Reviewer | Author | Review type | Findings | Severity | Remediation owner | Closure evidence |
|---|---|---|---|---|---|---|---|---|
| TBD | TBD | TBD | TBD | Manual / automated / both | TBD | TBD | TBD | TBD |
Minimum checks
- Reviewer competence confirmed.
- Review is not solely by the author.
- Findings are risk-rated.
- Findings are tracked to closure.
- Accepted risks are approved.
- Template
- Iso27001
- Technological controls
- Secure code review
Note Metadata
Aliases: Code Security Review Record
Source: 90 Templates/Secure Code Review Record.md
Related Notes
- A.8.25 Audit Evidence Pack
- A.8.28 Audit Evidence Pack
- ISO 27001 A.8.25 - Secure Development Life Cycle
- ISO 27001 A.8.28 - Secure Coding
- ISO 27001 A.8.4 - Access to Source Code
- A.8 Technological Controls MOC
- A.8 Technological Controls Implementation Guide
- A.8 Technological Controls Audit Guide
- A.8 Technological Controls Implementation Audit Risk Mapping
- A.8.25 Audit Checklist
- A.8.28 Audit Checklist
- AI-Generated Code Security Review Checklist
- Secure Coding Compliance Review Checklist
- Templates MOC