When to use this
Use this tracker to record security test findings, remediation, retesting, and residual risk acceptance.
Related controls
- A.8.29 Security Testing in Development and Acceptance
- A.8.8 Management of Technical Vulnerabilities
- Security Test Plan
Tracker
| Finding ID | System/component | Test source | Severity | Finding | Remediation owner | Due date | Retest result | Status |
|---|---|---|---|---|---|---|---|---|
| TBD | TBD | TBD | TBD | TBD | TBD | TBD | TBD | Open |
Minimum checks
- Finding is risk-rated.
- Owner is assigned.
- Due date is defined.
- Retest evidence is retained.
- Risk acceptance is approved where applicable.
- Template
- Iso27001
- Technological controls
- Security testing
Note Metadata
Aliases: Security Test Remediation Tracker
Source: 90 Templates/Security Test Results and Remediation Tracker.md
Related Notes
- A.8.29 Audit Evidence Pack
- ISO 27001 A.8.29 - Security Testing in Development and Acceptance
- ISO 27001 A.8.8 - Management of Technical Vulnerabilities
- A.8 Technological Controls MOC
- A.8 Technological Controls Implementation Guide
- A.8 Technological Controls Audit Guide
- A.8 Technological Controls Implementation Audit Risk Mapping
- A.8.29 Audit Checklist
- Security Test Plan
- Templates MOC