When to use this
Use this register to record source repositories, access rights, owner approvals, and periodic review status.
Related controls
Register
| Repository/tool | Owner | User/group | Access level | Business need | Approved by | MFA required? | Last reviewed | Status |
|---|---|---|---|---|---|---|---|---|
| TBD | TBD | TBD | Read/write/merge/admin/build/release | TBD | TBD | Yes/No | TBD | Active/revoked |
Minimum checks
- Read/write/merge/admin rights are separated.
- Access is based on business need.
- MFA is required for repository/tool access where appropriate.
- Access review is scheduled.
- Leaver and role-change removal is covered.
- Template
- Iso27001
- Technological controls
- Source code
Note Metadata
Aliases: Repository Access Register
Source: 90 Templates/Source Code Access Register.md
Related Notes
- A.8.4 Audit Evidence Pack
- ISO 27001 A.8.2 - Privileged Access Rights
- ISO 27001 A.8.3 - Information Access Restriction
- ISO 27001 A.8.4 - Access to Source Code
- A.8 Technological Controls MOC
- A.8 Technological Controls Implementation Guide
- A.8 Technological Controls Audit Guide
- A.8 Technological Controls Implementation Audit Risk Mapping
- ISO 27002 Annex A Control Interpretation Map
- A.8.4 Audit Checklist
- Development Tool and Library Integrity Checklist
- Templates MOC