Skip to main content

Skillber v1.0 is here!

Learn more

Audit Process

Checking access...

Audit Lifecycle

    graph LR
    A[Planning] --> B[Risk Assessment]
    B --> C[Evidence Collection]
    C --> D[Testing]
    D --> E[Reporting]
    E --> F[Remediation]
    F --> A
  

Evidence Collection

Auditors are evidence-driven. If it isn’t documented, it didn’t happen.

Evidence TypeExamplesCollection Method
Policy documentsSecurity policies, standards, proceduresDocument repository
Configuration exportsFirewall rules, IAM policies, encryption settingsAutomated (API/CLI)
LogsAccess logs, change logs, audit logsSIEM / log management
ScreenshotsConfigurations, dashboards, tool outputsManual (auditor walk-through)
Meeting minutesSecurity reviews, change control boardCalendar invites, meeting notes
Training recordsSecurity awareness completion, certificationLMS reports
Access review evidenceCompleted certification campaignsIGA tool exports

Managing Audit Findings

Finding SeverityAction RequiredSLA
CriticalImmediate remediation, root cause analysis30 days
HighRemediation plan with milestone dates60 days
MediumRemediation scheduled in normal planning90 days
LowAcknowledged, addressed in next planning cycle180 days
ObservationNoted for improvement, no formal remediationNext audit

Building Audit Readiness

# Automated evidence collection script (example)
#!/bin/bash
# Collect evidence for SOC 2 security criteria
# IAM evidence
aws iam list-users > evidence/iam/users.json
aws iam list-roles > evidence/iam/roles.json
# Encryption evidence
aws s3api list-buckets --query 'Buckets[].Name' | while read bucket; do
aws s3api get-bucket-encryption --bucket $bucket > "evidence/s3/${bucket}_encryption.json"
done
# Logging evidence
aws cloudtrail describe-trails > evidence/logging/cloudtrail.json
# Backup evidence
aws backup list-protected-resources > evidence/backup/resources.json
# Create evidence inventory
ls -la evidence/ > evidence_inventory.txt