Glossary

Audit evidence

Audit evidence is the proof that a control actually operated: the access review that was performed, the log that recorded an event, the approval on a change. An auditor does not take your word that a control works; they sample evidence that it did, across a period.

In code

A lot of evidence is produced by code (the audit log is the evidence for a logging control), so a change that stops producing it removes the evidence as well as weakening the control. Catching the change at the diff keeps the evidence trail intact.

Manifesto: the audit is a lagging indicator
ISO 27001 A.8.15 in code

Get early access ← All terms