- Evidence of implementation of all applicable requirements
- Evidence you are in full control of your environment and responsibility areas
- Evidence you abide by your procedures and maintain documentation under your responsibilities.
Have your evidences handy
About the evidence freshness
Auditors are very fond of fresh evidences (not older than 2-3 months), hence you should be ready to regenerate them on the spot.
Last recommendations before audit
- BE PREPARED, BE PREPARED and BE PREPARED
- BE acquainted with the CONTENT of procedures associated to YOUR roles. YOU MUST BE ABLE TO PRESENT AND EXPLAIN THOSE PROCEDURES
- BE acquainted with the CONTENT of security policies. YOU MUST BE ABLE TO PRESENT AND EXPLAIN POLICIES ASSOCIATED TO YOUR ROLE
- BE acquainted with the CONTENT of the security/PCI Awareness sessions.
- BE acquainted with the CONTENT OF The software development life cycle (ONLY FOR developers and testers)
- BE familiar with evidences associated to your role. Use the evidences book as support.
- Introduce yourself with your roles and responsibilities for the topic addressed
- Get all your support materials handy.
- IF asked to demonstrate / show something, details what you are doing to keep active communication with the auditors.
- Whenever possible perform ONLINE /LIVE demonstration as its helps to increase auditors confidence.
- ALWAYS provide clear and straight answers to questions BUT keep your tongue under control. Should the auditors require more information, wait to be asked for.
- Be structured in your presentation and responses.
- Use language level you would adopt with a six years old child. Prevent usage of terminologies that would not be familiar to the auditors or explain.
- For documents under your responsibilities: standard, procedure, policies mention clearly that those document are regularly reviewed and updates to reflect changes.
- REHEARSE ONCE MORE TIME on your side.