<div>
What is the audit for? &nbsp;FISMA? SOX? PCI? HIPAA?
</div>


What is the audit for?  FISMA? SOX? PCI? HIPAA?

<div>
Many thanks for that, explains everything perfectly.
</div>


Many thanks for that, explains everything perfectly.

<div>
<div class="content wysiwyg-content">
What kind of documentation do external auditors look for when they are coming to do an application audit? &nbsp;<br />
<br />
We have been informed they are looking for how the system is managed along with the security controls that have been put in place not only on the application itself but also on the servers that support it. &nbsp;They have also mentioned that they will be reviewing supporting documentation but have not stated what.<br />
<br />
I don't really want to ask them at the moment so what kind of documentation do you think an auditor would be looking for when they come to audit a system.
</div>
</div>


What kind of documentation do external auditors look for when they are coming to do an application audit?  

We have been informed they are looking for how the system is managed along with the security controls that have been put in place not only on the application itself but also on the servers that support it.  They have also mentioned that they will be reviewing supporting documentation but have not stated what.

I don't really want to ask them at the moment so what kind of documentation do you think an auditor would be looking for when they come to audit a system.

Application/Software Documents

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.

Security

Software is any set of instructions that directs a computer to perform specific tasks or operations. Computer software consists of programs, libraries and related non-executable data (such as documentation). Computer software is non-tangible, contrasted with computer hardware, which is the physical component of computers. Software written in a machine language is known as "machine code". However, in practice, software is usually written in high-level programming languages than machine language. High-level languages are translated into machine language using a compiler or interpreter or a combination of the two.