Have to Follow - Internal Audits
๐ Internal Audit Plan (You Can Start With This)
Roles Involved:
CTO or Engineering Lead (Audit Owner)
DevOps or Security Engineer (Reviewer)
Product/Support Lead (User-facing audit areas)
Audit Checklist (Quarterly):
โ CI/CD pipeline access and permission checks
โ GitHub repo scanning for secrets or misconfigurations
โ Access logs review for production systems
โ Third-party service usage and dependency review
โ Ticketing system SLA compliance check (e.g. response and resolution times)
Tools You Can Use:
GitHub Code Scanning
Dependabot or Snyk (for dependency audits)
Postman/New Relic/DataDog (for monitoring & API checks)
Google Sheets or Notion (for logging audit reports)