Audit Preparation

Before engaging with an audit team, consider the following key questions to ensure the audit process is focused and effective. This checklist is valuable not only for the Secure3 team and auditor community but also for other reputable auditing firms.

Checklist

• Project Architecture: What is the project's general architectural structure and system design?

• Roles & Workflows: What are the roles in the product and the use cases and workflow for each role?

• Critical Attack Vectors: Which function's or module's attack vector do you have the most concern about?

• Focus Areas: Which parts of the system that you want the auditors to focus on?

• Trust Model: What is the trust setup of the system? Should all centralized roles and components be trusted?

• Known Vulnerabilities: List all the vulnerabilities that are not accepted or already known to the team.

• Additional Documentation: Is there any other information or docs the auditor should know?