APPS-8 Source Code

What is this control about?

Source Code management is an integral part of the change management process. The tracking and managing of code from a development stage to deployment to production provides the ability to resolve any conflicts (for example, not knowing which changes have been deployed or identifying incompatible changes or changes that need to be reworked) if it ever arises.

In an audit, your auditors want to understand your tracking and managing process. Most often, this is managed using a version control system. Thus, providing evidence of use of such a tool is typically sufficient for your audit documentation.

The use of a Version Control Tool is also best practice and recommended for software teams.

Available tools in the marketplace

Available templates

TrustCloud has a curated list of templates internally or externally sourced to help you get started. Click on the link for a downloadable version:

• N/A no template recommendation for this control

Control implementation

Note: This control is automated by TrustCloud. Connect your system to enjoy the benefit of automation

For a manual implementation: 

Install a version control tool and ensure that the following components are taken into account:

• Enable repo and working copies
• Enable code reviews or approvals for all changes
• Enable version history and backout ability
• Restrict the administrative access to the tool to only few and qualified individuals

What evidence do auditors look for?

Most auditors, at a minimum are looking for the below suggested action:

• Provide a screenshot of your version control tool
• Provide a list of users including admin users of the version control tool

Evidence example

From the suggested action above, an example is provided below.

1. Provide a screenshot of your version control tool

Google search

2. Provide a list of users including admin users of the version control tool

Google search