“While the concept of manual inspections and human reviews is simple, they can be among the most powerful and effective techniques available”
Source: OWASP Testing Guide version 4

Is your system and application documentation up-to-date?

Does it include:

  • Security requirements,
  • Hardening settings,
  • Operational procedures

Are your systems and applications installed and configured according security best practices and in-line with your Security Policies and the applicable Compliance regulations.

A documentation review will show:

  • If your security policies and relevant compliance regulations are used as input for system and application hardening.
  • If your documentation is up-to-date.
  • Security ‘best-practices’ are selected and applied.,
  • Which low scored topics are to be addressed in Security Awareness training