Skip to content

Audit Packet Checklist (48-hour evidence readiness) — Altaba/Yahoo (SEC 2018)

If examined (regulator, auditor, litigation), you should be able to produce the following within 48 hours.

A) Architecture + boundaries

  • Incident-escalation and disclosure-control architecture for cyber event handling.
  • System inventory for data sources feeding security and disclosure decision-making.
  • Control-boundary documentation for incident materiality and reporting workflows.

B) Change control proof

  • Change records for disclosure controls, escalation criteria, and governance tooling.
  • Approval evidence for high-risk process/control changes affecting external reporting.
  • Emergency update logs with legal/finance/security sign-off records.

C) IAM least privilege proof

  • Privileged-access inventory for systems supporting incident and disclosure workflows.
  • Access-review records and remediation for over-privileged accounts.
  • Authentication and privileged-session controls for high-impact roles.

D) Logging + monitoring proof

  • Logging sources for incident detection, escalation, and disclosure decision tracking.
  • Retention and evidence-preservation controls for litigation/regulatory review.
  • Ticket samples showing triage, legal review checkpoints, and disclosure outcomes.

E) Risk management & governance

  • Risk-register entries linked to SEC disclosure-control findings and remediation.
  • Governance committee materials demonstrating periodic oversight.
  • Assessment reports and closure evidence for disclosure-governance control gaps.

F) Incident response readiness

  • Runbooks for material cyber-incident escalation and disclosure coordination.
  • Evidence preservation and legal-hold procedures for reportable events.
  • Exercise records for cross-functional disclosure decision-making readiness.
© 2026 Yi Zhang. Licensed under the MIT License.
Last updated: 2026 April 17 9:37 AM