Audit Packet Checklist (48-hour evidence readiness) — ChoicePoint (FTC 2006)

If examined (regulator, auditor, litigation), you should be able to produce the following within 48 hours.

A) Architecture + boundaries

• Subscriber-onboarding process maps and data-access boundary diagrams.
• Customer verification control inventory and ownership matrix.
• Exception register for onboarding shortcuts with compensating controls and expiry.

B) Change control proof

• Change approvals for onboarding verification controls and fraud-screening workflows.
• Emergency change logs tied to fraud-onboarding risk mitigation actions.
• Ticket evidence linking control changes to documented risk findings.

C) IAM least privilege proof

• Access inventory for systems handling sensitive consumer records.
• Periodic access reviews and remediation evidence for excessive permissions.
• Credential governance and privileged-account monitoring evidence.

D) Logging + monitoring proof

• Log-source coverage for onboarding actions, authentication events, and data queries.
• Retention policies and tamper-evidence controls for investigative logs.
• Detection/alert artifacts for suspicious customer account creation patterns.

E) Risk management & governance

• Risk-register entries for fraudulent customer onboarding and unauthorized data access.
• Governance reporting packets tracking FTC-order control commitments.
• Independent assessment reports and remediation closure documents.

F) Incident response readiness

• IR runbooks for fraudulent-account abuse and sensitive-data misuse events.
• Evidence chain-of-custody records for law-enforcement and regulator support.
• Tabletop outputs focused on onboarding fraud and escalation timeliness.