Skip to content

Audit Packet Checklist (48-hour evidence readiness) — Wyndham (FTC Section 5)

If examined (regulator, auditor, litigation), you should be able to produce the following within 48 hours.

A) Architecture + boundaries

  • Network and payment-environment architecture with trust boundaries and ownership.
  • Internet-facing system inventory and segmentation-control documentation.
  • Security baseline standards plus approved exceptions and compensating controls.

B) Change control proof

  • Approved change tickets for segmentation, patching, and credential-hardening updates.
  • Emergency change and rollback records from high-risk security events.
  • PR/release evidence tying critical security fixes to approvals.

C) IAM least privilege proof

  • Privileged-role inventory for payment and reservation systems.
  • Access-review attestations and stale-access removal evidence.
  • MFA and remote-admin control evidence for high-risk accounts.

D) Logging + monitoring proof

  • Log coverage map (network, auth, endpoint, payment-system monitoring).
  • Retention and integrity evidence for logs used in FTC/compliance review.
  • Detection-rule catalog and sample incident tickets with response timing.

E) Risk management & governance

  • Risk-register entries connected to FTC allegations and injunction requirements.
  • Management and board reporting artifacts on remediation status.
  • Third-party assessments and evidence of closure for control deficiencies.

F) Incident response readiness

  • Incident-response plan and runbooks for payment-environment intrusions.
  • Forensic evidence indexes and legal-hold coordination records.
  • Exercise records demonstrating readiness for regulator and customer-notification workflows.
© 2026 Yi Zhang. Licensed under the MIT License.
Last updated: 2026 April 17 9:37 AM