Identifying information security risk for web
applications requires a comprehensive and thorough
analysis. This checklist includes information and
documents which would typically form a request at the
start of a due diligence investigation. The check list
is not necessarily complete – depending on the
situation, the application, the company or what is
identified it may lead to further areas of
investigation. pdf