Press Release


 ISACA Issues Audit and Assurance Program for Application Containers 

Schaumburg, IL, USA (9 August 2018) – To help IT auditors ensure that data integrity is preserved through application containerization process, ISACA has released the Application Container Audit/Assurance Program for organizations involved in application container deployments.

The latest release extends ISACA’s leadership and toolkits in the audit and assurance arena, targeting one of the most challenging processes in the IT enterprise. Through application containerization, more applications can be hosted in an environment without more servers, potentially cutting costs and increasing speed behind application deployment. Yet, organizations can risk consistency and reliability when migrating software from one computing environment to another. Application containers, which include the application and all dependencies, help mitigate this challenge.

When used by audit professionals, the ISACA program audits and provides greater assurance that application containers are maintaining data and software application consistency and reliability, and addresses preservation of data integrity through all phases of application containerization. Tests are conducted in the following areas:

  • Risk Analysis and Management
  • Security Awareness and Training
  • Images
  • Registry
  • Orchestrator
  • Application Security During Development
  • Secure Connections
  • Hardening
  • Container Destruction

Assurance in areas around clarity in roles and responsibility, safeguarding the host operating system and mitigation of risks and confidentiality of network traffic are also included. The audit program tackles the host operating system, network, container runtime and images of application containers including, but not limited to technologies such as Docker and Rocket. ISACA’s newest audit/assurance program also covers business impact and risk.

“Application containers let developers easily modify and test because applications are siloed in their own containers. So, containerization supports continuous deployment,” said Robin Lyons, ISACA Technical Research Manager and Lead Developer for the audit/assurance programs.

ISACA audit programs have been developed and reviewed by audit/assurance professionals worldwide and include an Excel spreadsheet, customizable for each individual assurance process environment. The Application Container Audit/Assurance Program is complimentary for ISACA members and $50 for nonmembers. For more information on ISACA’s audit and assurance programs, please visit


Nearing its 50th year, ISACA ( is a global association helping individuals and enterprises achieve the positive potential of technology. Today’s world is powered by technology, and ISACA equips professionals with the knowledge, credentials, education and community to advance their careers and transform their organizations. ISACA leverages the expertise of its 450,000 engaged professionals in information and cybersecurity, governance, assurance, risk and innovation, as well as its enterprise performance subsidiary, CMMI Institute, to help advance innovation through technology. ISACA has a presence in more than 188 countries, including 217 chapters worldwide and offices in both the United States and China.


Press Contacts:

Michelle Micor, +1.847.385.7217,
Kristen Kessinger, +1.847.660.5512,