Sending unvetted data to auditors
Auditors love when you send raw or unvetted data. It gives them the opportunity to expand their inquiry, look for outliers, and enhance scope.
Properly vetted data means having the ability to defend your results. Anomalies you cannot explain or defend only lend credence to the inquiry and give auditors confidence to increase their demands.
- Use your own scan tools, not auditor-provided tools and scripts
- Restrict data to requested fields
- Filter results to publishers and products in scope
- Note multiple versions of the same product
- Identify false positives like trial versions
- Remove duplicates