UnixTime

Research Note

A.7.10 Audit Evidence Pack

- Media handling follows classification. - Media is inventoried and labelled where appropriate. - Dispatches are authorized and recorded. - Sensitive media is protected during t...

On this page

What the auditor wants to verify

Audit objective

Verify that storage media is managed through acquisition, use, transportation, and disposal according to classification and handling requirements.

Evidence to request

Evidence Purpose
Storage media handling procedure Shows lifecycle controls are defined
Approved media list Shows media use is controlled
Media inventory Shows media is accountable
Media movement log Shows removal and transport are authorized
Transport/courier records Shows protection during transit
Encryption/key handling records Shows confidentiality controls are applied correctly
Disposal/destruction records Shows media is erased or destroyed
Damaged media decision records Shows repair/disposal risk is assessed
Staff interview evidence Shows awareness of handling rules

Strong evidence

Strong evidence test

Strong evidence traces media from approved use through movement, transport, erasure, destruction, and exception handling.

  • Media handling follows classification.
  • Media is inventoried and labelled where appropriate.
  • Dispatches are authorized and recorded.
  • Sensitive media is protected during transport.
  • Encryption keys are separated from encrypted media.
  • Destruction records are item-specific and traceable.
  • Damaged media is risk-assessed before repair or return.

Weak evidence

Weak evidence warning

Weak evidence shows media exists but not that custody, transport, and disposal are controlled.

  • Staff use unapproved USB drives.
  • Media inventory is incomplete.
  • Courier transport is not risk-assessed.
  • Disposal certificates are generic.
  • Damaged drives are sent for repair without assessment.
  • Keys travel with encrypted media.

Sample interview questions

  • Which storage media types are approved?
  • How is media labelled and inventoried?
  • How is media removal authorized?
  • How do you choose transport controls?
  • Are encryption keys transported separately?
  • How is media erased before reuse or disposal?
  • What happens to damaged media containing sensitive data?

Common nonconformities

  • Approved media rules missing.
  • Media movement not logged.
  • Sensitive media transported without suitable protection.
  • Disposal/destruction not traceable.
  • Damaged media sent externally without risk assessment.
  • Media handling not linked to classification.
  • Iso27001
  • ISO27002
  • Audit
  • Evidence
  • A7 10

Note Metadata

Aliases: A.7.10 Evidence

Source: 04 Audit Evidence Packs/A.7.10 Audit Evidence Pack.md

Graph-sourced resources

Templates and evidence

Auditor evidence packs

Evidence collections and audit-facing verification material.