UnixTime

Research Note

A.7.7 Audit Evidence Pack

- Rules cover papers, removable media, screens, printers, faxes, storage, and confidential waste. - Auto-lock settings are enforced. - Sensitive print/fax workflows are controll...

On this page

What the auditor wants to verify

Audit objective

Verify that clear desk and clear screen rules are defined, communicated, technically supported, observed, and enforced.

Evidence to request

Evidence Purpose
Clear desk and clear screen policy Shows rules are defined
Classification/handling rules Shows rules match sensitivity
Auto-lock configuration evidence Shows clear screen is technically supported
Walkthrough/inspection records Shows compliance is monitored
Printer/fax security review Shows shared output devices are controlled
Training or awareness records Shows staff understand the rules
Corrective action or sanction records Shows repeated non-compliance is handled

Strong evidence

Strong evidence test

Strong evidence combines documented rules, technical settings, observation, awareness, and enforcement.

  • Rules cover papers, removable media, screens, printers, faxes, storage, and confidential waste.
  • Auto-lock settings are enforced.
  • Sensitive print/fax workflows are controlled.
  • Walkthroughs show staff behavior matches the rules.
  • Repeated non-compliance results in fair corrective action.

Weak evidence

Weak evidence warning

Weak evidence is a policy with no observed behavior or technical enforcement behind it.

  • Policy exists but no inspections occur.
  • Screens do not lock automatically.
  • Printers contain uncollected sensitive documents.
  • Staff do not know how to use secure printing.
  • Visitor or cleaner exposure is not considered.
  • Enforcement is inconsistent.

Sample interview questions

  • What must be cleared from your desk before leaving?
  • How quickly does your screen lock?
  • What do you do when visitors enter while sensitive data is visible?
  • How do you print sensitive documents securely?
  • Where should removable media be stored?
  • What happens after repeated non-compliance?

Common nonconformities

  • Clear desk/clear screen policy missing or generic.
  • Auto-lock settings not enforced.
  • Sensitive papers left unattended.
  • Printers/faxes expose output.
  • No visitor or cleaner exposure process.
  • No monitoring or fair enforcement.
  • Iso27001
  • ISO27002
  • Audit
  • Evidence
  • A7 7

Note Metadata

Aliases: A.7.7 Evidence

Source: 04 Audit Evidence Packs/A.7.7 Audit Evidence Pack.md

Graph-sourced resources

Templates and evidence

Auditor evidence packs

Evidence collections and audit-facing verification material.