What the auditor wants to verify
Audit objective
Verify that information stored on, processed by, or accessible through user endpoint devices is protected by policy, baseline controls, technical enforcement, and user awareness.
Evidence to request
| Evidence | Purpose |
|---|---|
| Endpoint policy/standard | Shows endpoint rules are defined |
| Endpoint inventory | Shows devices are known |
| MDM/endpoint compliance reports | Shows technical controls are enforced |
| Patch/EDR/encryption reports | Shows baseline security status |
| Remote access configuration/logs | Shows secure access controls |
| BYOD enrollment/removal records | Shows personal-device control |
| Loss/theft response records | Shows incident response readiness |
| User training records | Shows awareness |
Strong evidence
- Device inventory includes managed and BYOD endpoints.
- Compliance reports show patching, encryption, screen lock, and malware/EDR status.
- Remote access requires strong authentication and approved connection methods.
- Users know loss/theft reporting steps.
- BYOD access is governed and removable.
Weak evidence
- Policy exists but no device compliance data exists.
- BYOD is allowed informally.
- Users can disable lock screens.
- Patch status is unknown.
- Lost device process is not understood.
Sample interview questions
- What devices are allowed to access organizational information?
- What should you do if a laptop or phone is lost?
- Can you store work data locally?
- Which networks are safe for remote access?
- What endpoint controls are mandatory?
Common nonconformities
- Endpoint inventory incomplete.
- Unmanaged BYOD access.
- Encryption not enforced.
- Screen lock disabled or weak timeout.
- Remote access allowed from non-compliant devices.
- User training missing.
Related notes
- Audit
- Evidence
- A8 1
- Iso27001
Note Metadata
Aliases: A.8.1 Evidence
Source: 04 Audit Evidence Packs/A.8.1 Audit Evidence Pack.md
Graph-sourced resources
Templates and evidence
Auditor evidence packs
Evidence collections and audit-facing verification material.
Related Notes
- Audit Evidence MOC
- ISO 27001 A.8.1 - User End Point Devices
- A.8 Technological Controls Audit Guide
- ISO27001-A.8.1 User End Point Devices
- A.8.1 Audit Checklist
- Endpoint Device Inventory and Compliance Register
- Endpoint Device Security Standard
- Endpoint Loss or Theft Response Checklist
- Remote Access and Endpoint Connection Checklist
- Audit Evidence Index