When to use this
Practical use
Use this as a working artifact. Fill it with real owners, dates, decisions, evidence locations, and review status.
Use this during internal audits to verify that acceptable use and handling rules are defined, acknowledged, implemented, and enforced.
Checklist
- Acceptable use rules are documented.
- Rules define intended use and limits for relevant assets.
- Handling procedures exist for sensitive information.
- Handling procedures align with classification labels.
- Employees, contractors, and third-party users are covered where relevant.
- Users acknowledge rules before access.
- Logon or access warning messages are used where appropriate.
- Controls exist to detect misuse.
- Incident and disciplinary processes address deliberate and inadvertent misuse.
- Sensitive information handling is followed in practice.
- External-party agreements support handling requirements.
- Incident lessons update rules or communication where needed.
Related notes
- Iso27001
- ISO27002
- Template
- Audit
- A5 10
Note Metadata
Aliases: A.5.10 Checklist
Source: 90 Templates/A.5.10 Audit Checklist.md
Graph-sourced resources
Templates and evidence
Auditor evidence packs
Evidence collections and audit-facing verification material.