UnixTime

Research Note

A.5.10 Audit Checklist

Use this during internal audits to verify that acceptable use and handling rules are defined, acknowledged, implemented, and enforced.

On this page

When to use this

Practical use

Use this as a working artifact. Fill it with real owners, dates, decisions, evidence locations, and review status.

Use this during internal audits to verify that acceptable use and handling rules are defined, acknowledged, implemented, and enforced.

Checklist

  • Acceptable use rules are documented.
  • Rules define intended use and limits for relevant assets.
  • Handling procedures exist for sensitive information.
  • Handling procedures align with classification labels.
  • Employees, contractors, and third-party users are covered where relevant.
  • Users acknowledge rules before access.
  • Logon or access warning messages are used where appropriate.
  • Controls exist to detect misuse.
  • Incident and disciplinary processes address deliberate and inadvertent misuse.
  • Sensitive information handling is followed in practice.
  • External-party agreements support handling requirements.
  • Incident lessons update rules or communication where needed.
  • Iso27001
  • ISO27002
  • Template
  • Audit
  • A5 10

Note Metadata

Aliases: A.5.10 Checklist

Source: 90 Templates/A.5.10 Audit Checklist.md

Graph-sourced resources

Templates and evidence

Auditor evidence packs

Evidence collections and audit-facing verification material.