When to use this
Practical use
Use this as a working artifact. Fill it with real owners, dates, decisions, evidence locations, and review status.
Use this during internal audits to verify that information classification is defined, implemented, understood, and maintained.
Checklist
- Classification scheme is documented.
- Classification levels are clear and distinct.
- Scheme considers confidentiality, integrity, availability, and interested-party requirements.
- Default classification rules are defined.
- Asset owner responsibility for classification is defined.
- Information assets in scope have classification assigned.
- Handling requirements are defined for each classification.
- Staff are trained on classification meanings.
- Classifications are reviewed, upgraded, downgraded, or expired when needed.
- External or client classification labels are mapped or interpreted.
- Sampled information is classified consistently.
Related notes
- Iso27001
- ISO27002
- Template
- Audit
- A5 12
Note Metadata
Aliases: A.5.12 Checklist
Source: 90 Templates/A.5.12 Audit Checklist.md
Graph-sourced resources
Templates and evidence
Auditor evidence packs
Evidence collections and audit-facing verification material.