UnixTime

Research Note

A.5.13 Audit Checklist

Use this during internal audits to verify that information labelling procedures are defined and implemented in line with the classification scheme.

On this page

When to use this

Practical use

Use this as a working artifact. Fill it with real owners, dates, decisions, evidence locations, and review status.

Use this during internal audits to verify that information labelling procedures are defined and implemented in line with the classification scheme.

Checklist

  • Labelling procedure is documented.
  • Labelling procedure aligns with the classification scheme.
  • Labelling rules cover physical documents.
  • Labelling rules cover digital documents, repositories, systems, or metadata where relevant.
  • Labels are prominent or otherwise actionable.
  • Labels represent the most sensitive information in the container where practical.
  • Labels persist when information is printed, exported, emailed, or transferred where practical.
  • Exceptions for disguised or restricted labelling are justified and controlled.
  • External labels are interpreted or mapped.
  • Users understand how to apply and interpret labels.
  • Expiry or review dates are used where useful.
  • Iso27001
  • ISO27002
  • Template
  • Audit
  • A5 13

Note Metadata

Aliases: A.5.13 Checklist

Source: 90 Templates/A.5.13 Audit Checklist.md

Graph-sourced resources

Templates and evidence

Auditor evidence packs

Evidence collections and audit-facing verification material.