When to use this
Practical use
Use this as a working artifact. Fill it with real owners, dates, decisions, evidence locations, and review status.
Use this during internal audits to verify that information transfer rules, procedures, and agreements are defined and implemented across actual transfer channels.
Checklist
- Information transfer policy or procedure exists.
- Actual transfer channels are identified.
- Rules cover internal and external transfer.
- Rules cover email, messaging, file sharing, removable media, physical transfer, verbal transfer, and third-party exchange where used.
- Transfer methods are mapped to classification or sensitivity.
- Sensitive transfer requires appropriate controls such as encryption, secure portal, logging, or recipient verification.
- Users are trained on transfer risks and approved channels.
- Third-party transfer agreements define required controls.
- Changes to transfer practice are controlled and reflected in agreements.
- Technical controls detect or prevent prohibited transfer where practical.
- External messaging platform use is restricted and monitored where applicable.
- Transfer incidents are reviewed and corrected.
Related notes
- Iso27001
- ISO27002
- Template
- Audit
- A5 14
Note Metadata
Aliases: A.5.14 Checklist
Source: 90 Templates/A.5.14 Audit Checklist.md
Graph-sourced resources
Templates and evidence
Auditor evidence packs
Evidence collections and audit-facing verification material.