UnixTime

Research Note

A.5.15 Audit Checklist

Use this during internal audits to verify that physical and logical access controls are defined, implemented, approved, and reviewed.

On this page

When to use this

Practical use

Use this as a working artifact. Fill it with real owners, dates, decisions, evidence locations, and review status.

Use this during internal audits to verify that physical and logical access controls are defined, implemented, approved, and reviewed.

Checklist

  • Access control policy exists.
  • Rules cover physical and logical access.
  • Least privilege is defined and applied.
  • Need-to-know and need-to-use are considered.
  • Access rights are based on business requirements.
  • Access is aligned with classification and handling requirements.
  • Asset owners or authorized roles approve access.
  • Role-based access profiles are used where practical.
  • Privileged access is justified and monitored.
  • Access reviews are performed periodically.
  • Leaver and mover access is updated promptly.
  • Exceptions are documented and approved.
  • Senior-user access is justified, not assumed.
  • Iso27001
  • ISO27002
  • Template
  • Audit
  • A5 15

Note Metadata

Aliases: A.5.15 Checklist

Source: 90 Templates/A.5.15 Audit Checklist.md

Graph-sourced resources

Templates and evidence

Auditor evidence packs

Evidence collections and audit-facing verification material.