UnixTime

Research Note

A.5.24 Audit Checklist

Use this during internal audits to verify that incident management planning and preparation are defined, communicated, and ready to operate.

On this page

When to use this

Practical use

Use this as a working artifact. Fill it with real owners, dates, decisions, evidence locations, and review status.

Use this during internal audits to verify that incident management planning and preparation are defined, communicated, and ready to operate.

Checklist

  • Incident management process exists.
  • Incident roles and responsibilities are defined.
  • Reporting channels are communicated.
  • Event and weakness reporting is covered.
  • Triage and classification criteria are defined.
  • Escalation criteria are defined.
  • Investigation and recovery processes are defined.
  • Communication responsibilities are defined.
  • Evidence preservation expectations are defined.
  • Incident exercises or tabletop tests are performed.
  • Incident register exists.
  • Lessons learned are captured.
  • Corrective actions are tracked.
  • Supplier/cloud incidents are integrated where relevant.
  • Iso27001
  • ISO27002
  • Template
  • Audit
  • A5 24

Note Metadata

Aliases: A.5.24 Checklist

Source: 90 Templates/A.5.24 Audit Checklist.md

Graph-sourced resources

Templates and evidence

Auditor evidence packs

Evidence collections and audit-facing verification material.