When to use this
Practical use
Use this as a working artifact. Fill it with real owners, dates, decisions, evidence locations, and review status.
Use this during internal audits to test whether A.5.29 Information Security During Disruption is designed, implemented, operating, and evidenced.
Audit checklist
- Documented information security continuity objectives are approved by management.
- Business impact analysis includes security requirements, not only recovery timing.
- Continuity and disaster recovery plans include access control, communications, supplier, data protection, and emergency change controls.
- Security and continuity specialists both contributed to plan design or review.
- Continuity exercises include information security scenarios and responsibilities.
- Supplier continuity arrangements are reviewed for security adequacy.
Evidence requested
- Procedure or plan reviewed.
- Business owner interviewed.
- IT or continuity owner interviewed.
- Sample test or event record reviewed.
- Evidence location recorded.
- Gaps converted into findings or corrective actions.
Related notes
- Iso27001
- ISO27002
- Template
- Audit
- A5 29
Note Metadata
Aliases: A.5.29 Checklist
Source: 90 Templates/A.5.29 Audit Checklist.md
Graph-sourced resources
Templates and evidence
Auditor evidence packs
Evidence collections and audit-facing verification material.