UnixTime

Research Note

A.5.35 Audit Checklist

Use this during internal audits to test whether A.5.35 Independent Review of Information Security is designed, implemented, operating, and evidenced.

On this page

When to use this

Practical use

Use this as a working artifact. Fill it with real owners, dates, decisions, evidence locations, and review status.

Use this during internal audits to test whether A.5.35 Independent Review of Information Security is designed, implemented, operating, and evidenced.

Audit checklist

  • Independent review schedule defines scope, frequency, reviewer independence, criteria, and reporting route.
  • Review records cover people, processes, technologies, ISMS approach, and implementation evidence.
  • Supplementary review triggers are linked to change and incident management processes.
  • Reviewer independence is documented and appropriate for the scope.
  • Findings are tracked to corrective actions, owners, due dates, closure evidence, and effectiveness checks.
  • Results are reported to management and considered in management review.

Evidence requested

  • Review/procedure/register reviewed.
  • Responsible owner interviewed.
  • Sample records selected.
  • Evidence location recorded.
  • Gaps converted into findings or corrective actions.
  • Iso27001
  • ISO27002
  • Template
  • Audit
  • A5 35

Note Metadata

Aliases: A.5.35 Checklist

Source: 90 Templates/A.5.35 Audit Checklist.md

Graph-sourced resources

Templates and evidence

Auditor evidence packs

Evidence collections and audit-facing verification material.