When to use this
Practical use
Use this as a working artifact. Fill it with real owners, dates, decisions, evidence locations, and review status.
Use this during internal audits to test whether A.5.35 Independent Review of Information Security is designed, implemented, operating, and evidenced.
Audit checklist
- Independent review schedule defines scope, frequency, reviewer independence, criteria, and reporting route.
- Review records cover people, processes, technologies, ISMS approach, and implementation evidence.
- Supplementary review triggers are linked to change and incident management processes.
- Reviewer independence is documented and appropriate for the scope.
- Findings are tracked to corrective actions, owners, due dates, closure evidence, and effectiveness checks.
- Results are reported to management and considered in management review.
Evidence requested
- Review/procedure/register reviewed.
- Responsible owner interviewed.
- Sample records selected.
- Evidence location recorded.
- Gaps converted into findings or corrective actions.
Related notes
- Iso27001
- ISO27002
- Template
- Audit
- A5 35
Note Metadata
Aliases: A.5.35 Checklist
Source: 90 Templates/A.5.35 Audit Checklist.md
Graph-sourced resources
Templates and evidence
Auditor evidence packs
Evidence collections and audit-facing verification material.