When to use this
Practical use
Use this as a working artifact. Fill it with real owners, dates, decisions, evidence locations, and review status.
Use this during internal audits to test whether A.5.37 Documented Operating Procedures is designed, implemented, operating, and evidenced.
Audit checklist
- Operating procedure register lists procedures, owners, approvers, users, scope, version, review date, and storage location.
- Procedures cover relevant day-to-day and infrequent operational activities.
- Procedure documents have version control, approval, change history, and access protection.
- Personnel can find the current approved procedure and explain when to use it.
- Supplier or outsourced operating procedures are available and aligned with contracts/service requirements.
- Compliance checks show procedures are followed and bypasses are identified.
Evidence requested
- Review/procedure/register reviewed.
- Responsible owner interviewed.
- Sample records selected.
- Evidence location recorded.
- Gaps converted into findings or corrective actions.
Related notes
- Iso27001
- ISO27002
- Template
- Audit
- A5 37
Note Metadata
Aliases: A.5.37 Checklist
Source: 90 Templates/A.5.37 Audit Checklist.md
Graph-sourced resources
Templates and evidence
Auditor evidence packs
Evidence collections and audit-facing verification material.