UnixTime

Research Note

A.5.37 Audit Checklist

Use this during internal audits to test whether A.5.37 Documented Operating Procedures is designed, implemented, operating, and evidenced.

On this page

When to use this

Practical use

Use this as a working artifact. Fill it with real owners, dates, decisions, evidence locations, and review status.

Use this during internal audits to test whether A.5.37 Documented Operating Procedures is designed, implemented, operating, and evidenced.

Audit checklist

  • Operating procedure register lists procedures, owners, approvers, users, scope, version, review date, and storage location.
  • Procedures cover relevant day-to-day and infrequent operational activities.
  • Procedure documents have version control, approval, change history, and access protection.
  • Personnel can find the current approved procedure and explain when to use it.
  • Supplier or outsourced operating procedures are available and aligned with contracts/service requirements.
  • Compliance checks show procedures are followed and bypasses are identified.

Evidence requested

  • Review/procedure/register reviewed.
  • Responsible owner interviewed.
  • Sample records selected.
  • Evidence location recorded.
  • Gaps converted into findings or corrective actions.
  • Iso27001
  • ISO27002
  • Template
  • Audit
  • A5 37

Note Metadata

Aliases: A.5.37 Checklist

Source: 90 Templates/A.5.37 Audit Checklist.md

Graph-sourced resources

Templates and evidence

Auditor evidence packs

Evidence collections and audit-facing verification material.