UnixTime

Research Note

Template - A.5.4 Audit Checklist

Research note.

On this page

A.5.4 Management Responsibilities

Audit test Evidence to request Good evidence
Managers understand responsibilities Manager interviews Managers can explain security duties
Security is communicated Meeting agendas, emails, briefings Security appears in routine communications
Managers enforce training LMS reports, escalation emails Managers follow up on non-completion
Managers lead by example Interviews, observation, compliance records Senior staff follow same rules
Non-compliance is addressed Remedial training, HR records, corrective actions Issues are corrected and tracked
Security is part of day-to-day work Procedures, sign-offs, operational records Managers verify controls during normal work
Awareness effectiveness is reviewed Phishing tests, awareness metrics Results lead to follow-up actions
Personnel feel security is supported Staff interviews Employees say management takes security seriously
Positive behavior is encouraged Recognition, suggestion programs Good practices are reinforced
  • ISO27001
  • ISO27002
  • Template
  • Audit
  • Management
  • A5 4

Note Metadata

Aliases: A.5.4 Audit Checklist

Source: 90 Templates/A.5.4 Audit Checklist.md