Related control
A.5.4 Management Responsibilities
| Audit test | Evidence to request | Good evidence |
|---|---|---|
| Managers understand responsibilities | Manager interviews | Managers can explain security duties |
| Security is communicated | Meeting agendas, emails, briefings | Security appears in routine communications |
| Managers enforce training | LMS reports, escalation emails | Managers follow up on non-completion |
| Managers lead by example | Interviews, observation, compliance records | Senior staff follow same rules |
| Non-compliance is addressed | Remedial training, HR records, corrective actions | Issues are corrected and tracked |
| Security is part of day-to-day work | Procedures, sign-offs, operational records | Managers verify controls during normal work |
| Awareness effectiveness is reviewed | Phishing tests, awareness metrics | Results lead to follow-up actions |
| Personnel feel security is supported | Staff interviews | Employees say management takes security seriously |
| Positive behavior is encouraged | Recognition, suggestion programs | Good practices are reinforced |
- ISO27001
- ISO27002
- Template
- Audit
- Management
- A5 4
Note Metadata
Aliases: A.5.4 Audit Checklist
Source: 90 Templates/A.5.4 Audit Checklist.md