When to use this
Practical use
Use this as a working artifact. Fill it with real owners, dates, decisions, evidence locations, and review status.
Use this during internal audits to test whether relevant authority contacts are identified, maintained, authorized, and usable.
Checklist
- Relevant authorities are identified from legal, regulatory, contractual, operational, and incident-response requirements.
- Authority contact register exists.
- Each contact has a defined purpose.
- Contact triggers are documented.
- Primary and backup liaisons are assigned.
- Communication approval requirements are defined.
- Disclosure rules prevent unauthorized sharing of sensitive information.
- Contact details are reviewed and updated periodically.
- Incident response or continuity plans reference authority contact steps.
- Contact paths are tested where practical.
- Records exist for actual authority communications, if any.
- Interviewed personnel know how authority contact is initiated.
Related notes
- Iso27001
- ISO27002
- Template
- Audit
- A5 5
Note Metadata
Aliases: A.5.5 Checklist
Source: 90 Templates/A.5.5 Audit Checklist.md
Graph-sourced resources
Templates and evidence
Auditor evidence packs
Evidence collections and audit-facing verification material.