UnixTime

Research Note

A.5.6 Audit Checklist

Use this during internal audits to verify that the organization maintains relevant external security knowledge contacts and uses received information appropriately.

On this page

When to use this

Practical use

Use this as a working artifact. Fill it with real owners, dates, decisions, evidence locations, and review status.

Use this during internal audits to verify that the organization maintains relevant external security knowledge contacts and uses received information appropriately.

Checklist

  • Relevant groups, forums, associations, or advisory sources are identified.
  • Participation is proportionate to organization size, sector, and risk.
  • Owners are assigned for each group or source.
  • Participation or monitoring records exist.
  • Confidentiality and disclosure rules are documented.
  • Useful information is shared internally.
  • External information influences risk assessment, controls, awareness, or management reporting where relevant.
  • Membership or participation value is reviewed periodically.
  • Personnel can explain what they receive and how it is used.
  • Iso27001
  • ISO27002
  • Template
  • Audit
  • A5 6

Note Metadata

Aliases: A.5.6 Checklist

Source: 90 Templates/A.5.6 Audit Checklist.md

Graph-sourced resources

Templates and evidence

Auditor evidence packs

Evidence collections and audit-facing verification material.