When to use this
Practical use
Use this as a working artifact. Fill it with real owners, dates, decisions, evidence locations, and review status.
Use this during internal audits to verify that the organization maintains relevant external security knowledge contacts and uses received information appropriately.
Checklist
- Relevant groups, forums, associations, or advisory sources are identified.
- Participation is proportionate to organization size, sector, and risk.
- Owners are assigned for each group or source.
- Participation or monitoring records exist.
- Confidentiality and disclosure rules are documented.
- Useful information is shared internally.
- External information influences risk assessment, controls, awareness, or management reporting where relevant.
- Membership or participation value is reviewed periodically.
- Personnel can explain what they receive and how it is used.
Related notes
- Iso27001
- ISO27002
- Template
- Audit
- A5 6
Note Metadata
Aliases: A.5.6 Checklist
Source: 90 Templates/A.5.6 Audit Checklist.md
Graph-sourced resources
Templates and evidence
Auditor evidence packs
Evidence collections and audit-facing verification material.