When to use this
Practical use
Use this as a working artifact. Fill it with real owners, dates, decisions, evidence locations, and review status.
Use this during internal audits to verify that threat information is collected, analyzed, contextualized, and used to support ISMS decisions.
Checklist
- Threat intelligence process is defined.
- Threat sources are identified and owned.
- Threat information is triaged for relevance.
- Source reliability or confidence is assessed.
- Intelligence is linked to organizational context, assets, risks, or controls.
- Relevant intelligence feeds risk assessment or risk treatment.
- Control, monitoring, vulnerability, or incident-response updates are recorded where needed.
- Management receives threat briefings where business impact is material.
- Staff performing research have guidance on legal, privacy, and information leakage risks.
- Recent intelligence records show decisions or justified no-action outcomes.
Related notes
- Iso27001
- ISO27002
- Template
- Audit
- A5 7
Note Metadata
Aliases: A.5.7 Checklist
Source: 90 Templates/A.5.7 Audit Checklist.md
Graph-sourced resources
Templates and evidence
Auditor evidence packs
Evidence collections and audit-facing verification material.