When to use this
Practical use
Use this as a working artifact. Fill it with real owners, dates, decisions, evidence locations, and review status.
Use this during internal audits to verify that information and associated assets are inventoried, owned, maintained, and protected.
Checklist
- Inventory includes information assets in technical and non-technical formats.
- Inventory includes associated physical, virtual, software, service, process, media, contract, and documentation assets where relevant.
- Important assets have assigned owners.
- Custodians are assigned where daily protection is delegated.
- Owners understand their responsibilities.
- Inventory contains business value or criticality.
- Inventory contains security classification.
- Inventory records location or hosting.
- Inventory records special requirements such as personal data or regulated data.
- Inventory records backup and disaster recovery arrangements.
- Inventory records retention period or lifespan.
- Software licensing information is tracked where applicable.
- Disposals are recorded with date, method, approval, and recipient/vendor.
- Project, change, procurement, and disposal processes update the inventory.
- Inventory accuracy is checked periodically.
- Inventory itself is protected by access control and backup.
Related notes
- Iso27001
- ISO27002
- Template
- Audit
- A5 9
Note Metadata
Aliases: A.5.9 Checklist
Source: 90 Templates/A.5.9 Audit Checklist.md
Graph-sourced resources
Templates and evidence
Auditor evidence packs
Evidence collections and audit-facing verification material.