UnixTime

Research Note

A.6.1 Audit Checklist

- Confirm the organization has a documented screening procedure. - Confirm screening applies to employees, contractors, temporary staff, and third-party users in ISMS scope. - C...

On this page

When to use this

Use this checklist during an internal audit of personnel screening controls.

Audit checklist

  • Confirm the organization has a documented screening procedure.
  • Confirm screening applies to employees, contractors, temporary staff, and third-party users in ISMS scope.
  • Confirm screening depth is risk-based and proportional.
  • Sample personnel files and verify checks were completed before joining or sensitive access.
  • Check whether candidate-provided documents were independently verified where permitted.
  • Check whether employment gaps or irregularities were documented and followed up.
  • Interview HR, recruitment staff, and hiring managers on responsibilities.
  • Confirm screening evidence is protected as personal data.
  • Check whether rescreening or updated checks occur for higher-risk role changes where justified.
  • Record nonconformities, observations, and improvement actions.

Findings table

Sample Expected evidence Observed evidence Gap Finding type Action owner
TBD TBD TBD TBD NC / observation / conforming TBD
  • Iso27001
  • ISO27002
  • Template
  • Audit
  • A6 1

Note Metadata

Aliases: A.6.1 Screening Audit Checklist

Source: 90 Templates/A.6.1 Audit Checklist.md

Graph-sourced resources

Templates and evidence

Auditor evidence packs

Evidence collections and audit-facing verification material.