When to use this
Use this checklist during an internal audit of disciplinary handling for information security policy violations.
Related controls
- A.6.4 Disciplinary Process
- A.6.4 Audit Evidence Pack
- Disciplinary Process Checklist
- Policy Violation and Disciplinary Action Register
Audit checklist
- Confirm disciplinary process is documented and communicated.
- Confirm security policy violations are covered.
- Confirm criteria define when action is triggered.
- Sample incidents/policy violations and test whether criteria were applied.
- Check whether sufficient evidence existed before action.
- Check proportionality and consistency of outcomes.
- Verify follow-up actions were completed.
- Confirm contractor or third-party violation route exists.
- Interview HR, legal, security, managers, and sampled personnel.
- Record nonconformities, observations, and improvement actions.
Findings table
| Sample | Expected evidence | Observed evidence | Gap | Finding type | Action owner |
|---|---|---|---|---|---|
| TBD | TBD | TBD | TBD | NC / observation / conforming | TBD |
- Iso27001
- ISO27002
- Template
- Audit
- A6 4
Note Metadata
Aliases: A.6.4 Disciplinary Process Audit Checklist
Source: 90 Templates/A.6.4 Audit Checklist.md
Graph-sourced resources
Templates and evidence
Auditor evidence packs
Evidence collections and audit-facing verification material.
Related Notes
- ISO 27001 A.6.4 - Disciplinary Process
- A.6 People Controls MOC
- A.6.4 Audit Evidence Pack
- Audit Evidence MOC
- AQ-ISO27001-A.6.4 Disciplinary Process
- A.6 People Controls Audit Guide
- A.6 People Controls Implementation Audit Risk Mapping
- Disciplinary Process Checklist
- Policy Violation and Disciplinary Action Register
- Audit Evidence Index
- Templates MOC