UnixTime

Research Note

A.6.4 Audit Checklist

Use this checklist during an internal audit of disciplinary handling for information security policy violations.

On this page

When to use this

Use this checklist during an internal audit of disciplinary handling for information security policy violations.

Audit checklist

  • Confirm disciplinary process is documented and communicated.
  • Confirm security policy violations are covered.
  • Confirm criteria define when action is triggered.
  • Sample incidents/policy violations and test whether criteria were applied.
  • Check whether sufficient evidence existed before action.
  • Check proportionality and consistency of outcomes.
  • Verify follow-up actions were completed.
  • Confirm contractor or third-party violation route exists.
  • Interview HR, legal, security, managers, and sampled personnel.
  • Record nonconformities, observations, and improvement actions.

Findings table

Sample Expected evidence Observed evidence Gap Finding type Action owner
TBD TBD TBD TBD NC / observation / conforming TBD
  • Iso27001
  • ISO27002
  • Template
  • Audit
  • A6 4

Note Metadata

Aliases: A.6.4 Disciplinary Process Audit Checklist

Source: 90 Templates/A.6.4 Audit Checklist.md

Graph-sourced resources

Templates and evidence

Auditor evidence packs

Evidence collections and audit-facing verification material.