UnixTime

Research Note

A.6.7 Audit Checklist

- Confirm remote working policy and procedures exist. - Confirm authorized remote workers, locations, activities, data, and controls are recorded. - Check remote working risk as...

On this page

When to use this

Use this checklist during an internal audit of remote working controls.

Audit checklist

  • Confirm remote working policy and procedures exist.
  • Confirm authorized remote workers, locations, activities, data, and controls are recorded.
  • Check remote working risk assessment.
  • Sample remote workers and verify control authorization.
  • Check remote equipment appears in the asset register where applicable.
  • Verify secure connection and MFA controls.
  • Verify endpoint protection, patching, encryption, and screen-lock controls.
  • Check public-location, printing, physical security, and non-work use rules.
  • Interview remote workers about allowed data, locations, and handling rules.
  • Check periodic review of remote working permissions and controls.

Findings table

Sample Expected evidence Observed evidence Gap Finding type Action owner
TBD TBD TBD TBD NC / observation / conforming TBD
  • Iso27001
  • ISO27002
  • Template
  • Audit
  • A6 7

Note Metadata

Aliases: A.6.7 Remote Working Audit Checklist

Source: 90 Templates/A.6.7 Audit Checklist.md

Graph-sourced resources

Templates and evidence

Auditor evidence packs

Evidence collections and audit-facing verification material.