UnixTime

Research Note

A.6.8 Audit Checklist

Use this checklist during an internal audit of information security event reporting.

On this page

When to use this

Use this checklist during an internal audit of information security event reporting.

Audit checklist

  • Confirm event reporting procedure exists.
  • Confirm channels and contact points are documented.
  • Confirm report forms are easy to find and complete.
  • Confirm personnel are trained on event examples and reporting responsibilities.
  • Interview personnel using realistic event examples.
  • Check that users are told not to exploit weaknesses.
  • Sample event reports and verify recording, triage, investigation, and closure.
  • Check root-cause and corrective-action follow-up.
  • Check external notification criteria and escalation routes.
  • Challenge any claim of “no events” with interviews and awareness evidence.

Findings table

Sample Expected evidence Observed evidence Gap Finding type Action owner
TBD TBD TBD TBD NC / observation / conforming TBD