When to use this
Use this checklist during an internal audit of information security event reporting.
Related controls
- A.6.8 Information Security Event Reporting
- A.6.8 Audit Evidence Pack
- Information Security Event Report Form
- Information Security Event Reporting Channel Register
Audit checklist
- Confirm event reporting procedure exists.
- Confirm channels and contact points are documented.
- Confirm report forms are easy to find and complete.
- Confirm personnel are trained on event examples and reporting responsibilities.
- Interview personnel using realistic event examples.
- Check that users are told not to exploit weaknesses.
- Sample event reports and verify recording, triage, investigation, and closure.
- Check root-cause and corrective-action follow-up.
- Check external notification criteria and escalation routes.
- Challenge any claim of “no events” with interviews and awareness evidence.
Findings table
| Sample | Expected evidence | Observed evidence | Gap | Finding type | Action owner |
|---|---|---|---|---|---|
| TBD | TBD | TBD | TBD | NC / observation / conforming | TBD |
- Iso27001
- ISO27002
- Template
- Audit
- A6 8
Note Metadata
Aliases: A.6.8 Event Reporting Audit Checklist
Source: 90 Templates/A.6.8 Audit Checklist.md
Graph-sourced resources
Templates and evidence
Auditor evidence packs
Evidence collections and audit-facing verification material.
Related Notes
- ISO 27001 A.6.8 - Information Security Event Reporting
- A.6 People Controls MOC
- A.6.8 Audit Evidence Pack
- Audit Evidence MOC
- AQ-ISO27001-A.6.8 Information Security Event Reporting
- A.6 People Controls Audit Guide
- A.6 People Controls Implementation Audit Risk Mapping
- Information Security Event Report Form
- Information Security Event Reporting Channel Register
- Audit Evidence Index
- Templates MOC