When to use this
Use this checklist during an internal audit of physical security design for offices, rooms, and facilities.
Related controls
- A.7.3 Securing Offices Rooms and Facilities
- A.7.3 Audit Evidence Pack
- Office Room and Facility Security Assessment
- Sensitive Room Signage and Directory Review
Audit checklist
- Confirm room/facility security requirements are identified.
- Confirm controls are based on risk assessment.
- Check whether protection matches the most sensitive/critical information in each area.
- Walk the site and look for visible clues to sensitive rooms.
- Check internal phone lists, directories, notice boards, and access codes.
- Check centralized information repositories.
- Verify specialized controls are risk-justified and operationally workable.
- Check review records after layout, asset, or process changes.
Findings table
| Room/facility | Expected evidence | Observed evidence | Gap | Finding type | Action owner |
|---|---|---|---|---|---|
| TBD | TBD | TBD | TBD | NC / observation / conforming | TBD |
- Iso27001
- ISO27002
- Template
- Audit
- A7 3
Note Metadata
Aliases: A.7.3 Offices Rooms Facilities Audit Checklist
Source: 90 Templates/A.7.3 Audit Checklist.md
Graph-sourced resources
Templates and evidence
Auditor evidence packs
Evidence collections and audit-facing verification material.
Related Notes
- ISO 27001 A.7.3 - Securing Offices, Rooms and Facilities
- A.7 Physical Controls MOC
- A.7.3 Audit Evidence Pack
- Audit Evidence MOC
- AQ-ISO27001-A.7.3 Securing Offices, Rooms and Facilities
- A.7 Physical Controls Audit Guide
- A.7 Physical Controls Implementation Audit Risk Mapping
- Office Room and Facility Security Assessment
- Sensitive Room Signage and Directory Review
- Audit Evidence Index
- Templates MOC