UnixTime

Research Note

A.7.3 Audit Checklist

Use this checklist during an internal audit of physical security design for offices, rooms, and facilities.

On this page

When to use this

Use this checklist during an internal audit of physical security design for offices, rooms, and facilities.

Audit checklist

  • Confirm room/facility security requirements are identified.
  • Confirm controls are based on risk assessment.
  • Check whether protection matches the most sensitive/critical information in each area.
  • Walk the site and look for visible clues to sensitive rooms.
  • Check internal phone lists, directories, notice boards, and access codes.
  • Check centralized information repositories.
  • Verify specialized controls are risk-justified and operationally workable.
  • Check review records after layout, asset, or process changes.

Findings table

Room/facility Expected evidence Observed evidence Gap Finding type Action owner
TBD TBD TBD TBD NC / observation / conforming TBD