When to use this
Use this checklist during an internal audit of work performed inside secure areas.
Related controls
- A.7.6 Working in Secure Areas
- A.7.6 Audit Evidence Pack
- Secure Area Working Procedure
- Secure Area Work Authorization Register
Audit checklist
- Confirm sensitive work and secure areas are identified.
- Confirm entry controls allow only authorized personnel.
- Check need-to-know restrictions.
- Check controls for paper, media, equipment, and information movement.
- Check restrictions on phones, cameras, and recording devices.
- Confirm supervision requirements are defined and followed.
- Confirm dual control is applied where risk requires it.
- Confirm contractors and third parties follow the same procedure.
- Interview personnel and compare answers to the procedure.
Findings table
| Secure area/work | Expected evidence | Observed evidence | Gap | Finding type | Action owner |
|---|---|---|---|---|---|
| TBD | TBD | TBD | TBD | NC / observation / conforming | TBD |
- Iso27001
- ISO27002
- Template
- Audit
- A7 6
Note Metadata
Aliases: A.7.6 Secure Areas Audit Checklist
Source: 90 Templates/A.7.6 Audit Checklist.md
Graph-sourced resources
Templates and evidence
Auditor evidence packs
Evidence collections and audit-facing verification material.
Related Notes
- ISO 27001 A.7.6 - Working in Secure Areas
- A.7 Physical Controls MOC
- A.7.6 Audit Evidence Pack
- Audit Evidence MOC
- AQ-ISO27001-A.7.6 Working in Secure Areas
- A.7 Physical Controls Audit Guide
- A.7 Physical Controls Implementation Audit Risk Mapping
- Secure Area Work Authorization Register
- Secure Area Working Procedure
- Audit Evidence Index
- Templates MOC