When to use this
Use this checklist during an internal audit of assets taken, used, stored, or accessed outside organization premises.
Related controls
- A.7.9 Security of Assets Off-Premises
- A.7.9 Audit Evidence Pack
- Off-Premises Asset Authorization Register
- Off-Premises Asset Protection Checklist
- Long-Term Asset Loan Attestation
Audit checklist
- Confirm off-premises asset risk is assessed.
- Confirm asset removal requires authorization.
- Review off-site asset register.
- Sample asset removal and return records.
- Check long-term loan attestations.
- Check mobile device encryption/management evidence.
- Check BYOD controls where applicable.
- Check leaver asset return and secure erase records.
- Check cross-border/jurisdiction risk where relevant.
- Check risk acceptance where off-site protection is weaker.
Findings table
| Asset/use case | Expected evidence | Observed evidence | Gap | Finding type | Action owner |
|---|---|---|---|---|---|
| TBD | TBD | TBD | TBD | NC / observation / conforming | TBD |
- Iso27001
- ISO27002
- Template
- Audit
- A7 9
Note Metadata
Aliases: A.7.9 Off-Premises Assets Audit Checklist
Source: 90 Templates/A.7.9 Audit Checklist.md
Graph-sourced resources
Templates and evidence
Auditor evidence packs
Evidence collections and audit-facing verification material.
Related Notes
- ISO 27001 A.7.9 - Security of Assets Off-Premises
- A.7 Physical Controls MOC
- A.7.9 Audit Evidence Pack
- Audit Evidence MOC
- AQ-ISO27001-A.7.9 Security of Assets Off-Premises
- A.7 Physical Controls Audit Guide
- A.7 Physical Controls Implementation Audit Risk Mapping
- Long-Term Asset Loan Attestation
- Off-Premises Asset Authorization Register
- Off-Premises Asset Protection Checklist
- Audit Evidence Index
- Templates MOC