When to use this
Use this checklist during an internal audit of user endpoint device protection.
Related controls
- A.8.1 User End Point Devices
- A.8.1 Audit Evidence Pack
- Endpoint Device Security Standard
- Endpoint Device Inventory and Compliance Register
- Endpoint Loss or Theft Response Checklist
- Remote Access and Endpoint Connection Checklist
Audit checklist
- Review endpoint policy and device security standard.
- Confirm endpoint inventory includes corporate and BYOD devices.
- Sample endpoint compliance reports.
- Check patch, malware/EDR, encryption, and screen lock evidence.
- Review remote access controls.
- Check session timeout settings.
- Review local storage and cloud backup rules.
- Check loss/theft response process.
- Interview users on device responsibilities.
Findings table
| Device/use case | Expected evidence | Observed evidence | Gap | Finding type | Action owner |
|---|---|---|---|---|---|
| TBD | TBD | TBD | TBD | NC / observation / conforming | TBD |
- Template
- Audit
- Iso27001
- A8 1
Note Metadata
Aliases: A.8.1 Endpoint Audit Checklist
Source: 90 Templates/A.8.1 Audit Checklist.md
Graph-sourced resources
Templates and evidence
Auditor evidence packs
Evidence collections and audit-facing verification material.
Related Notes
- A.8.1 Audit Evidence Pack
- Audit Evidence MOC
- ISO 27001 A.8.1 - User End Point Devices
- A.8 Technological Controls MOC
- A.8 Technological Controls Audit Guide
- A.8 Technological Controls Implementation Audit Risk Mapping
- Endpoint Device Inventory and Compliance Register
- Endpoint Device Security Standard
- Endpoint Loss or Theft Response Checklist
- Remote Access and Endpoint Connection Checklist
- Audit Evidence Index
- Templates MOC