UnixTime

Research Note

A.8.10 Audit Checklist

Use this checklist during an internal audit of retention, deletion, destruction, cloud deletion, backup deletion, and media awaiting destruction.

On this page

When to use this

Use this checklist during an internal audit of retention, deletion, destruction, cloud deletion, backup deletion, and media awaiting destruction.

Audit checklist

  • Review information asset register.
  • Review retention and deletion rules.
  • Sample assets against deletion/destruction records.
  • Check deletion method suitability for sensitivity and media type.
  • Review cloud, backup, archive, and snapshot handling.
  • Check protection of items awaiting destruction.
  • Review destruction certificates where applicable.
  • Interview personnel who perform deletion/destruction.

Findings table

Asset/data set Expected evidence Observed evidence Gap Finding type Action owner
TBD TBD TBD TBD NC / observation / conforming TBD
  • Template
  • Audit
  • Iso27001
  • A8 10

Note Metadata

Aliases: A.8.10 Information Deletion Audit Checklist

Source: 90 Templates/A.8.10 Audit Checklist.md

Graph-sourced resources

Templates and evidence

Auditor evidence packs

Evidence collections and audit-facing verification material.