When to use this
Use this checklist during an internal audit of retention, deletion, destruction, cloud deletion, backup deletion, and media awaiting destruction.
Related controls
- A.8.10 Information Deletion
- A.8.10 Audit Evidence Pack
- Information Deletion and Destruction Register
- Information Retention and Deletion Rules
- Cloud and Backup Deletion Checklist
Audit checklist
- Review information asset register.
- Review retention and deletion rules.
- Sample assets against deletion/destruction records.
- Check deletion method suitability for sensitivity and media type.
- Review cloud, backup, archive, and snapshot handling.
- Check protection of items awaiting destruction.
- Review destruction certificates where applicable.
- Interview personnel who perform deletion/destruction.
Findings table
| Asset/data set | Expected evidence | Observed evidence | Gap | Finding type | Action owner |
|---|---|---|---|---|---|
| TBD | TBD | TBD | TBD | NC / observation / conforming | TBD |
- Template
- Audit
- Iso27001
- A8 10
Note Metadata
Aliases: A.8.10 Information Deletion Audit Checklist
Source: 90 Templates/A.8.10 Audit Checklist.md
Graph-sourced resources
Templates and evidence
Auditor evidence packs
Evidence collections and audit-facing verification material.
Related Notes
- A.8.10 Audit Evidence Pack
- Audit Evidence MOC
- ISO 27001 A.8.10 - Information Deletion
- A.8 Technological Controls MOC
- A.8 Technological Controls Implementation Audit Risk Mapping
- Cloud and Backup Deletion Checklist
- Information Deletion and Destruction Register
- Information Retention and Deletion Rules
- Audit Evidence Index
- Templates MOC