When to use this
Use this checklist during an internal audit of DLP scope, data flows, DLP rules, alert handling, transfer approvals, and user awareness.
Related controls
- A.8.12 Data Leakage Prevention
- A.8.12 Audit Evidence Pack
- DLP Scope and Rule Register
- Approved Sensitive Data Flow Register
- DLP Alert Review and Tuning Log
- Sensitive Data Transfer Approval Record
Audit checklist
- Review sensitive data inventory.
- Review approved sensitive data flows.
- Review DLP rule configuration.
- Sample DLP alerts and closure evidence.
- Review false-positive handling and tuning.
- Review transfer approval records.
- Check user awareness for approved transfer methods.
- Review leakage incident escalation where applicable.
Findings table
| System/channel | Expected evidence | Observed evidence | Gap | Finding type | Action owner |
|---|---|---|---|---|---|
| TBD | TBD | TBD | TBD | NC / observation / conforming | TBD |
- Template
- Audit
- Iso27001
- A8 12
Note Metadata
Aliases: A.8.12 DLP Audit Checklist
Source: 90 Templates/A.8.12 Audit Checklist.md
Graph-sourced resources
Templates and evidence
Auditor evidence packs
Evidence collections and audit-facing verification material.
Related Notes
- A.8.12 Audit Evidence Pack
- Audit Evidence MOC
- ISO 27001 A.8.12 - Data Leakage Prevention
- A.8 Technological Controls MOC
- A.8 Technological Controls Implementation Audit Risk Mapping
- Approved Sensitive Data Flow Register
- DLP Alert Review and Tuning Log
- DLP Scope and Rule Register
- Sensitive Data Transfer Approval Record
- Audit Evidence Index
- Templates MOC