When to use this
Use this checklist during an internal audit of backup scope, schedule, protection, job monitoring, restore testing, archive recoverability, and corrective action.
Related controls
- A.8.13 Information Backup
- A.8.13 Audit Evidence Pack
- Backup Policy and Schedule
- Backup and Restore Test Record
- Backup Scope and Coverage Register
- Long-Term Archive Recoverability Checklist
Audit checklist
- Review backup policy and schedule.
- Review backup scope and coverage register.
- Sample backup job success/failure logs.
- Review corrective action for failed backups.
- Review backup protection such as encryption and access control.
- Review off-site, immutable, offline, or separated storage where relevant.
- Sample restore test records.
- Review long-term archive recoverability.
- Check backup media lifecycle and disposal.
- Compare backup arrangements with continuity requirements.
Findings table
| System/backup set | Expected evidence | Observed evidence | Gap | Finding type | Action owner |
|---|---|---|---|---|---|
| TBD | TBD | TBD | TBD | NC / observation / conforming | TBD |
- Template
- Audit
- Iso27001
- A8 13
Note Metadata
Aliases: A.8.13 Backup Audit Checklist
Source: 90 Templates/A.8.13 Audit Checklist.md
Graph-sourced resources
Templates and evidence
Auditor evidence packs
Evidence collections and audit-facing verification material.
Related Notes
- A.8.13 Audit Evidence Pack
- Audit Evidence MOC
- ISO 27001 A.8.13 - Information Backup
- A.8 Technological Controls MOC
- A.8 Technological Controls Implementation Audit Risk Mapping
- Backup and Restore Test Record
- Backup Policy and Schedule
- Backup Scope and Coverage Register
- Long-Term Archive Recoverability Checklist
- Audit Evidence Index
- Templates MOC