UnixTime

Research Note

A.8.15 Audit Checklist

Use this checklist during an internal audit of log generation, storage, protection, retention, analysis, alerting, and corrective action.

On this page

When to use this

Use this checklist during an internal audit of log generation, storage, protection, retention, analysis, alerting, and corrective action.

Audit checklist

  • Review logging policy or standard.
  • Review log source and retention register.
  • Sample logs for required event detail.
  • Check privileged activity logging.
  • Check log protection from tampering/deletion.
  • Review SIEM/log analysis coverage and rules.
  • Review alert triage records.
  • Check separation of duties for log review.
  • Review fault trend analysis and corrective action.
  • Check cloud/managed service logging levels where applicable.

Findings table

Log source/process Expected evidence Observed evidence Gap Finding type Action owner
TBD TBD TBD TBD NC / observation / conforming TBD
  • Template
  • Audit
  • Iso27001
  • A8 15

Note Metadata

Aliases: A.8.15 Logging Audit Checklist

Source: 90 Templates/A.8.15 Audit Checklist.md

Graph-sourced resources

Templates and evidence

Auditor evidence packs

Evidence collections and audit-facing verification material.