When to use this
Use this checklist during an internal audit of log generation, storage, protection, retention, analysis, alerting, and corrective action.
Related controls
- A.8.15 Logging
- A.8.15 Audit Evidence Pack
- Logging and Monitoring Standard
- Log Source and Retention Register
- Log Review and Alert Triage Record
- Log Integrity and Access Review Checklist
Audit checklist
- Review logging policy or standard.
- Review log source and retention register.
- Sample logs for required event detail.
- Check privileged activity logging.
- Check log protection from tampering/deletion.
- Review SIEM/log analysis coverage and rules.
- Review alert triage records.
- Check separation of duties for log review.
- Review fault trend analysis and corrective action.
- Check cloud/managed service logging levels where applicable.
Findings table
| Log source/process | Expected evidence | Observed evidence | Gap | Finding type | Action owner |
|---|---|---|---|---|---|
| TBD | TBD | TBD | TBD | NC / observation / conforming | TBD |
- Template
- Audit
- Iso27001
- A8 15
Note Metadata
Aliases: A.8.15 Logging Audit Checklist
Source: 90 Templates/A.8.15 Audit Checklist.md
Graph-sourced resources
Templates and evidence
Auditor evidence packs
Evidence collections and audit-facing verification material.
Related Notes
- A.8.15 Audit Evidence Pack
- Audit Evidence MOC
- ISO 27001 A.8.15 - Logging
- A.8 Technological Controls MOC
- A.8 Technological Controls Implementation Audit Risk Mapping
- Log Integrity and Access Review Checklist
- Log Review and Alert Triage Record
- Log Source and Retention Register
- Logging and Monitoring Standard
- Audit Evidence Index
- Templates MOC