UnixTime

Research Note

A.8.21 Audit Checklist

Use this checklist during an internal audit of network service security mechanisms, service levels, service requirements, provider controls, and monitoring.

On this page

When to use this

Use this checklist during an internal audit of network service security mechanisms, service levels, service requirements, provider controls, and monitoring.

Audit checklist

  • Review network service inventory.
  • Trace service requirements to risk assessment.
  • Review provider security features.
  • Review service levels and resilience/failover commitments.
  • Check agreement or SLA includes required controls.
  • Review provider reports and service reviews.
  • Check compensating controls for provider limitations.
  • Check operational procedures include required service features.

Findings table

Network service Expected evidence Observed evidence Gap Finding type Action owner
TBD TBD TBD TBD NC / observation / conforming TBD