UnixTime

Research Note

A.8.3 Audit Checklist

Use this checklist during an internal audit of application, database, report, export, print, maintenance utility, and dynamic privilege access restrictions.

On this page

When to use this

Use this checklist during an internal audit of application, database, report, export, print, maintenance utility, and dynamic privilege access restrictions.

Audit checklist

  • Review access control policy and topic-specific access rules.
  • Review owner-approved access rule matrix.
  • Sample application roles against approved permissions.
  • Compare application permissions with database permissions.
  • Check restricted menus, reports, and functions.
  • Check maintenance utilities and little-used functions.
  • Review export, print, and download restrictions.
  • Check whether extracted information remains subject to handling rules.
  • Review dynamic privilege or remote support session records.
  • Confirm temporary access has start/end times, logs, and review.
  • Interview system owners and users.

Findings table

System/function Expected evidence Observed evidence Gap Finding type Action owner
TBD TBD TBD TBD NC / observation / conforming TBD
  • Template
  • Audit
  • Iso27001
  • A8 3

Note Metadata

Aliases: A.8.3 Information Access Restriction Audit Checklist

Source: 90 Templates/A.8.3 Audit Checklist.md

Graph-sourced resources

Templates and evidence

Auditor evidence packs

Evidence collections and audit-facing verification material.