When to use this
Use this record when configuration monitoring identifies drift from an approved baseline.
Related controls
- A.8.9 Configuration Management
- A.5.25 Assessment and Decision on Information Security Events
- A.5.26 Response to Information Security Incidents
Drift record
| Field | Value |
|---|---|
| Alert ID | TBD |
| System/service | TBD |
| Baseline | TBD |
| Drift detected | TBD |
| Change record exists? | Yes/No |
| Initial assessment | Authorized change / misconfiguration / suspicious |
| Action taken | TBD |
| Escalated to incident? | Yes/No |
| Closed by | TBD |
| Closure evidence | TBD |
Minimum checks
- Drift was assessed.
- Authorized change was verified where claimed.
- Unauthorized drift was corrected or escalated.
- Closure evidence was retained.
- Template
- Iso27001
- Technological controls
- Configuration management
- Monitoring
Note Metadata
Aliases: Configuration Drift Review Record
Source: 90 Templates/Configuration Drift Alert Review Record.md
Related Notes
- ISO 27001 A.5.25 - Assessment and Decision on Information Security Events
- ISO 27001 A.5.26 - Response to Information Security Incidents
- A.8.9 Audit Evidence Pack
- ISO 27001 A.8.9 - Configuration Management
- A.8 Technological Controls MOC
- A.8 Technological Controls Implementation Guide
- A.8 Technological Controls Implementation Audit Risk Mapping
- A.8.9 Audit Checklist
- Templates MOC