When to use this
Use this checklist when a laptop, phone, tablet, or other endpoint device is lost, stolen, or suspected compromised.
Related controls
- A.8.1 User End Point Devices
- A.6.8 Information Security Event Reporting
- A.5.26 Response to Information Security Incidents
Response checklist
- Record device, user, time, location, and circumstances.
- Confirm device ownership and information classification.
- Disable or revoke access tokens/sessions where needed.
- Trigger remote lock/wipe where available.
- Confirm encryption and management status.
- Assess whether personal data or sensitive information may be affected.
- Notify incident/privacy/legal roles where required.
- Record user interview and evidence.
- Update asset inventory and incident record.
- Template
- Iso27001
- Technological controls
- Endpoint security
Note Metadata
Aliases: Lost Endpoint Checklist
Source: 90 Templates/Endpoint Loss or Theft Response Checklist.md
Related Notes
- ISO 27001 A.5.26 - Response to Information Security Incidents
- ISO 27001 A.6.8 - Information Security Event Reporting
- A.8.1 Audit Evidence Pack
- ISO 27001 A.8.1 - User End Point Devices
- A.8 Technological Controls MOC
- A.8 Technological Controls Implementation Guide
- A.8 Technological Controls Implementation Audit Risk Mapping
- A.8.1 Audit Checklist
- Templates MOC