When to use this
Practical use
Use this as a working artifact. Fill it with real owners, dates, decisions, evidence locations, and review status.
Use this for internal audit preparation or certification readiness.
| Control / topic | Evidence requested | Owner | Location | Status | Notes |
|---|---|---|---|---|---|
| A.5.1 Policies | Current information security policy | Policy owner | |||
| A.5.1 Policies | Policy approval record | Policy owner | |||
| A.5.2 Roles | RACI matrix | ISMS Manager | |||
| A.5.2 Roles | Job descriptions / role profiles | HR / managers | |||
| A.5.3 SoD | Segregation of duties matrix | Process owners | |||
| A.5.3 SoD | Log review records | Security / IT | |||
| A.5.4 Management | Manager meeting notes with security topics | Department managers | |||
| A.5.4 Management | Training follow-up records | HR / managers |
- Template
- Audit
- Evidence
Note Metadata
Aliases: Evidence Request List
Source: 90 Templates/Evidence Request List.md
Related Notes
- Statement of Applicability
- ISO 27001 A.5.10 - Acceptable Use of Information and Other Associated Assets
- ISO 27001 A.5.28 - Collection of Evidence
- ISO 27001 A.5.34 - Privacy and Protection of PII
- ISO 27001 A.5.5 - Contact with Authorities
- Audit Evidence MOC
- ISMS Implementation Roadmap
- ISO 27001 Auditor Guide
- EXAM-006 - Implementation vs Audit Evidence
- GRC Knowledge Model
- Evidence Collection and Chain of Custody Log
- Audit Evidence Index
- Templates MOC