When to use this
Use this checklist to test whether application, database, reporting, export, and maintenance access restrictions match approved access rules.
Related controls
Review checklist
- Confirm access rules are owner-approved.
- Compare role permissions with business need.
- Sample users in each role.
- Compare application permissions with database permissions.
- Check whether restricted menus and functions are hidden or blocked.
- Review report builder and bulk export permissions.
- Review print/download controls for sensitive information.
- Check maintenance utilities and rarely used functions.
- Review temporary access or dynamic privilege sessions.
- Record gaps and corrective actions.
Findings table
| System | Role/user sampled | Expected access | Observed access | Gap | Action owner | Due date |
|---|---|---|---|---|---|---|
| TBD | TBD | TBD | TBD | TBD | TBD | TBD |
- Template
- Iso27001
- Technological controls
- Access review
Note Metadata
Aliases: A.8.3 Access Restriction Review
Source: 90 Templates/Information Access Restriction Review Checklist.md
Related Notes
- A.8.3 Audit Evidence Pack
- ISO 27001 A.8.3 - Information Access Restriction
- A.8 Technological Controls MOC
- A.8 Technological Controls Implementation Guide
- A.8 Technological Controls Audit Guide
- A.8 Technological Controls Implementation Audit Risk Mapping
- A.8.3 Audit Checklist
- Access Review Checklist
- Information Access Rule Matrix
- Templates MOC