When to use this
Use this checklist when cryptographic keys must be recoverable for legal, operational, continuity, or organizational control reasons.
Related controls
- A.8.24 Use of Cryptography
- A.5.30 ICT Readiness for Business Continuity
- Cryptographic Key Management Register
Escrow and recovery checklist
- Escrow need is justified.
- Legal and privacy implications reviewed.
- Authorized recovery roles defined.
- Dual control or approval defined where needed.
- Escrow storage is protected.
- Recovery procedure is documented.
- Recovery activity is logged and reviewed.
- Unauthorized key injection is prevented.
- Circumvention paths are assessed.
- Recovery test or tabletop completed.
Recovery record
| Key/use case | Recovery reason | Approved by | Recovered by | Date/time | Evidence | Post-review |
|---|---|---|---|---|---|---|
| TBD | TBD | TBD | TBD | TBD | TBD | TBD |
- Template
- Iso27001
- Technological controls
- Key management
- Cryptography
Note Metadata
Aliases: Key Escrow Checklist
Source: 90 Templates/Key Escrow and Emergency Recovery Checklist.md
Related Notes
- ISO 27001 A.5.30 - ICT Readiness for Business Continuity
- A.8.24 Audit Evidence Pack
- ISO 27001 A.8.24 - Use of Cryptography
- A.8 Technological Controls MOC
- A.8 Technological Controls Implementation Guide
- A.8 Technological Controls Audit Guide
- A.8 Technological Controls Implementation Audit Risk Mapping
- A.8.24 Audit Checklist
- Cryptographic Key Management Register
- Templates MOC