When to use this
Use this checklist when approving, reviewing, or auditing assets used away from organization premises.
Related controls
Protection checklist
- Asset removal is authorized.
- Asset is recorded with custodian and location.
- Sensitive data is encrypted where appropriate.
- Device is managed or otherwise controlled.
- Strong authentication is enabled.
- Screen lock and timeout are configured.
- Asset must not be left unattended in public places or vehicles.
- Paper files/media have secure carrying and storage rules.
- Loss/theft reporting route is known.
- Return, review, or attestation date is defined.
Review record
| Asset | Custodian | Control expected | Control observed | Gap | Action owner | Due date |
|---|---|---|---|---|---|---|
| TBD | TBD | TBD | TBD | TBD | TBD | TBD |
- Template
- Iso27001
- Physical controls
- Off premises assets
Note Metadata
Aliases: Off Site Asset Protection Checklist
Source: 90 Templates/Off-Premises Asset Protection Checklist.md