When to use this
Use this checklist to review privileged account activity logs for appropriate, authorized, and traceable use.
Related controls
Review checklist
- Logs identify individual privileged user.
- Activity aligns to approved role or work order.
- Emergency access use is matched to emergency record.
- Failed privileged access attempts are reviewed.
- Log retention meets requirements.
- Logs are protected from modification.
- Suspicious activity is escalated.
Review record
| Period | System | Reviewer | Exceptions found | Escalated? | Evidence location |
|---|---|---|---|---|---|
| TBD | TBD | TBD | TBD | Yes/No | TBD |
- Template
- Iso27001
- Technological controls
- Privileged access
Note Metadata
Aliases: Privileged Log Review Checklist
Source: 90 Templates/Privileged Activity Log Review Checklist.md
Related Notes
- A.8.2 Audit Evidence Pack
- ISO 27001 A.8.2 - Privileged Access Rights
- A.8 Technological Controls MOC
- A.8 Technological Controls Implementation Guide
- A.8 Technological Controls Implementation Audit Risk Mapping
- A.8.2 Audit Checklist
- Dynamic Privilege Session Record
- Privileged Access Register
- Templates MOC