When to use this
Use this checklist when reviewing whether sensitive application functions, reports, downloads, exports, and print features are restricted according to access rules.
Related controls
- A.8.3 Information Access Restriction
- Information Access Rule Matrix
- Information Classification and Handling Matrix
Checklist
- Identify sensitive functions, reports, utilities, and exports.
- Confirm each item has an owner.
- Map each item to approved roles.
- Confirm unauthorized users cannot see or launch restricted functions.
- Confirm report builders cannot bypass normal access restrictions.
- Confirm exports/downloads are limited where required.
- Confirm printed output follows classification and handling rules.
- Confirm logs exist for high-risk exports or administrative functions.
- Confirm user manuals do not expose restricted operating details unnecessarily.
Review table
| Function/report/export | Owner | Sensitivity | Authorized roles | Restriction method | Logging required? | Gap/action |
|---|---|---|---|---|---|---|
| TBD | TBD | TBD | TBD | Hidden/blocked/approved/logged | Yes/No | TBD |
- Template
- Iso27001
- Technological controls
- Access control
Note Metadata
Aliases: Restricted Function Checklist, Export Control Checklist
Source: 90 Templates/Sensitive Function and Export Control Checklist.md
Related Notes
- A.8.3 Audit Evidence Pack
- ISO 27001 A.8.3 - Information Access Restriction
- A.8 Technological Controls MOC
- A.8 Technological Controls Implementation Guide
- A.8 Technological Controls Audit Guide
- A.8 Technological Controls Implementation Audit Risk Mapping
- A.8.3 Audit Checklist
- Information Access Rule Matrix
- Information Classification and Handling Matrix
- Templates MOC