SlideShare a Scribd company logo

ISO_27001_Auditor_Checklist.pdf

Q
Qasim965490

ISO27001 auditor checklist

Technology
1 of 9
Download to read offline
ISO 27001-2013 Auditor Checklist 1/2/2020 The ISO 27001 Auditor Checklist gives you a high-level overview of how well the organisation complies with ISO 27001:2013. The checklist details specific compliance items, their status, and helpful references. Use the checklist to quickly identify potential issues to be re-mediated in order to achieve compliance. Control Description Applicable In Compliance References Issues 5 Information security policies 5.1 Management direction for information security 5.1.1 Policies for information security Yes Yes Information Security Policies and Procedures 5.1.2 Review of the policies for information security Yes Yes Information Security Policies and Procedures - Review; ISO 27001 Compliance Questionnaire - Information Security Policy; Evidence of Compliance - Information Security Policies 6 Organization of information security 6.1 Internal organization 6.1.1 Information security roles and responsibilities Yes Yes Information Security Policies and Procedures - Security Roles and Responsibilities 6.1.2 Segregation of duties Yes Yes Information Security Policies and Procedures - Security Roles and Responsibilities 6.1.3 Contact with authorities Yes No Information Security Policies and Procedures - Contact with Authorities; ISO 27001 Compliance Questionnaire - Contact with authorities; Evidence of Compliance - Organisation of Information Security See Risk Treatment Plan 6.1.4 Contact with special interest groups Yes No Information Security Policies and Procedures - Contact with special interest groups; ISO 27001 Compliance Questionnaire - Contact with special interest groups; Evidence of Compliance - Organisation of Information Security See Risk Treatment Plan 6.1.5 Information security in project management Yes No Information Security Policies and Procedures - Information security in project management; ISO 27001 Compliance Questionnaire - Information security in project management; Evidence of Compliance - Organisation of Information Security See Risk Treatment Plan 6.2 Mobile devices and teleworking 6.2.1 Mobile device policy Yes Yes Information Security Policies and Procedures - Mobile Device Policy; ISO 27001 Compliance Questionnaire - Mobile Device and Teleworking; Evidence of Compliance - Organisation of Information Security
ISO 27001-2013 Auditor Checklist 1/2/2020 The ISO 27001 Auditor Checklist gives you a high-level overview of how well the organisation complies with ISO 27001:2013. The checklist details specific compliance items, their status, and helpful references. Use the checklist to quickly identify potential issues to be re-mediated in order to achieve compliance. Control Description Applicable In Compliance References Issues 6.2.2 Teleworking Yes Yes Information Security Policies and Procedures - Teleworking; ISO 27001 Compliance Questionnaire - Mobile Device and Teleworking; Evidence of Compliance - Organisation of Information Security A.7 Human resource security 7.1 Prior to employment 7.1.1 Screening Yes Yes Information Security Policies and Procedures - Human Resource Security; ISO 27001 Compliance Questionnaire - Human Resource Security 7.1.2 Terms and conditions of employment Yes Yes Information Security Policies and Procedures - Human Resource Security; ISO 27001 Compliance Questionnaire - Human Resource Security 7.2 During employment 7.2.1 Management responsibilities Yes Yes Information Security Policies and Procedures - Human Resource Security 7.2.2 Information security awareness, education, and training Yes No Information Security Policies and Procedures - Information Security Awareness and Training; ISO 27001 Compliance Questionnaire - Information Security Awareness and Training See Risk Treatment Plan 7.2.3 Disciplinary process Yes Yes Information Security Policies and Procedures - Human Resource Security 7.3 Termination and change of employment 7.3.1 Termination or change of employment responsibilities Yes Yes Information Security Policies and Procedures - Human Resource Security A.8 Asset management 8.1 Responsibilities for assets 8.1.1 Inventory of assets Yes Yes Asset Inventory Worksheet 8.1.2 Ownership of assets Yes Yes Asset Inventory Worksheet 8.1.3 Acceptable use of assets Yes Yes Information Security Policies and Procedures - Asset Management 8.1.4 Return of assets Yes Yes Information Security Policies and Procedures - Asset Management; ISO 27001 Compliance Questionnaire - Employee Termination 8.2 Information classification 8.2.1 Classification of information Yes Yes Information Security Policies and Procedures - Information Classification and Labeling
ISO 27001-2013 Auditor Checklist 1/2/2020 The ISO 27001 Auditor Checklist gives you a high-level overview of how well the organisation complies with ISO 27001:2013. The checklist details specific compliance items, their status, and helpful references. Use the checklist to quickly identify potential issues to be re-mediated in order to achieve compliance. Control Description Applicable In Compliance References Issues 8.2.2 Labeling of information Yes No Information Security Policies and Procedures - Information Classification and Labeling; ISO 27001 Compliance Questionnaire - Information Classification and Labeling See Risk Treatment Plan 8.2.3 Handling of assets Yes Yes Information Security Policies and Procedures - Information Classification and Labeling 8.3 Media handling 8.3.1 Management of removable media Yes No Information Security Policies and Procedures - Management of removable media; Site Walkthrough Checklist See Risk Treatment Plan 8.3.2 Disposal of media Yes No Information Security Policies and Procedures - Management of removable media; Site Walkthrough Checklist See Risk Treatment Plan 8.3.3 Physical media transfer Yes Yes Information Security Policies and Procedures - Management of removable media; ISO 27001 Compliance Questionnaire - Media Handling A.9 Access control A.9 Responsibilities for assets 9.1.1 Access control policy Yes Yes Information Security Policies and Procedures - Access control policy; Evidence of Compliance - User Access 9.1.2 Access to networks and network services Yes Yes Information Security Policies and Procedures - Access control policy; Evidence of Compliance - User Access 9.2 Responsibilities for assets 9.2.1 User registration and de-registration Yes Yes Information Security Policies and Procedures - Access control policy; Evidence of Compliance - User Access 9.2.2 User access provisioning Yes Yes Information Security Policies and Procedures - Access control policy; Evidence of Compliance - User Access 9.2.3 Management of privileged access rights Yes Yes Information Security Policies and Procedures - Access control policy; Evidence of Compliance - User Access
ISO 27001-2013 Auditor Checklist 1/2/2020 The ISO 27001 Auditor Checklist gives you a high-level overview of how well the organisation complies with ISO 27001:2013. The checklist details specific compliance items, their status, and helpful references. Use the checklist to quickly identify potential issues to be re-mediated in order to achieve compliance. Control Description Applicable In Compliance References Issues 9.2.4 Management of secret authentication information of users Yes Yes Information Security Policies and Procedures - Access control policy; Evidence of Compliance - User Access 9.2.5 Review of user access rights Yes No Information Security Policies and Procedures - Access control policy; User Access Rights Review Worksheet; Evidence of Compliance - User Access Management See Risk Treatment Plan 9.2.6 Removal or adjustment of access rights Yes Yes Information Security Policies and Procedures - Access control policy; Evidence of Compliance - User Access 9.3 User responsibilities 9.3.1 Use of secret authentication information Yes Yes Information Security Policies and Procedures - User responsibilities 9.4 System and application access control 9.4.1 Information access restrictions Yes No Information Security Policies and Procedures - Access Control Policy; Evidence of Compliance - User access management See Risk Treatment Plan 9.4.2 Secure log-on procedures Yes Yes Information Security Policies and Procedures - Access Control Policy; Evidence of Compliance - User access management 9.4.3 Password management system Yes No Information Security Policies and Procedures - Access Control Policy; Evidence of Compliance - User access management See Risk Treatment Plan 9.4.4 Use of privileged utility programs Yes No Information Security Policies and Procedures - Access Control Policy; Evidence of Compliance - User access management See Risk Treatment Plan 9.4.5 Access control to program source code Yes No Information Security Policies and Procedures - Access Control Policy; ISO 27001 Compliance Questionnaire - Access control to program source; Evidence of Compliance - User access management See Risk Treatment Plan A.10 Cryptography 10.1 Cryptographic controls 10.1.1 Policy on the use of cryptographic controls Yes No Information Security Policies and Procedures - Cryptography; ISO 27001 Compliance Questionnaire - Cryptography; Evidence of Compliance - Cryptography See Risk Treatment Plan
ISO 27001-2013 Auditor Checklist 1/2/2020 The ISO 27001 Auditor Checklist gives you a high-level overview of how well the organisation complies with ISO 27001:2013. The checklist details specific compliance items, their status, and helpful references. Use the checklist to quickly identify potential issues to be re-mediated in order to achieve compliance. Control Description Applicable In Compliance References Issues 10.1.2 Key management Yes No Information Security Policies and Procedures - Cryptography; ISO 27001 Compliance Questionnaire - Cryptography; Evidence of Compliance - Cryptography See Risk Treatment Plan A.11 Physical and environmental security 11.1 Secure areas 11.1.1 Physical security perimeter Yes No Information Security Policies and Procedures - Physical and environmental security; Site Walkthrough Checklist See Risk Treatment Plan 11.1.2 Physical entry controls Yes No Information Security Policies and Procedures - Physical and environmental security; Site Walkthrough Checklist See Risk Treatment Plan 11.1.3 Securing offices, rooms and facilities Yes No Information Security Policies and Procedures - Physical and environmental security; Site Walkthrough Checklist See Risk Treatment Plan 11.1.4 Protection against external and environmental threats Yes Yes Information Security Policies and Procedures - Physical and environmental security 11.1.5 Working in secure areas Yes Yes Information Security Policies and Procedures - Physical and environmental security 11.1.6 Delivery and loading areas Yes Yes Information Security Policies and Procedures - Physical and environmental security 11.2 Equipment 11.2.1 Equipment siting and protection Yes Yes Information Security Policies and Procedures - Physical and environmental security; Site Walkthrough Checklist 11.2.2 Supporting utilities Yes Yes Information Security Policies and Procedures - Physical and environmental security 11.2.3 Cabling security Yes No Information Security Policies and Procedures - Physical and environmental security; Site Walkthrough Checklist See Risk Treatment Plan 11.2.4 Equipment maintenance Yes Yes Information Security Policies and Procedures - Physical and environmental security 11.2.5 Removal of assets Yes Yes Information Security Policies and Procedures - Physical and environmental security 11.2.6 Security of equipment and assets off-premises Yes Yes Information Security Policies and Procedures - Physical and environmental security
ISO 27001-2013 Auditor Checklist 1/2/2020 The ISO 27001 Auditor Checklist gives you a high-level overview of how well the organisation complies with ISO 27001:2013. The checklist details specific compliance items, their status, and helpful references. Use the checklist to quickly identify potential issues to be re-mediated in order to achieve compliance. Control Description Applicable In Compliance References Issues 11.2.7 Secure disposal or re-use of equipment Yes Yes Information Security Policies and Procedures - Physical and environmental security 11.2.8 Unattended user equipment Yes No Information Security Policies and Procedures - Physical and environmental security; Evidence of Compliance - Screen Lock Settings See Risk Treatment Plan 11.2.9 Clear desk and clear screen policy Yes No Information Security Policies and Procedures - Physical and environmental security; Evidence of Compliance - Screen Lock Settings; Site Walkthrough Checklist See Risk Treatment Plan A.12 Operations security 12.1 Operational procedures and responsibilities 12.1.1 Documented operating procedures Yes Yes Information Security Policies and Procedures - Documented operating procedures; ISO 27001 Compliance Questionnaire - Documented operating procedures 12.1.2 Change management Yes Yes Information Security Policies and Procedures - Documented operating procedures 12.1.3 Capacity management Yes Yes Information Security Policies and Procedures - Documented operating procedures 12.1.4 Separation of development, testing and operational environments Yes Yes Information Security Policies and Procedures - Documented operating procedures; Asset inventory worksheet 12.2 Protection from malware 12.2.1 Controls against malware Yes No Information Security Policies and Procedures - Protection from malware; Evidence of Compliance - Endpoint Security See Risk Treatment Plan 12.3 Backup 12.3.1 Information Backup Yes Yes Information Security Policies and Procedures - Backup; Evidence of Compliance - Backup 12.4 Logging and Monitoring 12.4.1 Event logging Yes No Information Security Policies and Procedures - Logging and monitoring; Evidence of Compliance - Logging and monitoring; Login History Reports See Risk Treatment Plan 12.4.2 Protection of log information Yes No Information Security Policies and Procedures - Logging and monitoring; Evidence of Compliance - Logging and monitoring; Login History Reports See Risk Treatment Plan
ISO 27001-2013 Auditor Checklist 1/2/2020 The ISO 27001 Auditor Checklist gives you a high-level overview of how well the organisation complies with ISO 27001:2013. The checklist details specific compliance items, their status, and helpful references. Use the checklist to quickly identify potential issues to be re-mediated in order to achieve compliance. Control Description Applicable In Compliance References Issues 12.4.3 Administrator and operator log Yes No Information Security Policies and Procedures - Logging and monitoring; Evidence of Compliance - Logging and monitoring; Login History Reports See Risk Treatment Plan 12.4.4 Clock synchronization Yes No Information Security Policies and Procedures - Logging and monitoring; Evidence of Compliance - Logging and monitoring; Login History Reports See Risk Treatment Plan 12.5 Control of operational software 12.5.1 Installation of software on operational systems Yes Yes Information Security Policies and Procedures - Control of operational software 12.6 Technical vulnerability management 12.6.1 Management of technical vulnerabilities Yes No Information Security Policies and Procedures - Technical vulnerability management; Evidence of Compliance - Technical vulnerability management; External Vulnerability Scan summary; Internal Vulnerability Scan summary See Risk Treatment Plan 12.7.2 Restriction on software installation Yes No Information Security Policies and Procedures - Technical vulnerability management; Evidence of Compliance - Restriction on software installation See Risk Treatment Plan 12.7 Information systems audit considerations 12.7.1 Information system audit control Yes Yes Information Security Policies and Procedures - Information systems audit controls A.13 Communications security 13.1 Network security management 13.1.1 Network controls Yes Yes Information Security Policies and Procedures - Network controls 13.1.2 Security of network services Yes Yes Information Security Policies and Procedures - Security of network services 13.1.3 Segregation in networks Yes Yes Information Security Policies and Procedures - Segregation in networks; Evidence of Compliance - Segregation in Networks 13.2 Information transfer 13.2.1 Information transfer policies and procedures Yes Yes Information Security Policies and Procedures - Information transfer policies 13.2.2 Agreements on information transfer Yes No Information Security Policies and Procedures - Agreements on information transfer See Risk Treatment Plan
ISO 27001-2013 Auditor Checklist 1/2/2020 The ISO 27001 Auditor Checklist gives you a high-level overview of how well the organisation complies with ISO 27001:2013. The checklist details specific compliance items, their status, and helpful references. Use the checklist to quickly identify potential issues to be re-mediated in order to achieve compliance. Control Description Applicable In Compliance References Issues 13.2.3 Electronic messaging Yes Yes Information Security Policies and Procedures - Electronic messaging 13.2.4 Confidentiality or non-disclosure agreements Yes Yes Information Security Policies and Procedures - Confidentiality or non-disclosure agreements A.14 System acquisition, development and maintenance 14.1 Security requirements of information systems 14.1.1 Information security requirements analysis and specification Yes Yes Information Security Policies and Procedures - Information security requirements analysis and requirements 14.1.2 Securing application services on public networks Yes Yes Information Security Policies and Procedures - Securing application services on public networks; Evidence of Compliance - Application Security on Public Networks 14.1.3 Protecting application service transactions Yes Yes Availability of information processing facilities 14.2 Security in development and support processes 14.2.1 In-house development Yes Yes In-house Development; ISO 27001 Compliance Questionnaire - System acquisition, development and maintenance A.15 Suppliers relationships A.16 Information security incident management 16 Information security management Yes No Information Security Policies and Procedures - Information security incident management; ISO 27001 Compliance Questionnaire - Information security incident management See Risk Treatment Plan A.17 Information security aspects of business continuity management 17.1 Information security continuity Yes Yes Information Security Policies and Procedures - Business Continuity Plan; ISO 27001 Compliance Questionnaire - Business Continuity Management 17.2 Redundancies A.18 Compliance 18.1 Compliance with legal and contractual requirements
ISO 27001-2013 Auditor Checklist 1/2/2020 The ISO 27001 Auditor Checklist gives you a high-level overview of how well the organisation complies with ISO 27001:2013. The checklist details specific compliance items, their status, and helpful references. Use the checklist to quickly identify potential issues to be re-mediated in order to achieve compliance. Control Description Applicable In Compliance References Issues 18.1.1 Identification of applicable legislation and contractual requirements Yes Yes Information Security Policies and Procedures - Applicable Legislation; ISO 27001 Compliance Questionnaire - Applicable Legislation; Evidence of Compliance - Applicable Legislation 18.1.2 Intellectual property rights Yes Yes Information Security Policies and Procedures - Intellectual property rights 18.1.3 Protection of records Yes Yes Information Security Policies and Procedures - Protection of records 18.1.4 Privacy and protection of personally identifiable information Yes Yes Information Security Policies and Procedures - Privacy and protection of personally identifiable information 18.1.5 Regulation of cryptographic controls Yes Yes Information Security Policies and Procedures - Regulation of cryptographic controls 18.2 Independent review of information security 18.2 Independent review of information security Yes Yes Information Security Policies and Procedures - Information security review 18.2.1 Compliance with security policies and standards Yes Yes Information Security Policies and Procedures - Information security review 18.2.2 Technical compliance review Yes Yes Information Security Policies and Procedures - Information security review

Recommended

NQA ISO 9001 to ISO 27001 Gap Guide
NQA ISO 9001 to ISO 27001 Gap GuideNQA ISO 9001 to ISO 27001 Gap Guide
NQA ISO 9001 to ISO 27001 Gap GuideNQA
 
ISMS Requirements
ISMS RequirementsISMS Requirements
ISMS Requirementshumanus2
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfControlCase
 
Iso 27001 certification
Iso 27001 certificationIso 27001 certification
Iso 27001 certificationramya119
 
Planning for-and implementing ISO 27001
Planning for-and implementing ISO 27001Planning for-and implementing ISO 27001
Planning for-and implementing ISO 27001Yerlin Sturdivant
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Poster
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness PosterISO/IEC 27001:2022 (Information Security Management Systems) Awareness Poster
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness PosterOperational Excellence Consulting
 
ISO 27001 Compliance Checklist 9 Step Implementation Guide.pptx
ISO 27001 Compliance Checklist 9 Step Implementation Guide.pptxISO 27001 Compliance Checklist 9 Step Implementation Guide.pptx
ISO 27001 Compliance Checklist 9 Step Implementation Guide.pptxSIS Certifications Pvt Ltd
 
Tripwire Iso 27001 Wp
Tripwire Iso 27001 WpTripwire Iso 27001 Wp
Tripwire Iso 27001 Wpketanaagja
 

Recommended

NQA ISO 9001 to ISO 27001 Gap Guide
NQA ISO 9001 to ISO 27001 Gap GuideNQA ISO 9001 to ISO 27001 Gap Guide
NQA ISO 9001 to ISO 27001 Gap GuideNQA
 
ISMS Requirements
ISMS RequirementsISMS Requirements
ISMS Requirementshumanus2
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfControlCase
 
Iso 27001 certification
Iso 27001 certificationIso 27001 certification
Iso 27001 certificationramya119
 
Planning for-and implementing ISO 27001
Planning for-and implementing ISO 27001Planning for-and implementing ISO 27001
Planning for-and implementing ISO 27001Yerlin Sturdivant
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Poster
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness PosterISO/IEC 27001:2022 (Information Security Management Systems) Awareness Poster
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness PosterOperational Excellence Consulting
 
ISO 27001 Compliance Checklist 9 Step Implementation Guide.pptx
ISO 27001 Compliance Checklist 9 Step Implementation Guide.pptxISO 27001 Compliance Checklist 9 Step Implementation Guide.pptx
ISO 27001 Compliance Checklist 9 Step Implementation Guide.pptxSIS Certifications Pvt Ltd
 
Tripwire Iso 27001 Wp
Tripwire Iso 27001 WpTripwire Iso 27001 Wp
Tripwire Iso 27001 Wpketanaagja
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview Ahmed Riad .
 
(ONLINE) ITIL Indonesia Community - Manfaat Penerapan Sistem Manajemen Keaman...
(ONLINE) ITIL Indonesia Community - Manfaat Penerapan Sistem Manajemen Keaman...(ONLINE) ITIL Indonesia Community - Manfaat Penerapan Sistem Manajemen Keaman...
(ONLINE) ITIL Indonesia Community - Manfaat Penerapan Sistem Manajemen Keaman...ITIL Indonesia
 
Achieving ISO 27001 Certification.pdf
Achieving ISO 27001 Certification.pdfAchieving ISO 27001 Certification.pdf
Achieving ISO 27001 Certification.pdfmicroteklearning21
 
ISMS Part I
ISMS Part IISMS Part I
ISMS Part Ikhushboo
 
Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001PECB
 
Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018Schellman & Company
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentationMidhun Nirmal
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awarenessÃsħâr Ãâlâm
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingOperational Excellence Consulting
 
ISO27001
ISO27001ISO27001
ISO27001Ruchit Ahuja
 
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?PECB
 
Gs Us Roadmap For A World Class Information Security Management System– Isoie...
Gs Us Roadmap For A World Class Information Security Management System– Isoie...Gs Us Roadmap For A World Class Information Security Management System– Isoie...
Gs Us Roadmap For A World Class Information Security Management System– Isoie...Tammy Clark
 
541728869-Introduction-to-ISO-27001.pdf
541728869-Introduction-to-ISO-27001.pdf541728869-Introduction-to-ISO-27001.pdf
541728869-Introduction-to-ISO-27001.pdfSharudinBoriak1
 
Damco iso 27001
Damco iso 27001Damco iso 27001
Damco iso 27001Dipin Sharma
 
Damco iso 27001
Damco iso 27001Damco iso 27001
Damco iso 27001Dipin Sharma
 
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksIT Governance Ltd
 
Iso 27001 lead auditor training
Iso 27001 lead auditor trainingIso 27001 lead auditor training
Iso 27001 lead auditor trainingÃsħâr Ãâlâm
 
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701PECB
 
Damco iso 27001
Damco iso 27001Damco iso 27001
Damco iso 27001Dipin Sharma
 
ISO/IEC 27001:2005 naar ISO 27001:2013 Checklist
ISO/IEC 27001:2005 naar ISO 27001:2013 ChecklistISO/IEC 27001:2005 naar ISO 27001:2013 Checklist
ISO/IEC 27001:2005 naar ISO 27001:2013 ChecklistLloyd's Register Quality Assurance Nederland
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 

More Related Content

Similar to ISO_27001_Auditor_Checklist.pdf

ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview Ahmed Riad .
 
(ONLINE) ITIL Indonesia Community - Manfaat Penerapan Sistem Manajemen Keaman...
(ONLINE) ITIL Indonesia Community - Manfaat Penerapan Sistem Manajemen Keaman...(ONLINE) ITIL Indonesia Community - Manfaat Penerapan Sistem Manajemen Keaman...
(ONLINE) ITIL Indonesia Community - Manfaat Penerapan Sistem Manajemen Keaman...ITIL Indonesia
 
Achieving ISO 27001 Certification.pdf
Achieving ISO 27001 Certification.pdfAchieving ISO 27001 Certification.pdf
Achieving ISO 27001 Certification.pdfmicroteklearning21
 
ISMS Part I
ISMS Part IISMS Part I
ISMS Part Ikhushboo
 
Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001PECB
 
Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018Schellman & Company
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentationMidhun Nirmal
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingOperational Excellence Consulting
 
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?PECB
 
Gs Us Roadmap For A World Class Information Security Management System– Isoie...
Gs Us Roadmap For A World Class Information Security Management System– Isoie...Gs Us Roadmap For A World Class Information Security Management System– Isoie...
Gs Us Roadmap For A World Class Information Security Management System– Isoie...Tammy Clark
 
541728869-Introduction-to-ISO-27001.pdf
541728869-Introduction-to-ISO-27001.pdf541728869-Introduction-to-ISO-27001.pdf
541728869-Introduction-to-ISO-27001.pdfSharudinBoriak1
 
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksIT Governance Ltd
 
Iso 27001 lead auditor training
Iso 27001 lead auditor trainingIso 27001 lead auditor training
Iso 27001 lead auditor trainingÃsħâr Ãâlâm
 
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701PECB
 

Similar to ISO_27001_Auditor_Checklist.pdf (20)

ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview
 
(ONLINE) ITIL Indonesia Community - Manfaat Penerapan Sistem Manajemen Keaman...
(ONLINE) ITIL Indonesia Community - Manfaat Penerapan Sistem Manajemen Keaman...(ONLINE) ITIL Indonesia Community - Manfaat Penerapan Sistem Manajemen Keaman...
(ONLINE) ITIL Indonesia Community - Manfaat Penerapan Sistem Manajemen Keaman...
 
Achieving ISO 27001 Certification.pdf
Achieving ISO 27001 Certification.pdfAchieving ISO 27001 Certification.pdf
Achieving ISO 27001 Certification.pdf
 
ISMS Part I
ISMS Part IISMS Part I
ISMS Part I
 
Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001
 
Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentation
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awareness
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
 
ISO27001
ISO27001ISO27001
ISO27001
 
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
 
Gs Us Roadmap For A World Class Information Security Management System– Isoie...
Gs Us Roadmap For A World Class Information Security Management System– Isoie...Gs Us Roadmap For A World Class Information Security Management System– Isoie...
Gs Us Roadmap For A World Class Information Security Management System– Isoie...
 
541728869-Introduction-to-ISO-27001.pdf
541728869-Introduction-to-ISO-27001.pdf541728869-Introduction-to-ISO-27001.pdf
541728869-Introduction-to-ISO-27001.pdf
 
Damco iso 27001
Damco iso 27001Damco iso 27001
Damco iso 27001
 
Damco iso 27001
Damco iso 27001Damco iso 27001
Damco iso 27001
 
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risks
 
Iso 27001 lead auditor training
Iso 27001 lead auditor trainingIso 27001 lead auditor training
Iso 27001 lead auditor training
 
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
 
Damco iso 27001
Damco iso 27001Damco iso 27001
Damco iso 27001
 
ISO/IEC 27001:2005 naar ISO 27001:2013 Checklist
ISO/IEC 27001:2005 naar ISO 27001:2013 ChecklistISO/IEC 27001:2005 naar ISO 27001:2013 Checklist
ISO/IEC 27001:2005 naar ISO 27001:2013 Checklist
 

Recently uploaded

Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 

Recently uploaded (20)

Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 

ISO_27001_Auditor_Checklist.pdf

  • 1. ISO 27001-2013 Auditor Checklist 1/2/2020 The ISO 27001 Auditor Checklist gives you a high-level overview of how well the organisation complies with ISO 27001:2013. The checklist details specific compliance items, their status, and helpful references. Use the checklist to quickly identify potential issues to be re-mediated in order to achieve compliance. Control Description Applicable In Compliance References Issues 5 Information security policies 5.1 Management direction for information security 5.1.1 Policies for information security Yes Yes Information Security Policies and Procedures 5.1.2 Review of the policies for information security Yes Yes Information Security Policies and Procedures - Review; ISO 27001 Compliance Questionnaire - Information Security Policy; Evidence of Compliance - Information Security Policies 6 Organization of information security 6.1 Internal organization 6.1.1 Information security roles and responsibilities Yes Yes Information Security Policies and Procedures - Security Roles and Responsibilities 6.1.2 Segregation of duties Yes Yes Information Security Policies and Procedures - Security Roles and Responsibilities 6.1.3 Contact with authorities Yes No Information Security Policies and Procedures - Contact with Authorities; ISO 27001 Compliance Questionnaire - Contact with authorities; Evidence of Compliance - Organisation of Information Security See Risk Treatment Plan 6.1.4 Contact with special interest groups Yes No Information Security Policies and Procedures - Contact with special interest groups; ISO 27001 Compliance Questionnaire - Contact with special interest groups; Evidence of Compliance - Organisation of Information Security See Risk Treatment Plan 6.1.5 Information security in project management Yes No Information Security Policies and Procedures - Information security in project management; ISO 27001 Compliance Questionnaire - Information security in project management; Evidence of Compliance - Organisation of Information Security See Risk Treatment Plan 6.2 Mobile devices and teleworking 6.2.1 Mobile device policy Yes Yes Information Security Policies and Procedures - Mobile Device Policy; ISO 27001 Compliance Questionnaire - Mobile Device and Teleworking; Evidence of Compliance - Organisation of Information Security
  • 2. ISO 27001-2013 Auditor Checklist 1/2/2020 The ISO 27001 Auditor Checklist gives you a high-level overview of how well the organisation complies with ISO 27001:2013. The checklist details specific compliance items, their status, and helpful references. Use the checklist to quickly identify potential issues to be re-mediated in order to achieve compliance. Control Description Applicable In Compliance References Issues 6.2.2 Teleworking Yes Yes Information Security Policies and Procedures - Teleworking; ISO 27001 Compliance Questionnaire - Mobile Device and Teleworking; Evidence of Compliance - Organisation of Information Security A.7 Human resource security 7.1 Prior to employment 7.1.1 Screening Yes Yes Information Security Policies and Procedures - Human Resource Security; ISO 27001 Compliance Questionnaire - Human Resource Security 7.1.2 Terms and conditions of employment Yes Yes Information Security Policies and Procedures - Human Resource Security; ISO 27001 Compliance Questionnaire - Human Resource Security 7.2 During employment 7.2.1 Management responsibilities Yes Yes Information Security Policies and Procedures - Human Resource Security 7.2.2 Information security awareness, education, and training Yes No Information Security Policies and Procedures - Information Security Awareness and Training; ISO 27001 Compliance Questionnaire - Information Security Awareness and Training See Risk Treatment Plan 7.2.3 Disciplinary process Yes Yes Information Security Policies and Procedures - Human Resource Security 7.3 Termination and change of employment 7.3.1 Termination or change of employment responsibilities Yes Yes Information Security Policies and Procedures - Human Resource Security A.8 Asset management 8.1 Responsibilities for assets 8.1.1 Inventory of assets Yes Yes Asset Inventory Worksheet 8.1.2 Ownership of assets Yes Yes Asset Inventory Worksheet 8.1.3 Acceptable use of assets Yes Yes Information Security Policies and Procedures - Asset Management 8.1.4 Return of assets Yes Yes Information Security Policies and Procedures - Asset Management; ISO 27001 Compliance Questionnaire - Employee Termination 8.2 Information classification 8.2.1 Classification of information Yes Yes Information Security Policies and Procedures - Information Classification and Labeling
  • 3. ISO 27001-2013 Auditor Checklist 1/2/2020 The ISO 27001 Auditor Checklist gives you a high-level overview of how well the organisation complies with ISO 27001:2013. The checklist details specific compliance items, their status, and helpful references. Use the checklist to quickly identify potential issues to be re-mediated in order to achieve compliance. Control Description Applicable In Compliance References Issues 8.2.2 Labeling of information Yes No Information Security Policies and Procedures - Information Classification and Labeling; ISO 27001 Compliance Questionnaire - Information Classification and Labeling See Risk Treatment Plan 8.2.3 Handling of assets Yes Yes Information Security Policies and Procedures - Information Classification and Labeling 8.3 Media handling 8.3.1 Management of removable media Yes No Information Security Policies and Procedures - Management of removable media; Site Walkthrough Checklist See Risk Treatment Plan 8.3.2 Disposal of media Yes No Information Security Policies and Procedures - Management of removable media; Site Walkthrough Checklist See Risk Treatment Plan 8.3.3 Physical media transfer Yes Yes Information Security Policies and Procedures - Management of removable media; ISO 27001 Compliance Questionnaire - Media Handling A.9 Access control A.9 Responsibilities for assets 9.1.1 Access control policy Yes Yes Information Security Policies and Procedures - Access control policy; Evidence of Compliance - User Access 9.1.2 Access to networks and network services Yes Yes Information Security Policies and Procedures - Access control policy; Evidence of Compliance - User Access 9.2 Responsibilities for assets 9.2.1 User registration and de-registration Yes Yes Information Security Policies and Procedures - Access control policy; Evidence of Compliance - User Access 9.2.2 User access provisioning Yes Yes Information Security Policies and Procedures - Access control policy; Evidence of Compliance - User Access 9.2.3 Management of privileged access rights Yes Yes Information Security Policies and Procedures - Access control policy; Evidence of Compliance - User Access
  • 4. ISO 27001-2013 Auditor Checklist 1/2/2020 The ISO 27001 Auditor Checklist gives you a high-level overview of how well the organisation complies with ISO 27001:2013. The checklist details specific compliance items, their status, and helpful references. Use the checklist to quickly identify potential issues to be re-mediated in order to achieve compliance. Control Description Applicable In Compliance References Issues 9.2.4 Management of secret authentication information of users Yes Yes Information Security Policies and Procedures - Access control policy; Evidence of Compliance - User Access 9.2.5 Review of user access rights Yes No Information Security Policies and Procedures - Access control policy; User Access Rights Review Worksheet; Evidence of Compliance - User Access Management See Risk Treatment Plan 9.2.6 Removal or adjustment of access rights Yes Yes Information Security Policies and Procedures - Access control policy; Evidence of Compliance - User Access 9.3 User responsibilities 9.3.1 Use of secret authentication information Yes Yes Information Security Policies and Procedures - User responsibilities 9.4 System and application access control 9.4.1 Information access restrictions Yes No Information Security Policies and Procedures - Access Control Policy; Evidence of Compliance - User access management See Risk Treatment Plan 9.4.2 Secure log-on procedures Yes Yes Information Security Policies and Procedures - Access Control Policy; Evidence of Compliance - User access management 9.4.3 Password management system Yes No Information Security Policies and Procedures - Access Control Policy; Evidence of Compliance - User access management See Risk Treatment Plan 9.4.4 Use of privileged utility programs Yes No Information Security Policies and Procedures - Access Control Policy; Evidence of Compliance - User access management See Risk Treatment Plan 9.4.5 Access control to program source code Yes No Information Security Policies and Procedures - Access Control Policy; ISO 27001 Compliance Questionnaire - Access control to program source; Evidence of Compliance - User access management See Risk Treatment Plan A.10 Cryptography 10.1 Cryptographic controls 10.1.1 Policy on the use of cryptographic controls Yes No Information Security Policies and Procedures - Cryptography; ISO 27001 Compliance Questionnaire - Cryptography; Evidence of Compliance - Cryptography See Risk Treatment Plan
  • 5. ISO 27001-2013 Auditor Checklist 1/2/2020 The ISO 27001 Auditor Checklist gives you a high-level overview of how well the organisation complies with ISO 27001:2013. The checklist details specific compliance items, their status, and helpful references. Use the checklist to quickly identify potential issues to be re-mediated in order to achieve compliance. Control Description Applicable In Compliance References Issues 10.1.2 Key management Yes No Information Security Policies and Procedures - Cryptography; ISO 27001 Compliance Questionnaire - Cryptography; Evidence of Compliance - Cryptography See Risk Treatment Plan A.11 Physical and environmental security 11.1 Secure areas 11.1.1 Physical security perimeter Yes No Information Security Policies and Procedures - Physical and environmental security; Site Walkthrough Checklist See Risk Treatment Plan 11.1.2 Physical entry controls Yes No Information Security Policies and Procedures - Physical and environmental security; Site Walkthrough Checklist See Risk Treatment Plan 11.1.3 Securing offices, rooms and facilities Yes No Information Security Policies and Procedures - Physical and environmental security; Site Walkthrough Checklist See Risk Treatment Plan 11.1.4 Protection against external and environmental threats Yes Yes Information Security Policies and Procedures - Physical and environmental security 11.1.5 Working in secure areas Yes Yes Information Security Policies and Procedures - Physical and environmental security 11.1.6 Delivery and loading areas Yes Yes Information Security Policies and Procedures - Physical and environmental security 11.2 Equipment 11.2.1 Equipment siting and protection Yes Yes Information Security Policies and Procedures - Physical and environmental security; Site Walkthrough Checklist 11.2.2 Supporting utilities Yes Yes Information Security Policies and Procedures - Physical and environmental security 11.2.3 Cabling security Yes No Information Security Policies and Procedures - Physical and environmental security; Site Walkthrough Checklist See Risk Treatment Plan 11.2.4 Equipment maintenance Yes Yes Information Security Policies and Procedures - Physical and environmental security 11.2.5 Removal of assets Yes Yes Information Security Policies and Procedures - Physical and environmental security 11.2.6 Security of equipment and assets off-premises Yes Yes Information Security Policies and Procedures - Physical and environmental security
  • 6. ISO 27001-2013 Auditor Checklist 1/2/2020 The ISO 27001 Auditor Checklist gives you a high-level overview of how well the organisation complies with ISO 27001:2013. The checklist details specific compliance items, their status, and helpful references. Use the checklist to quickly identify potential issues to be re-mediated in order to achieve compliance. Control Description Applicable In Compliance References Issues 11.2.7 Secure disposal or re-use of equipment Yes Yes Information Security Policies and Procedures - Physical and environmental security 11.2.8 Unattended user equipment Yes No Information Security Policies and Procedures - Physical and environmental security; Evidence of Compliance - Screen Lock Settings See Risk Treatment Plan 11.2.9 Clear desk and clear screen policy Yes No Information Security Policies and Procedures - Physical and environmental security; Evidence of Compliance - Screen Lock Settings; Site Walkthrough Checklist See Risk Treatment Plan A.12 Operations security 12.1 Operational procedures and responsibilities 12.1.1 Documented operating procedures Yes Yes Information Security Policies and Procedures - Documented operating procedures; ISO 27001 Compliance Questionnaire - Documented operating procedures 12.1.2 Change management Yes Yes Information Security Policies and Procedures - Documented operating procedures 12.1.3 Capacity management Yes Yes Information Security Policies and Procedures - Documented operating procedures 12.1.4 Separation of development, testing and operational environments Yes Yes Information Security Policies and Procedures - Documented operating procedures; Asset inventory worksheet 12.2 Protection from malware 12.2.1 Controls against malware Yes No Information Security Policies and Procedures - Protection from malware; Evidence of Compliance - Endpoint Security See Risk Treatment Plan 12.3 Backup 12.3.1 Information Backup Yes Yes Information Security Policies and Procedures - Backup; Evidence of Compliance - Backup 12.4 Logging and Monitoring 12.4.1 Event logging Yes No Information Security Policies and Procedures - Logging and monitoring; Evidence of Compliance - Logging and monitoring; Login History Reports See Risk Treatment Plan 12.4.2 Protection of log information Yes No Information Security Policies and Procedures - Logging and monitoring; Evidence of Compliance - Logging and monitoring; Login History Reports See Risk Treatment Plan
  • 7. ISO 27001-2013 Auditor Checklist 1/2/2020 The ISO 27001 Auditor Checklist gives you a high-level overview of how well the organisation complies with ISO 27001:2013. The checklist details specific compliance items, their status, and helpful references. Use the checklist to quickly identify potential issues to be re-mediated in order to achieve compliance. Control Description Applicable In Compliance References Issues 12.4.3 Administrator and operator log Yes No Information Security Policies and Procedures - Logging and monitoring; Evidence of Compliance - Logging and monitoring; Login History Reports See Risk Treatment Plan 12.4.4 Clock synchronization Yes No Information Security Policies and Procedures - Logging and monitoring; Evidence of Compliance - Logging and monitoring; Login History Reports See Risk Treatment Plan 12.5 Control of operational software 12.5.1 Installation of software on operational systems Yes Yes Information Security Policies and Procedures - Control of operational software 12.6 Technical vulnerability management 12.6.1 Management of technical vulnerabilities Yes No Information Security Policies and Procedures - Technical vulnerability management; Evidence of Compliance - Technical vulnerability management; External Vulnerability Scan summary; Internal Vulnerability Scan summary See Risk Treatment Plan 12.7.2 Restriction on software installation Yes No Information Security Policies and Procedures - Technical vulnerability management; Evidence of Compliance - Restriction on software installation See Risk Treatment Plan 12.7 Information systems audit considerations 12.7.1 Information system audit control Yes Yes Information Security Policies and Procedures - Information systems audit controls A.13 Communications security 13.1 Network security management 13.1.1 Network controls Yes Yes Information Security Policies and Procedures - Network controls 13.1.2 Security of network services Yes Yes Information Security Policies and Procedures - Security of network services 13.1.3 Segregation in networks Yes Yes Information Security Policies and Procedures - Segregation in networks; Evidence of Compliance - Segregation in Networks 13.2 Information transfer 13.2.1 Information transfer policies and procedures Yes Yes Information Security Policies and Procedures - Information transfer policies 13.2.2 Agreements on information transfer Yes No Information Security Policies and Procedures - Agreements on information transfer See Risk Treatment Plan
  • 8. ISO 27001-2013 Auditor Checklist 1/2/2020 The ISO 27001 Auditor Checklist gives you a high-level overview of how well the organisation complies with ISO 27001:2013. The checklist details specific compliance items, their status, and helpful references. Use the checklist to quickly identify potential issues to be re-mediated in order to achieve compliance. Control Description Applicable In Compliance References Issues 13.2.3 Electronic messaging Yes Yes Information Security Policies and Procedures - Electronic messaging 13.2.4 Confidentiality or non-disclosure agreements Yes Yes Information Security Policies and Procedures - Confidentiality or non-disclosure agreements A.14 System acquisition, development and maintenance 14.1 Security requirements of information systems 14.1.1 Information security requirements analysis and specification Yes Yes Information Security Policies and Procedures - Information security requirements analysis and requirements 14.1.2 Securing application services on public networks Yes Yes Information Security Policies and Procedures - Securing application services on public networks; Evidence of Compliance - Application Security on Public Networks 14.1.3 Protecting application service transactions Yes Yes Availability of information processing facilities 14.2 Security in development and support processes 14.2.1 In-house development Yes Yes In-house Development; ISO 27001 Compliance Questionnaire - System acquisition, development and maintenance A.15 Suppliers relationships A.16 Information security incident management 16 Information security management Yes No Information Security Policies and Procedures - Information security incident management; ISO 27001 Compliance Questionnaire - Information security incident management See Risk Treatment Plan A.17 Information security aspects of business continuity management 17.1 Information security continuity Yes Yes Information Security Policies and Procedures - Business Continuity Plan; ISO 27001 Compliance Questionnaire - Business Continuity Management 17.2 Redundancies A.18 Compliance 18.1 Compliance with legal and contractual requirements
  • 9. ISO 27001-2013 Auditor Checklist 1/2/2020 The ISO 27001 Auditor Checklist gives you a high-level overview of how well the organisation complies with ISO 27001:2013. The checklist details specific compliance items, their status, and helpful references. Use the checklist to quickly identify potential issues to be re-mediated in order to achieve compliance. Control Description Applicable In Compliance References Issues 18.1.1 Identification of applicable legislation and contractual requirements Yes Yes Information Security Policies and Procedures - Applicable Legislation; ISO 27001 Compliance Questionnaire - Applicable Legislation; Evidence of Compliance - Applicable Legislation 18.1.2 Intellectual property rights Yes Yes Information Security Policies and Procedures - Intellectual property rights 18.1.3 Protection of records Yes Yes Information Security Policies and Procedures - Protection of records 18.1.4 Privacy and protection of personally identifiable information Yes Yes Information Security Policies and Procedures - Privacy and protection of personally identifiable information 18.1.5 Regulation of cryptographic controls Yes Yes Information Security Policies and Procedures - Regulation of cryptographic controls 18.2 Independent review of information security 18.2 Independent review of information security Yes Yes Information Security Policies and Procedures - Information security review 18.2.1 Compliance with security policies and standards Yes Yes Information Security Policies and Procedures - Information security review 18.2.2 Technical compliance review Yes Yes Information Security Policies and Procedures - Information security review