ISO 27001 IT Audit Checklist

Overview

Complete the following checklist as you examine the status of the controls implementation in the organization. This review might help your organization prepare for ISO 27001 implementation and certification, but the requirements might not be limited to the ones included in this checklist. Each company has different information security requirements, technology environment and applicable laws and regulations. A subject matter expert should evaluate the status of the company before pursuing the ISO 27001 certification. To support that the controls have been implemented in and effective manner, evidence must be requested, analyzed, and retained. The type of supporting evidence accepted will vary depending on the nature of the control. Some of the accepted evidence can include, but is not limited to policies and procedures, organizational charts, process narratives, standard operating procedures, risk assessments results, previous audit reports, system logs, meeting minutes, executive or management reports, information security program, among others