Information
-
Audit Title
-
Document No.
-
Client / Site
-
Conducted on
-
Prepared by
-
Location
-
Personnel
-
Ready?
Risk Assessment
-
Has a security risk assessment been executed
-
Have secure area's been defined
-
Is the risk assessment up-to-date
-
ICT security risk assessments<br>
-
ICT continuity
Security policies & plans
-
Has a security plan been defined (in line with risk assessment)?
-
Has a security policy been defined
-
Has a document classification policy been defined
-
Has clear desk policy been defined
-
Are security rounds and clear desk checks planned
-
Is a key management policy in place
-
Contingency/Disaster recovery plan
Controls
-
Access control systems in place (keys or card readers) in line with secure areas defined?<br>
-
How is authorization, registration and review of authorization of keys and badges organized?
-
Safe storage of keys and badges
-
Access control systems in place (IT systems)?<br>
-
How is authorization and review of authorization of IT systems organized?
-
Is the password of admin user stored safely?
-
Are backups made ?
-
Safe storage of backup media
-
Results of clear desk rounds documented?
-
Follow up on clear desk rounds?
Generics
-
Notes
-
Open issues
-
Possitives
-
Findings