Information
-
Audit Title
-
Document No.
-
Client / Site
-
Conducted on
-
Prepared by
-
Location
-
Personnel
Risk Assessment
-
Has a security risk assessment been executed?
-
Have secure area's been defined?
-
Is the risk assessment up-to-date?
-
NASATKA security risk assessments.<br>
Security policies & plans
-
Has a security plan been defined (in line with risk assessment)?
-
Has a security policy been defined?
-
Has a document classification policy been defined?
-
Has clear desk policy been defined?
-
Are security rounds and clear desk checks planned?
-
Is a key management policy in place?
-
Contingency/Disaster recovery plan?
Controls
-
Access control systems in place (keys or card readers) in line with secure areas defined?<br>
-
How is authorization, registration, and review of authorization of keys and badges organized?
-
Safe storage of keys and badges?
-
Access control systems in place (IT systems)?<br>
-
How is authorization and review of authorization of IT systems organized?
-
Is the password of admin user stored safely?
-
Are backups made ?
-
Safe storage of backup media?
-
Results of clear desk rounds documented?
-
Follow up on clear desk rounds?
Generics
-
Notes
-
Open issues
-
Possitives
-
Findings