Internal Audit Checklists
Comprehensive checklists for auditing ISO 27001 clauses and Annex A controls.
[Note: Due to length constraints, this represents a condensed version. A full implementation would include detailed checklists for all clauses and controls.]
Using These Checklists
Response Codes:
- C (Conforming): Requirement met with evidence
- NC (Nonconforming): Requirement not met
- OFI (Opportunity for Improvement): Could be better
- N/A (Not Applicable): Not relevant
Sample Checklist Structure
Clause 4.3: ISMS Scope
| Check | Question | Evidence | Status | Notes |
|---|---|---|---|---|
| 4.3.1 | Is the ISMS scope documented? | Scope document | ||
| 4.3.2 | Does scope consider context (4.1)? | Scope analysis | ||
| 4.3.3 | Are boundaries clearly defined? | Scope statement |
Clause 9.2: Internal Audit
| Check | Question | Evidence | Status | Notes |
|---|---|---|---|---|
| 9.2.1 | Are audits conducted at planned intervals? | Audit schedule | ||
| 9.2.2 | Do audits verify ISMS conformity? | Audit reports | ||
| 9.2.3 | Is auditor independence ensured? | Auditor assignments |
Next Lesson: Learn best practices for conducting professional audits.