Scribd
Upload
363 views13 pages

Office Information Security Audit Checklist

Office Information Security Audit Checklist

Uploaded by

Shah Khan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
363 views13 pages

Office Information Security Audit Checklist

Office Information Security Audit Checklist

Uploaded by

Shah Khan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 13

OFFICE

INFORMATION
SECURITY AUDIT
CHECKLIST

1
© Distributed by Resilify.io under a Creative Commons Share Alike License.
Contents

Contents_______________________________________________________________________________________________2
Office Information Security Audit Checklist____________________________________________________3
Summary______________________________________________________________________________________________3
About the Audit_______________________________________________________________________________________3
Audit Work____________________________________________________________________________________________3
1. Leavers____________________________________________________________________________________________________3
2. Asset Management__________________________________________________________________________________________4
3. Access Management______________________________________________________________________________________4
4. Physical Security_________________________________________________________________________________________5
5. IT Operations_____________________________________________________________________________________________8
6. Suppliers & Contractors_________________________________________________________________________________9
7. Incident Reporting______________________________________________________________________________________10
8. Business Continuity_____________________________________________________________________________________10

License_______________________________________________________________________________________________11

2
© Distributed by Resilify.io under a Creative Commons Share Alike License.
Office Information Security Audit Checklist

Summary
This template covers some basic information security checks and can be used to
provide an audit of your office.  

It is not intended as a full internal audit of an ISO 27001 management system. For
help or assistance contact Assent Risk Management.

About the Audit

Company: XYZ Limited Auditor:

Audit Date: DD/MM/YY

Audit Work

1. Leavers

Q1.1 Are all staff aware of recent leavers, and know that they should
(A7.3.1) not be on-site unescorted?
Evidence:
Email Notification for example

Finding Compliant ☐  Needs Improvement ☐ Non-Compliant ☐

Q1.2 Have all recent leavers returned their fobs/cards/keys or had


(A7.3.1 them disabled? 
A11.1.2)
Evidence:

3
© Distributed by Resilify.io under a Creative Commons Share Alike License.
Finding Compliant ☐  Needs Improvement ☐ Non-Compliant ☐

Q1.3 Is the alarm code known to any recent leavers? If so, has this
(A7.3.1 been changed?
A11.1.2)
Evidence:

Finding Compliant ☐  Needs Improvement ☐ Non-Compliant ☐

2. Asset Management

Q2.1 Have leavers returned all their issued equipment (Laptops,


(A8.1.4) Phones)?
Evidence:

Finding Compliant ☐  Needs Improvement ☐ Non-Compliant ☐

Q2.2 Are all documents and digital data classified and labelled
(A8.2.1 according to the company’s procedures, before being sent out?
A8.2.2)
Evidence
:

Finding Compliant ☐  Needs Improvement ☐ Non-Compliant ☐

Q2.3 Is all confidential post and parcels physically secured until


(A8.2.3) collection?
Evidence:

Finding Compliant ☐  Needs Improvement ☐ Non-Compliant ☐

4
© Distributed by Resilify.io under a Creative Commons Share Alike License.
3. Access Management

Q3.1 Are all visitors provided with segregated internet access, for
(A9.2.1) example a guest WIFI network?

Evidence:

Finding Compliant ☐  Needs Improvement ☐ Non-Compliant ☐

4. Physical Security

Q4.1 Is the entry from the street restricted?


(A11.1.1)
Evidence:

Finding Compliant ☐  Needs Improvement ☐ Non-Compliant ☐

Q4.2 Are all controlled doors shut and secured?


(A11.1.2)
Evidence:

Finding Compliant ☐  Needs Improvement ☐ Non-Compliant ☐

Q4.3 Do all visitors, suppliers and contractors sign-in and out of a


(A11.1.2) visitor’s book?

Evidence
:

Finding Compliant ☐  Needs Improvement ☐ Non-Compliant ☐

5
© Distributed by Resilify.io under a Creative Commons Share Alike License.
Q4.4 Are all secure rooms & facilities, including the server room,
(A11.1.3) secured?

Evidence
:

Finding Compliant ☐  Needs Improvement ☐ Non-Compliant ☐

Q4.5 Are the fire detection systems operational and showing no


(A11.1.4) errors or warnings?

Evidence:

Finding Compliant ☐  Needs Improvement ☐ Non-Compliant ☐

Q4.6 Are the intruder detection systems operational and showing no


(A11.1.4) errors or warnings?

Evidence:

Finding Compliant ☐  Needs Improvement ☐ Non-Compliant ☐

Q4.7 Is critical infrastructure including the server room appropriately


(A11.1.4) temperature controlled for example using Air Conditioning?

Evidence:

Finding Compliant ☐  Needs Improvement ☐ Non-Compliant ☐

Q4.8 Is all OUTGOING post and parcels stored securely before


(A11.1.6) collection by an approved courier or the Royal Mail?

Evidence:

6
© Distributed by Resilify.io under a Creative Commons Share Alike License.
Finding Compliant ☐  Needs Improvement ☐ Non-Compliant ☐

Q4.9 Is all INCOMING post and parcels stored securely before being
(A11.1.6) distributed to the recipient?

Evidence:

Finding Compliant ☐  Needs Improvement ☐ Non-Compliant ☐

Q4.10 Is any equipment vulnerable to theft or damage, for example in a


(A11.2.1) goods-in area?

Evidence:

Finding Compliant ☐  Needs Improvement ☐ Non-Compliant ☐

Q4.11 Is the power generator, UPS or other power backup operational?


(A11.2.2)
Evidence:

Finding Compliant ☐  Needs Improvement ☐ Non-Compliant ☐

Q4.12 Has all supporting equipment been maintained to the


(A11.2.4) manufacturer’s recommendations?

Evidence:  Fire Alarm


 Intruder Alarm
 Air Conditioning

7
© Distributed by Resilify.io under a Creative Commons Share Alike License.
 PAT Testing
 Generator

Finding Compliant ☐  Needs Improvement ☐ Non-Compliant ☐

Q4.13 Are contractors validated before removing equipment from site


(A11.2.5) (for example the photocopier supplier?)

Evidence:

Finding Compliant ☐  Needs Improvement ☐ Non-Compliant ☐

Q4.14 Is all equipment securely destroyed at the end-of-life, with


(A11.2.7) supporting certificates-of-destruction?

Evidence:

Finding Compliant ☐  Needs Improvement ☐ Non-Compliant ☐

Q4.15 Have staff left any unlocked computers unattended?


(A11.1.8)
Evidence:

Finding Compliant ☐  Needs Improvement ☐ Non-Compliant ☐

Q4.16 Have staff left any confidential documentation on their desk


(A11.1.9) which could be compromised?

Evidence:

8
© Distributed by Resilify.io under a Creative Commons Share Alike License.
Finding Compliant ☐  Needs Improvement ☐ Non-Compliant ☐

5. IT Operations

Q5.1 Is your Anti-Virus software up-to-date?


(A12.2.1)
Evidence:

Finding Compliant ☐  Needs Improvement ☐ Non-Compliant ☐

Q5.2 Is all important data stored centrally (i.e. on a server) so it can be


(A12.2.2) backed up?

Evidence:

Finding Compliant ☐  Needs Improvement ☐ Non-Compliant ☐

Q5.3 Do all the systems you use show the correct time?
(A12.4.4)

Evidence:

 Your Computer
 CCTV System
 Fire Alarm
 Intruder Alarm
 Access Control System

Finding Compliant ☐  Needs Improvement ☐ Non-Compliant ☐

Q5.4 Do all the systems you use appear to have up-to-date OS (i.e
(A12.4.4) Windows Updates)?

9
© Distributed by Resilify.io under a Creative Commons Share Alike License.
Evidence:

 Your Computer
 CCTV System
 Fire Alarm
 Intruder Alarm
 Access Control System

Finding Compliant ☐  Needs Improvement ☐ Non-Compliant ☐

6. Suppliers & Contractors

Q6.1 Are all suppliers verified before being given access to site?
(A15.1.1)
Evidence:

Finding Compliant ☐  Needs Improvement ☐ Non-Compliant ☐

Q6.2 Do all suppliers and contractors sign-in before entering site, and
(A15.1.1) sign-out on leaving?

Evidence:

Finding Compliant ☐  Needs Improvement ☐ Non-Compliant ☐

Q6.3 Are all suppliers easily identifiable while on site (for example
(A15.1.1) wear a visitor badge or lanyard?)

Evidence:

10
© Distributed by Resilify.io under a Creative Commons Share Alike License.
Finding Compliant ☐  Needs Improvement ☐ Non-Compliant ☐

7. Incident Reporting 

Q7.1 Is there a clear escalation process for reporting suspected


(A16.1.1) security incidents within the company?

Evidence:

Finding Compliant ☐  Needs Improvement ☐ Non-Compliant ☐

Q7.2 Is there an up-to-date list of internal and external key contacts


(A16.1.1) for an emergency?

Evidence:

Finding Compliant ☐  Needs Improvement ☐ Non-Compliant ☐

8. Business Continuity

Q8.1 Is a copy of the business continuity plan easily accessible in the


(A17.1.1) event of a business disruption?

Evidence:

Finding Compliant ☐  Needs Improvement ☐ Non-Compliant ☐

11
© Distributed by Resilify.io under a Creative Commons Share Alike License.
Q8.2 Has the business continuity plan been tested in the last 12
(A17.1.3) months?

Evidence:

Finding Compliant ☐  Needs Improvement ☐ Non-Compliant ☐

---- END ----

License

12
© Distributed by Resilify.io under a Creative Commons Share Alike License.
Licensed by Assent Risk Management via Resilify.io Under a Creative Commons Share Alike License.

13
© Distributed by Resilify.io under a Creative Commons Share Alike License.

You might also like