| Audit Date | Auditor Name | ||
|---|---|---|---|
| Department/Team | Location |
| Item | Compliant (Y/N) | Evidence/Comments |
|---|---|---|
| Written security policies in place | ||
| Access control policies established | ||
| Incident response procedures documented |
| Item | Compliant (Y/N) | Evidence/Comments |
|---|---|---|
| Asset inventory maintained | ||
| Critical assets identified |
| Item | Compliant (Y/N) | Evidence/Comments |
|---|---|---|
| User access reviews performed regularly | ||
| Multi-factor authentication implemented | ||
| Accounts deactivated when no longer required |
| Item | Compliant (Y/N) | Evidence/Comments |
|---|---|---|
| Firewalls configured and maintained | ||
| Regular vulnerability scans performed |
| Item | Compliant (Y/N) | Evidence/Comments |
|---|---|---|
| Secured server and equipment rooms | ||
| Visitor access controls in place |
| Item | Compliant (Y/N) | Evidence/Comments |
|---|---|---|
| Data encryption in transit and at rest | ||
| Regular data backups tested | ||
| Data retention and disposal procedures implemented |
| Item | Compliant (Y/N) | Evidence/Comments |
|---|---|---|
| Security awareness training conducted | ||
| Phishing simulations performed |