Your checklists (
0
)
AI Checklist Generator
From the makers of
Manifestly Checklists
Sign in
Email address
Email me a magic link
Home
> ISO 27002 Version 2022 Audit questionnaire
ISO 27002 Version 2022 Audit questionnaire
Information Security Policy
Does the organization have an information security policy?
Is the information security policy reviewed and approved by management?
Is the information security policy communicated to all employees?
Is the information security policy regularly reviewed and updated?
Organization of Information Security
Management Commitment
Does top management demonstrate commitment to information security?
Are responsibilities for information security defined and communicated?
Is there a designated information security officer?
Is there a clear organizational structure for information security?
Internal Organization
Are roles and responsibilities for information security defined?
Is segregation of duties implemented where appropriate?
Are employees aware of their information security responsibilities?
Is there a process for managing information security incidents?
Human Resource Security
Prior to Employment
Are background checks conducted for new employees?
Are employment contracts or agreements in place?
Are employees required to sign confidentiality agreements?
During Employment
Is security awareness training provided to employees?
Are employees aware of the consequences of non-compliance?
Are employees required to report any security incidents or breaches?
Is there a process for disciplinary action in case of non-compliance?
Asset Management
Responsibility for Assets
Are information assets identified and assigned to responsible individuals?
Is there a process for the classification of information assets?
Is there a process for the protection of information assets?
Information Classification
Are information assets classified based on their importance and sensitivity?
Is there a process for labeling and handling classified information?
Are appropriate controls in place for the storage and access of classified information?
Is there a process for the disposal of information assets?
Access Control
User Access Management
Is there a process for granting and revoking user access rights?
Are user access rights reviewed and updated regularly?
Is there a process for managing user passwords and authentication?
User Responsibilities
Are users aware of their access control responsibilities?
Are users required to use strong passwords?
Is there a process for reporting and managing unauthorized access attempts?
These are just a few examples, and the actual checklist may vary depending on the specific requirements and scope of the ISO 27002 Version 2022 Audit questionnaire.
Download CSV
Download JSON
Download Markdown
Use in Manifestly