ISO 27001 Compliance Checklist Template

Digitalize this paper form now

Register for free on lumiformapp.com and conduct inspections via our mobile app

• Cut inspection time by 50%
• Uncover more issues and solve them 4x faster
• Select from over 4000 expert-proofed templates

★★★★★

★★★★★

Rated 5/5 stars on Capterra

ISO 27001 Compliance Checklist Template

Audit

Insert company logo

Add Photo

Scope

Enter the scope

Opening meeting

List of attendees of opening meeting and their roles

Are there any Health & Safety issues that might affect the conduct of the audit?

Yes No N/A

Overview of the company

Review of previous audit findings

Describe the findings and indicate if they have been addressed and in what way

Key themes

Identify key themes

INFORMATION SECURITY MANAGEMENT SYSTEM

ISMS Policy

Does the ISMS policy include a framework for setting objectives?

Yes No N/A

Take into account legal and regulatory requirements?

Yes No N/A

Establish criteria against which risk will be evaluated?

Yes No N/A

Been approved by management?

Yes No N/A

Record the date the ISMS policy was last updated

Select date

Risk Assessments

Has the risk assessment methodology been defined

Yes No N/A

Describe how risks are identified, analysed, evaluated and treated

Record the date the Risk Assessment was last updated

Select date

Statement of Applicability

Have control objectives and controls been defined, selected, implemented or justification for their exclusion been documented.

Yes No N/A

Record the date the SoA was last updated

Select date

Operating the ISMS

How is the effectiveness of controls measured to ensure consistent and reproducible results?

Is there a log of actions and events which impact upon the effectiveness of the ISMS? Give examples of records seen

Yes No N/A

Is there evidence of any improvements to the ISMS?

Yes No N/A

Is there a documented Control of Documents procedure?

Yes No N/A

Is there Control of Records Procedure? Are records protected and controlled? Have the controls required to identify, store, protect, retrieve, retain, and dispose of records been documented?

Yes No N/A

MANAGEMENT RESPONSIBILITY

Is there evidence that sufficient resources have been provided to adequately monitor, review, maintain and improve the ISMS?

Yes No N/A

Is there a training and awareness programme? Give examples of records seen to demonstrate this.

Yes No N/A

How is the effectiveness of any training given evaluated?

Yes No N/A

INTERNAL ISMS AUDITS

Have Internal ISMS audits been conducted and is there evidence that they have been planned?

Yes No N/A

Give dates and examples of audits conducted

MANAGEMENT REVIEW OF THE ISMS

Have management reviews of the ISMS been conducted and recorded?

Yes No N/A

Give details of the inputs and outputs

Give the date of the latest management review

Select date

ISMS IMPROVEMENT

Are there any records of non-conformities? If yes how have these been addressed and what evidence was seen?

Yes No N/A

Is there any evidence of preventive action taken to identify potential non-conformities, and evaluation of the need for action? Give examples

Yes No N/A

Closing meeting

List of attendees of closing meeting and their roles

Major non-conformances

List any MAJOR non-conformances

❌I regret to inform you that on this occasion I am unable to recommend your certification

Minor non-Conformances

List all MINOR non-conformances

Observations and opportunities for improvemement

List any observations or opportunities for improvement

I am pleased to be able to tell you that you have met the requirements of the standard and I will therefore be recommending your certification

Sign off the audit

Share this template:

Please note that this checklist template is a hypothetical appuses-hero example and provides only standard information. The template does not aim to replace, among other things, workplace, health and safety advice, medical advice, diagnosis or treatment, or any other applicable law. You should seek your professional advice to determine whether the use of such a checklist is appropriate in your workplace or jurisdiction.