Equipment Security Audit Checklist

Equipment Security Audit Checklist
Clause 9.2 ISO 27001

1. Equipment sitting and protection

• Whether the equipment is protected to reduce the risks from environmental threats and hazards, and opportunities for unauthorized access.

2. Supporting utilities

• Whether the equipment is protected from power ‎failures and other disruptions caused by failures in ‎supporting utilities.

• Whether permanence of power supplies, such as a ‎multiple feed, an Uninterruptible Power Supply (ups), ‎a backup generator, etc. are being utilized‎.

3. Cabling security

• Whether the power and telecommunications cable, carrying data or supporting information services, is protected from interception or damage.

• Whether there are any additional security controls in place for sensitive or critical information.

4. Equipment Maintenance

• Whether the equipment is correctly maintained to ‎ensure its continued availability and integrity. ‎

• Whether the equipment is maintained, as per the ‎supplier’s recommended service intervals and ‎specifications. ‎

• Whether the maintenance is carried out only by ‎authorized personnel.

• Whether logs are maintained with all suspected or actual faults and all preventive and corrective measures.

• Whether appropriate controls are implemented while ‎sending equipment off premises.

• Are the equipment covered by insurance and the ‎insurance requirements satisfied‎.

5. Securing of equipment off-premises

• Whether risks were assessed with regards to any ‎equipment usage outside an organization’s premises, ‎and mitigation controls implemented.

• Whether the usage of an information processing ‎facility outside the organization has been authorized by ‎the management. ‎

6. Secure disposal or re-use of equipment

• Whether all equipment, containing storage media, is checked to ensure that any sensitive information or licensed software is physically destroyed, or securely over-written, prior to disposal or reuse.

7. Removal of property

• Whether any controls are in place so that equipment, information and software is not taken off-site without prior authorization.

Related documents

ISO 27001 checklist

Advertisement

Sponsor sites:

1. Phrases For Performance Appraisals.

2. Interview questions and answers.
This entry was posted on Tuesday, November 24th, 2009 at 3:44 pm and is filed under ISO 27001 checklist. You can leave a response, or trackback from your own site.

Leave a Reply

CAPTCHA Image
*

Comment moderation is enabled. Your comment may take some time to appear.