Scribd Logo
Upload

Welcome to Scribd!

  • ISO 27701 Audit Checklist - © Lumiform 2023

    Uploaded by

    Bruce ROBERTSON
    252 views3 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    252 views3 pages

    ISO 27701 Audit Checklist - © Lumiform 2023

    Uploaded by

    Bruce ROBERTSON

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    12/26/2023 ISO 27701 Audit Checklist - Download FREE Template | Lumiform Templates

    ★★★★★
    Rated 5/5 stars on Capterra Reports are created
    automatically

    Assign and track


    Say goodbye to paper checklists! detected issues to solve
    Conduct digital inspections via mobile app easier than ever them faster
    before with Lumiform Select from over 5,000
    Scan this QR code or visit
    expert-proofed www.lumiformapp.com and
    templates register for free

    Audit

    Context of the Organization

    The company shall determine its business objectives, and how they relate to information security.
    Done More work Not applicable

    The company shall determine its policies, procedures, and controls for identifying, assessing, and
    managing information security risks.
    Done More work Not applicable

    The company shall determine its communication channels and reporting lines for information security
    incidents, breaches, and near-misses.
    Done More work Not applicable

    Cybersecurity measures

    Are access controls implemented to restrict access to personal data to authorized personnel only?
    Yes No N/A

    Are strong passwords enforced, and are they regularly changed?


    Yes No N/A

    Is data stored in an encrypted format, both in transit and at rest?


    Yes No N/A

    Are data backups regularly performed, and are they stored securely?
    Yes No N/A

    Risk assessment and management

    https://lumiformapp.com/templates/iso-27701-audit-checklist_33631
    12/26/2023 ISO 27701 Audit Checklist - Download FREE Template | Lumiform Templates

    Is there a documented process for identifying and assessing cybersecurity risks?


    Yes No N/A

    Is there a risk mitigation plan in place, and is it regularly reviewed and updated?
    Yes No N/A

    Is there a process for monitoring and reporting on risk mitigation activities?


    Yes No N/A

    Are risk assessments conducted on an ongoing basis, or only in response to significant changes or
    incidents?
    Yes No N/A

    Data subject rights

    Is there a process in place for data subjects to request access to their personal data held by the
    organization?
    Yes No N/A

    Is the organization able to provide data subjects with a copy of their personal data in a commonly used
    electronic format?
    Yes No N/A

    Is there a process in place for verifying the identity of data subjects making requests for access,
    rectification, erasure, or objection?
    Yes No N/A

    Is the process for requesting access clearly communicated to data subjects?


    Yes No N/A

    Consent

    Is there a process in place for obtaining valid consent from data subjects before processing their
    personal data?
    Yes No N/A

    Does the organization provide data subjects with a clear option to withdraw their consent at any time?
    Yes No N/A

    https://lumiformapp.com/templates/iso-27701-audit-checklist_33631
    12/26/2023 ISO 27701 Audit Checklist - Download FREE Template | Lumiform Templates

    Does the organization regularly review and update its processes for obtaining and managing consent to
    ensure they remain compliant with GDPR requirements?
    Yes No N/A

    Does the organization obtain consent from data subjects for processing special categories of personal
    data, where applicable?
    Yes No N/A

    Third-party management

    Does the organization have a process in place for identifying all third parties with which personal data is
    shared?
    Yes No N/A

    Does the organization have written contracts or other legal agreements in place with each third party
    that processes personal data on its behalf?
    Yes No N/A

    Is there a process in place for promptly informing data subjects in the event of a data breach involving a
    third party processor?
    Yes No N/A

    Does the organization have a process in place for assessing the data protection and security measures
    of third parties before engaging in a relationship?
    Yes No N/A

    Please note that this checklist template is a hypothetical example and provides only standard information. The template does not aim to replace,
    among other things, workplace, health and safety advice, medical advice, diagnosis or treatment, or any other applicable law. You should seek
    your professional advice to determine whether the use of such a checklist is appropriate in your workplace or jurisdiction.

    https://lumiformapp.com/templates/iso-27701-audit-checklist_33631

    You might also like