ISO 27001:2013 Checklist

ISO 27001:2013 Checklist

Information Technology, Security Techniques & Management Systems




Request a Quick Quote

Get Your Free ISO Checklist

Training Sessions

Our training course are designed to provide a basic and contextualised introduction to ISO certification as well as provide a practical overview of how it applies to your business.

Contact Us

Speak to one of our helpful team about your certification needs.




Performance Evaluation



A.5.1 Management Direction
A set of information security policies

A.6.1 Internal Organisation
Roles and responsibilities, segregation of duties, contact with relevant authorities, contact with special interest groups, information security implemented in project management

A6.2 Mobile Devices and Teleworking
A policy and measures for mobile devices. A policy and measures for teleworking

A7.1 Prior to Employment
Pre-screening of employees, information security terms and conditions of employment

A7.2 During Employment
Management’s responsibility, awareness education and training, disciplinary processes

A7.3 Termination and Change of Employment
Responsibilities post-employment

A8.1 Responsibility for Assets
Asset Inventory, ownership, acceptable use, return of assets

A8.2 Information Classification
Classification of information, labelling information and handling assets

A8.3 Media Handling
Managing removal media, disposal of media, transfer of media

A9.1 Access Control
Access Control Policy, Access to networks and network services

A9.2 User Access Management
Registration and de-registration, provisioning, privileges, authentication, access rights, removal of rights

A9.3 User Responsibility
Authentication responsibilities

A9.4 System and Application Access Control
Access, log-on procedures, password management, utility programs, access to source code

A10.1 Cryptography
Cryptography Policy, Key Management

A11.1 Secure Areas
Physical security perimeters, entry controls, securing offices and facilities, external and environmental threats, secure areas, delivery and loading docks

A11.2 Equipment
Equipment siting, support utilities, cabling, equipment maintenance, removal of assets, securing equipment offsite, unattended user equipment, clear desk and clear screen

A12.1 Operational Procedures and Responsibilities
Documented operational procedures, change management, capacity management, separation of development and testing

A12.2 Malware
Protection against malware

A12.3 Backup
Backups in place and tested regularly

A12.4 Logging and Monitoring
Event logging, storing log in formation, administrator and operator logs, clock synchronisation

A12.5 Operational Software
Protection of installed software

A12.6 Technical Vulnerability Management
Management of vulnerabilities, restrictions on software installation

A12.7 Information Security Audits
Audits and verification of operational systems

A13.1 Network Security Management
Network controls, network services security, segregation in networks

A13.2 Information Transfer
Transfer policies and procedures, external parties, email, confidentiality and non-disclosure agreements

A14.1 Information Systems
Requirements, application services and public networks, application service transactions

A14.2 Development and Support
Development Policy, System change procedures, Operating Platform changes, modification to software
packages, secure system engineering, development
environment, outsourced development, security testing, acceptance testing

A14.3 Test data
Protecting test data

A15.1 Supplier Relationships
Supplier access, supplier agreements, supply chain

A15.2 Supplier Services
Monitor and audit suppliers, changes to supplier services

A16.1 Incidents and Improvements
Incident responsibilities, reporting of incidents, reporting weaknesses, assessment of events, incident response, learnings, collecting evidence

A17.1 Continuity
Continuity requirements, implementation of continuity processes, verifying and evaluating processes

A17.2 Redundancies
Ensuring information processing

A18.1 Compliance with Legal and Contractual Requirements
Documenting requirements, intellectual rights, protecting records, privacy, cryptographic regulations

A18.2 Security Reviews
Independent reviews, compliance with policies, technical compliance review

ISO 27001 Information Security

Information Security is essential to the success of operations for any organisation. Standards are designed for companies to oversee asset security and safety from potential threats within the digital world.

What is ISO 27001 Information Security?

ISO 27001 is part of the ISO 27000 certification family and includes requirements for the assessment and treatment of information security risks tailored to the needs of the organisation. It’s not all about risk though.

Why do I need ISO 27001 Certification?

The adoption of these processes gives you, your employees, regulators and clients the confidence that your information security risks are known and adequately managed.

How can I get certified?

Getting ISO certification is a lot easier than you might think, We take you through the three step audit process from your initial enquiry to the final certification decision.

ISO 27001 Certification Throughout Australia

Compass Assurance Services have offices and staff located throughout Australia including Brisbane, Melbourne, Perth, Adelaide, and Sydney.

Want to speak to someone?

Contact Us

Contact us and speak to one of our helpful team about your ISO certification needs. We can offer certification to smaller, niche standards and to other non-accredited (non ISO) standards as well.

Request a Quote

Request an obligation free quote today, tailored specifically to your business’ certification needs and industry.

Our Values

Our Policies