Last updated by: Anonixiate, Last updated on: 01/05/2025
Document Creation: 17 April, 2025. Last Edited: 17 April, 2025. Authors: Shreyas Vivek, Kim Brvenik.
Effective Date: 17 April 2025. Expiry Date: 17 April 2026.
Annual Audit Checklist
Multi-Factor Authenticatio
ML1-MF-09 — Users are periodically trained on recognizing MFA-related phishing and social engineering attempts.
-
Audit Procedure:
Review training logs, completion rates, and test scores from awareness modules. -
Evidence Required:
Training records, quiz results. -
Tools/Methods:
KnowBe4, LMS Reports -
Responsible Team:
Cybersecurity GRC -
Status:
[ ] Pass
[ ] Fail
[ ] N/A -
Notes:
Add notes here during audit.
Office Macros
ML1-OM-09 — Updates to Office macro policy are documented, reviewed, and approved.
-
Audit Procedure:
Inspect change management and policy versioning records. -
Evidence Required:
Change logs, approval emails, version control history. -
Tools/Methods:
Confluence, SharePoint, GitHub -
Responsible Team:
Cybersecurity GRC -
Status:
[ ] Pass
[ ] Fail
[ ] N/A -
Notes:
Add notes here during audit.
Regular Backups
ML1-RB-01 — Identify and document important data, software, and configuration items in BCP for backup inclusion.
-
Audit Procedure:
Review BCP and confirm data classification for backup. -
Evidence Required:
Business Continuity Plan (BCP), asset register. -
Tools/Methods:
Confluence, Excel, Asset Manager -
Responsible Team:
Cybersecurity GRC -
Status:
[ ] Pass
[ ] Fail
[ ] N/A -
Notes:
Add notes here during audit.