Audit Checklist for IT Department

Use this Audit Checklist for the IT Department to evaluate your IT processes, ensuring efficiency, security, and compliance with organizational standards.

Download as free PDF

Library
IT & Data Center
Audit Checklist for IT Department

Anti-Virus Software

Network Firewall

Hardware

Passwords

Accounts

Physical Security

Alerts

Employee Requirements

Disaster Recovery And Incident Response

Document Disposal

Backups

Security Protocols

IT Logs

Incident Reports

Outages

Storage And Utilization

Network Performance

Cost

Systems Development

Testing

Implementation

Is this sample what you are looking for?
Sign up to use & customise this template, or create your own custom checklist:

Checklist by GoAudits.com – Please note that this checklist is intended as an example. We do not guarantee compliance with the laws applicable to your territory or industry. You should seek professional advice to determine how this checklist should be adapted to your workplace or jurisdiction.

Easy inspection app for your digital checklists

Conduct inspections anytime, anywhere - even offline
Capture photos as proof of compliance or areas needing attention
Instantly generate and share detailed reports after the inspections
Assign & track follow-up tasks, view historical trends on a centralized dashboard

Audit Checklist for IT Department

Use this Audit Checklist for the IT Department to evaluate your IT processes, ensuring efficiency, security, and compliance with organizational standards.

1. Is security software installed and active on all devices?

2. Is security software updated regularly?

3. Are patches installed and configured properly immediately after an incident?

1. Is the network firewall installed and active?

2. Is the network firewall updated regularly?

3. Is an intrusion detection and prevention system (IDS/IPS) included in the security software?

1. Do all devices have password-protected screen locks?

2. Do all devices meet minimum hardware requirements for security programs to run properly?

3. Are owned devices inventoried and tracked?

1. Are passwords encrypted?

2. Do passwords require alphabetic, numeric, and symbolic characters?

3. Must passwords be changed every 3 months?

4. Do accounts lock after a set number of invalid login attempts?

5. Are group passwords not permitted?

1. Are dormant accounts removed after deactivation?

2. Is account information transmitted via encrypted format only?

3. Are admin privileges granted on an as-needed basis?

1. Do all company properties have locks on all windows and doors?

2. Do all company properties have full security camera coverage at the office?

3. Is mobile hardware locked and checked in and out for use?

4. Do mobile devices have remote wipe software installed in case of theft?

5. Do remote employees' home networks meet minimum security requirements?

1. Is there an alert for unauthorized system access?

2. Is there an alert for unplanned system modifications?

3. Is there an alert for system or physical security intrusion?

4. Are alerts monitored 24/7?

1. Are background checks required for system access?

2. Must employees acknowledge and sign a security policy agreement before receiving access to secure systems?

3. Must employees participate in annual security awareness and training?

1. Is the business emergency plan documented, updated regularly, and disseminated with all employees, third-party vendors, and partners?

2. Do employees undergo emergency response training annually?

3. Is the emergency chain of command clear, and are emergency roles well-defined?

1. Are all sensitive physical documents shredded when no longer needed?

2. Are shredded documents stored in a locked container and disposed of professionally?

3. Are all devices factory reset before changing users or being thrown out/sold/donated?

1. Is critical data backed up daily?

2. Are backups checked and validated regularly?

3. Are files backed up in 2+ separate places?

1. Is documentation formalized and updated regularly and after system modifications and security events?

2. Is documentation disseminated to all employees, third-party vendors, and partners?

1. Are IT logs secured to prohibit tampering?

2. Is IT logs reviewed at least once per week?

3. Are IT logs retained for at least 6 months?

1. Are incident descriptions, times, and dates recorded?

2. Are causes and solutions recorded, and procedures updated if necessary?

3. Is the business impact assessed for each incident?

1. Are outage frequency (planned and unplanned), mean time to resolve, mean time between failures, total infrastructure downtime, total system downtime, and downtime by service regularly monitored?

1. Is RAM utilization regularly monitored?

2. Is hard drive storage utilization regularly monitored?

3. Is cloud storage utilization regularly monitored?

1. Are upload and download speeds regularly monitored?

2. Is network latency regularly monitored?

1. Are total IT expenses, IT expenses per employee, cost per user, and cost per unit asset regularly reviewed?

1. Is there a review process for determining system development needs?

2. Are system design and development procedures adequate, well-documented, and followed?

3. Are approvals required at appropriate stages in the development process?

4. Are data entry documents accurate and comprehensive?

1. Are tests comprehensive and sufficiently rigorous?

2. Is system and program testing implemented correctly?

1. Are there review procedures for program implementation?

2. Is the implementation process documented, and standards are followed?

3. Are changes properly approved?

4. Are appropriate controls in place to maintain security during and after implementation?

5. Is the post-implementation review process documented, and standards are followed?