Your Customised Checklist
Total Items
69
Critical Items
43
Categories
6
Select Categories to Include
Infrastructure & Assets
10 items · 4 critical
Complete hardware inventory with purchase dates and warranty status
CRITICALSoftware license inventory with renewal dates and user counts
CRITICALNetwork diagram showing all devices, connections, and external links
CRITICALCloud services inventory (SaaS, IaaS, PaaS) with subscription details
End-of-life timeline for all major systems and hardware
CRITICALAsset management system in place and current
Identification of redundant or unused systems consuming costs
Documentation of all internet connections and ISPs
Mobile device inventory and management system
Peripheral and printer inventory with support contracts
Security & Access Control
14 items · 11 critical
Multi-factor authentication enabled on all administrative accounts
CRITICALPassword policy enforcing complexity and rotation requirements
CRITICALUser access review completed within last 90 days
CRITICALPrivileged access management and monitoring in place
CRITICALFirewall configurations reviewed and documented
CRITICALAntivirus/EDR deployed on all endpoints with current definitions
CRITICALEmail security (SPF, DKIM, DMARC) properly configured
CRITICALVPN or secure remote access solution with audit logging
CRITICALSecurity patch management process with SLAs defined
CRITICALPenetration testing or vulnerability scanning within last 12 months
Security awareness training completed by all users annually
Data encryption at rest and in transit for sensitive information
CRITICALSIEM or security monitoring solution with 24/7 coverage
Incident response plan documented and tested
CRITICALVendor Management
12 items · 6 critical
Complete list of all technology vendors with contact details
CRITICALAll contracts centrally stored with expiration tracking
CRITICALFormal SLAs in place with response/resolution time commitments
CRITICALMonthly performance reports received from MSP/vendors
Quarterly business reviews scheduled with key vendors
Vendor insurance coverage verification (E&O, Cyber, General Liability)
CRITICALVendor security certifications current (ISO 27001, SOC 2)
CRITICALRight to audit clauses in all vendor contracts
Fair exit terms without unreasonable transition barriers
CRITICALPricing benchmarking against market rates within last 12 months
Vendor succession plan for critical service providers
Annual vendor risk assessments completed
Compliance & Governance
10 items · 6 critical
Data privacy policy compliant with Australian Privacy Act
CRITICALGDPR compliance if processing EU citizen data
CRITICALNotifiable Data Breaches (NDB) scheme response procedures
CRITICALPayment Card Industry (PCI DSS) compliance if processing card payments
CRITICALIndustry-specific compliance requirements identified and addressed
CRITICALData retention and destruction policies documented
Data processing agreements with all vendors handling company data
CRITICALRegular compliance audits or assessments
Board-level technology governance reporting
Technology risk register maintained and reviewed quarterly
Operations & Documentation
11 items · 5 critical
Standard operating procedures (SOPs) for critical systems
Change management process with approval workflow
CRITICALIncident management process with escalation procedures
CRITICALProblem management to address recurring issues
Asset management lifecycle procedures
Onboarding/offboarding checklists for employees
CRITICALSystem monitoring and alerting in place
CRITICALCapacity planning and forecasting process
Technology roadmap aligned with business strategy
IT budget planning and tracking process
Vendor escalation contacts documented
CRITICALBackup & Disaster Recovery
12 items · 11 critical
Backup solution covering all critical systems and data
CRITICALBackup testing performed monthly with documented results
CRITICALOffsite/cloud backup copy maintained
CRITICALRecovery Time Objective (RTO) defined for each system
CRITICALRecovery Point Objective (RPO) defined for each system
CRITICALDisaster recovery plan documented and current
CRITICALDR plan tested annually with results documented
CRITICALAlternative workspace identified for disaster scenarios
Communication plan for major incidents
CRITICALRestoration procedures documented and accessible
CRITICALBackup retention policy aligned with compliance requirements
CRITICALImmutable backups to prevent ransomware encryption
CRITICALHow to Use This Checklist
Download the checklist and distribute to relevant stakeholders (IT, Finance, Legal, Operations)
Schedule audit sessions with 2-4 hour blocks to thoroughly review each category
Prioritise CRITICAL items for immediate remediation - these represent significant risks
Create action plans with owners, timelines, and budgets for each gap identified
Schedule quarterly reviews to track remediation progress and maintain momentum
Conduct annual full audits or when major changes occur (new systems, vendor changes, etc.)
Need help conducting your technology audit?
We provide independent technology audits and help you prioritise and remediate gaps identified.
Request an Audit