NCSC Supply Chain Cyber Security & ISO 27036 Supplier Assurance Audit

This checklist covers compliance with Health and Safety at Work etc. Act 1974 and applicable UK statutory requirements for information technology operations. Non-compliance can result in unlimited fines and enforcement action under the Health and Safety at Work etc. Act 1974 and applicable UK statutory instruments.

• Industry: Information Technology
• Frequency: Quarterly
• Estimated Time: 20-30 minutes
• Role: Cyber Risk Manager
• Total Items: 20
• Compliance: Health and Safety at Work etc. Act 1974, Management of Health and Safety at Work Regulations 1999, HSE Approved Codes of Practice, BS EN ISO 45001:2018

Statutory Compliance, Registration & Risk Assessment

Verify statutory registrations, risk assessments, and Competent Person designation per UK law.

• Are all relevant statutory licences, permits, and registrations current, displayed where required, and available for inspection?
• Has a suitable and sufficient risk assessment been completed and communicated to relevant workers?
• Is a Competent Person designated for this area of compliance per the relevant statutory requirement?
• Attach photo of statutory registrations, risk assessment, and Competent Person appointment documentation:

Competence, Monitoring & Outstanding Actions

Verify worker competence, active monitoring programme, and outstanding corrective actions.

• Are all workers competent for their tasks (trained, experienced, or supervised as appropriate)?
• Is monitoring and measurement of key compliance indicators carried out at required frequencies?
• Number of outstanding corrective actions from previous inspection or audit:
• Attach photo of training records, monitoring reports, and corrective action tracker:

Emergency Procedures, Signage & Legal Notices

Verify emergency procedures, mandatory statutory signage, and drill records.

• Are emergency procedures documented, practiced through drills, and records maintained?
• Are all statutory notices, signage, and warnings correctly displayed per applicable regulations?
• Overall compliance with applicable UK statutory requirements:
• Attach photo of emergency drill records, statutory signage register, and compliance certificates:

Enforcement Compliance & Management Review

Verify enforcement notice compliance, management review programme, and senior accountability.

• Have all findings from previous regulatory inspections, enforcement notices, and prohibition orders been resolved?
• Is management review of the health and safety management system conducted at least annually?
• Number of open enforcement actions or improvement notices outstanding:
• Senior Responsible Officer certification of inspection completion:

Corrective Actions & Inspector Sign-Off

Document all deficiencies and assign corrective actions. POPProbe auto-assigns these to team members, generates a signed PDF report instantly, and tracks compliance status across all locations. -> Start free, no credit card required

• List all deficiencies identified in this inspection:
• Overall compliance status?
• Corrective actions assigned to (name and department):
• Inspector digital signature and date:

Related Technology Checklists

• ISO 27001:2022 Annual Surveillance Audit Readiness Checklist UK
• NCSC Cloud Security Principles & UK GDPR Cloud Migration Safety
• WAH 2005 & MHSWR 1999 Telecom Tower & Mast Safety Inspection
• ISO/IEC 20000-1 IT Service Management System Compliance Audit UK
• UK GDPR Article 25 Privacy by Design & Default Implementation Audit
• Electricity at Work Regs 1989 & RRFSO 2005 Data Centre Safety Audit
• NCSC Secure Development & Deployment Guidance Compliance Audit
• NCSC Cloud Security Principles & UK GDPR Cloud Processing Audit

Related Workplace Safety Checklists

• CERT-In Directions April 2022 Cybersecurity Compliance Checklist - FREE Download
• CERT-In 6-Hour Incident Reporting Compliance Checklist - FREE Download
• IT Act 2000 Section 43A Reasonable Security Practices ISMS Checklist - FREE Download
• DoT Telecom Security Policy 2022 Compliance Checklist - FREE Download
• ISO/IEC 27001:2022 ISMS Implementation - India Operations Audit - FREE Download
• STPI SEZ IT/ITES Export Unit Compliance & Annual Review Audit - FREE Download
• DoT & TAIPA Telecom Tower Structural Safety Inspection Checklist - FREE Download
• MeitY Cloud Policy & CERT-In Cloud Service Provider Security Audit - FREE Download
• CERT-In Vulnerability Disclosure & Responsible Reporting Compliance - FREE Download
• MeitY Cloud Security Compliance Framework Audit Checklist - FREE Download

Why Use This NCSC Supply Chain Cyber Security & ISO 27036 Supplier Assurance Audit?

This ncsc supply chain cyber security & iso 27036 supplier assurance audit helps information technology teams maintain compliance and operational excellence. Designed for cyber risk manager professionals, this checklist covers 20 critical inspection points across 5 sections. Recommended frequency: quarterly.

Ensures compliance with Health and Safety at Work etc. Act 1974, Management of Health and Safety at Work Regulations 1999, HSE Approved Codes of Practice, BS EN ISO 45001:2018. Regulatory-aligned for audit readiness and inspection documentation.

Frequently Asked Questions

Browse More Checklists

• All Workplace Safety Checklists
• Technology Checklists
• Browse 10,000+ Free Checklist Templates
• Operations Blog
• Book a Demo