One great use for checklists is to track inspections. This is particularly important for managing compliance, for example, where the frequent running of the inspection can lend itself as evidence that a specific objective is being satisfied.

Inspection checklists are just regular checklists, started privately by the person performing the inspection.

Each entry, though, would typically collect information, even if it's just certifying that the asset was inspected. It might include an image attachment, which can take the form of a photo taken with a mobile phone, instrumentation or other data.

Collecting information in checklists involves adding a form to the checklist item. To make it easier to track, when exporting the data from the checklists for instance, remember to add a short name to each field that you put into the form.

What makes it an inspection checklist though is the integration with incident reporting. By adding a conditional action in the form, you can specify the condition under which an incident report must be reported. If this is set, then the checklist form will automatically show a link to add an incident report. That will contain all the information in the incident report form, and will automatically link it to that checklist and procedure article once added.

Once that inspection is complete, usually you would add a final checklist item that is assigned to a supervisor or someone to check over the information. This may not be necessary, though, especially if you have a performance monitoring set on the article to check the checklist is run regularly, and if you have a compliance objective linked to it.

Tip: Use this with checklist scheduling in order to schedule regular inspections!

You should also opt to use Custom Lists in order to centralize the data collected through the inspection.

Example

Let's look at a concrete example. 

The network analysts are given the job of performing an audit on the servers' local user accounts every week. In this audit they would check to ensure that there are no unauthorized accounts created.

The inspection, then, is quite straightforward. You would have one line for each server you want to audit, and in there you would have fields such as:

• The name of the server (Server Name)
• The number of authorized admin accounts (Authorized Accounts)
• A yes/no flag for whether there are any unauthorized accounts (Has Unauthorized Account)

And then you would have a conditional action that checks for the presence of the unauthorized value, with the action set to Incident Report. The condition would be #input/HasUnauthorizedAccount and the action would be Incident Report. This means that if the "Has Unauthorized Account" is set to Yes, then it will require that an incident report is filled out in that same form.

You could then set up performance thresholds on that article, requiring that the checklist is run at least every week - a great way to make sure the inspection is run on a regular basis.