Data Protection Assessment & Audit
There are typically three stages to auditing your data protection standards:
1. Initial meeting with management to discuss your current organisational data protection practices, and to agree timing and scope of the audit itself.
2. An off-site review by us of your existing data protection related documentation, e.g:
- Data protection policies
- Codes of practice
- Data protection notices
- Information security policies
- Access controls
- Incident logs
- Subject access request logs
- Report logs (whether to the DPC or direct to data subjects)
- Training material
- Employment contracts
- Contracts with clients
- Contracts with data processors
3. On site audit, comprising principally of interviews with staff from the various business departments, but also including an inspection tour of your premises, directly observing data handling practice.
The deliverable from our audit is a report on your current state of compliance and recommended measures to address any shortfalls.
Our data protection audit process is adapted from the guidance issued by the Data Protection Commission and our auditing is conducted by a Certified Information Systems Auditor (CISA).