Data Protection Homepage 
Audit Guide Homepage
Download print version
|
|
|
|
|
|
|
Data Protection Homepage |
|
|
|
|
|
|
||
|
Auditor's Code of Conduct (print ref: Part 4, Section 5.4)Third party Auditors and consultants who undertake data protection audits are likely to belong to a professional auditing body such as the Institute of Internal Auditors, the International Register of Certificated Auditors or the Information Systems Audit and Control Association. In this case they will be bound by the Code of Professional Conduct of each particular body. Those who are new to data protection auditing are unlikely to belong to a professional body and so we have produced a simple Code of Conduct for their use. Honesty Auditors shall carry out their duties with honesty and diligence, and be objective and unbiased in making their judgements. Auditors shall be loyal to their own organisation or any client for whom they are providing a service. However, they shall not knowingly be a party to any illegal or improper activity. Conflict of Interest Auditors shall not enter into any activity which may be in conflict with the best interests of their own organisation or a third party, or which would prevent them from performing their duties in an objective manner. For example, third party Auditors should not conduct audits for a client where they have been involved in the design and implementation of the data protection system. Inducements Auditors must not accept anything of value from any member of an organisation for whom they are providing a service, which might be deemed to impair the objectivity of their judgement. In practice, this means that it would be acceptable for an audit team to be provided with coffee and biscuits for refreshment during the audit and a sandwich lunch on the premises. However, it would not be acceptable to be taken out to a restaurant for a three-course meal. Equally it would be acceptable to be provided with pens and writing pads by the organisation but not for example with a desk diary or attaché case. Confidentiality Auditors must maintain the confidentiality of any information discovered during the course of an audit. They must not use confidential information for personal gain or in any way that would be either illegal or against the best interests of any organisation to whom they are providing a service. Concealment When producing their Audit Reports, Auditors must reveal all material facts discovered during the audit. In particular, they must reveal those facts that could distort the truth about the data protection system or conceal unlawful practices if not disclosed. Professionalism Auditors must maintain high standards of conduct and character in their professional activities and in particular:
|
|
|||||||||
|
|
