 |
Other Factors (print ref: Part 5, Annex A, Section A.3)
Once the basic risk has been assessed for each area of the organisation there may be other factors that could affect the audit frequency calculated in section 1.1.2. Typical factors that would influence the frequency of audits carried out in an area processing personal data would include:
- The area is directly customer facing and is vitally important to the delivery of the organisation's core business.
- Previous Audits have showed up a marked weakness in the Data Protection System in the area.
- The Data Protection System has been implemented very recently in the area.
- There have been recent or impending changes to the Data Protection System in the area.
- New staff have been introduced very recently to the area.
|
|