Data Protection Homepage Audit Guide Homepage Download print version
Part 1: Introduction | Part 2: The Audit Method | Part 3: The Audit Process | Part 4: Guide to Auditing | Annexes
< Previous | Next >
Section
Title
Print Page ref
Part 3
The Audit Process
3.3
1.
Audit Planning
3.5
1.1
Risk Assessment
1.2
Audit Schedule
1.2.1
Audit Schedule Generation
1.2.2
Audit Schedule Approval and Publication
1.2.3
Audit Schedule Maintenance
3.6
1.3
Selection of Auditor
1.3.1
Skills
1.3.2
Training in Auditing
1.3.3
Experience of Data Protection Law and Practice
3.7
1.3.4
Personal Attributes
1.4
Pre-Audit Questionnaire
1.5
Preparatory Meeting/Visit
1.5.1
Administration
3.8
1.5.2
The Audit
1.5.3
Practical Arrangements
1.6
Audit Management Checklist
2.
Audit Preparation
3.9
2.1
Adequacy Audit
2.1.1
Audit Timescale
2.1.2
Documentation Review
2.1.3
Adequacy Audit Methodology
3.11
2.1.4
Adequacy Audit Outcome
2.1.5
Adequacy Audit Reporting
3.12
2.2
Confirmation of Audit Schedule
2.3
Audit Checklists
2.3.1
The Role of an Audit Checklist
2.3.2
Disadvantages of Checklists
2.3.3
Functional Audit Checklists
3.13
2.3.4
Process Audit Checklists
3.15
2.3.5
Checklist Preparation
2.4
Sampling Criteria
3.16
2.5
Audit Plan
3.
Conduct of the Compliance Audit
3.17
3.1
Opening Meeting
3.2
Audit Environment
3.2.1
Functional or Vertical Audit
3.2.2
Process or Horizontal Audit
3.19
3.2.3
Staff Awareness Interviews
Audit Execution
3.3.1
3.3.2
3.20
3.3.3
3.21
3.3.4
Positive Auditing
3.23
4.
Compliance Audit Reporting
3.25
4.1
Non-compliance Records and 1
4.1.1
Header
4.1.2
Details of Non-compliance
4.1.3
Corrective Action Programme
3.26
4.1.4
Corrective Action Follow-up
4.2
Non-compliance Categories
4.2.1
Major Non-compliance
4.2.2
Minor Non-compliance
4.2.3
Observation and 1
3.27
4.3
Compliance Audit Report and 1
4.3.1
4.3.2
Audit Summary
4.3.3
Summary of Agreed Corrective Actions
3.28
4.3.4
Agreed Audit Follow-up
3.29
4.4
Closing Meeting
4.4.1
Confirmation of Non-compliances
4.4.2
Agreement to suitable Corrective Action
4.4.3
Corrective Action Responsibilities and Timescales
3.30
4.4.4
4.5
Audit Report Distribution
4.6
Audit with no Non-compliances
5.
Audit Follow-up
3.31
5.1
Scope
5.2
Timescales
5.3
Methodology
5.4
Audit Closure
3.33
5.4.1
Non-compliance Sign-off
5.4.2
Compliance Audit Report Closure
Figure
The Data Protection Audit Lifecycle and 1
3.4
Audit Preparation (1)
3.10
Audit Preparation (2)
3.14
3.18
3.24
3.32
Return to top
What is a Data Protection Audit? | Why Audit? | Beginner's Guide | Step-by-step Process | Forms and Checklists | Site Index Copyright