 |
Process or Horizontal Audit (print ref: Part 3, Section 3.2.2)
This involves auditing a particular process that has Data Protection implications from beginning to end. This type of audit crosses interfaces between areas, functions or departments wherever they exist. It follows, therefore, that the Auditor will have to visit all the locations where the process in question can be seen taking place and this should have been clearly established at the Opening Meeting. It will also be very important for the Auditor to be able to directly question the members of staff who are actually carrying out the tasks. Any tendency for accompanying Heads of Department or Data Protection Managers to intervene and answer questions on their behalf should be strongly discouraged, unless specifically invited by the Auditor.
Tips on conducting the Process or Horizontal Audit.
|
|
