Carry out Risk Assessment (print ref: Part 3, Section 1.1)
Experienced auditors will want to conduct a full risk assessment to determine which areas are to be audited and with what frequency before drawing up the Audit Schedule of section 1.2. A straightforward method for carrying this out will be found in Annex A if required.
Novice auditors or organisations that are introducing internal Data Protection Audits for the first time can adopt a much simpler practice which is to ensure that every function or area is audited within a particular timeframe such as perhaps at least once per year.
|
