Skip navigation Spacer Spacer Spacer
Data Protection Logo Spacer Guide to Data Protection Auditing

Data Protection Homepage  Bullet  
Audit Guide Homepage  Bullet  
Download print version  Bullet  

What is a Data Protection Audit? Why Audit? Beginner's guide Step-by-step Process Forms and Checklists Site Map

SpacerPlanning | Preparation: Conducting the Adequacy Audit | Preparation: Compliance Audit | Conducting the Compliance Audit | Audit Execution | Reporting | Audit follow-up
Spacer Spacer

< Previous | Next >
 

 Spacer
Spacer

Functional Audit Checklists (print ref: Part 3, Section 2.3.3)

To overcome the disadvantages listed in section 2.3.2 it is recommended that each Checklist used for a Functional Audit (see Part 2, Section 2.1) contains two types of questions:

  • There are a number of standard, pre-printed questions that are used every time the system is audited.
  • Space is provided throughout the checklists for a number of additional questions specific to each audit. These may either be prepared in advance by the Auditor, or should be written down during the audit as they arise.

It is also very useful to talk around the pre-printed questions during the audit to elicit additional information from the auditee. This in turn may prompt the Auditor to pose further questions which should be documented via the checklists as described above.

The Commissioner has drawn up a number of standard questions for use during Functional Audits and these are grouped into three sections:

  1. Organisational and Management Issues

    A set of three Audit Checklist pro formas is provided in Annex F.1 to F.3 inclusive. These checklists are used to investigate the following key organisational and management aspects of Data Protection within an organisation:

    • The Data Protection System
    • Documentation Issues
    • Key Business Processes

  2. The Eight Data Protection Principles

    A set of Audit Checklist pro formas for the Eight Data Protection Principles is provided in Annexes G.1 to G.8 inclusive. The key features of these pro formas are:

    • The questions relating to each Principle are grouped under a number of appropriate sub-headings that relate back to the areas of Data Protection covered by that Principle. These sub-headings are also the ones used in the Adequacy Audit Checklist of Annex E.
    • After the standard questions provided under each sub-heading, space has been provided on the pro-forma for the Auditor to write their own questions specific to each audit.

  3. Other Data Protection Issues

    A further set of Audit Checklist pro formas has been provided in Annexes H.1 to H.3 inclusive to deal with other general aspects of Data Protection. These usually relate to the corporate level of an organisation rather than to individual departments and cover the following areas:

    • Using Data Processors
    • Notification
    • Transitional Provisions

Return to top
 
Toolbox top border
Spacer

Preparation: Compliance Audit

Spacer 		Spacer
Toolbox bottom border


< Previous | Next >

 Spacer
Spacer

What is a Data Protection Audit? | Why Audit? | Beginner's Guide | Step-by-step Process | Forms and Checklists | Site Index
Copyright