Data Protection Homepage
|
|
Planning | Preparation: Conducting the Adequacy Audit | Preparation: Compliance Audit | Conducting the Compliance Audit | Audit Execution | Reporting | Audit follow-up |
Process Audit Checklists (print ref: Part 3, Section 2.3.4)A Data Protection Audit should not only examine the Data Protection Systems operating within individual areas of an organisation, but should also track key operating processes that cross inter-departmental boundaries. Most of these operating processes will be unique to each organisation or department, and this is also true for processes that involve aspects of Data Protection such as the handling of Subject Access Requests. The role of a Process Audit is to track the operation of these processes from beginning to end to ensure that the requirements of the Data Protection Act are met at every stage. It will be apparent from Section 2.3.3 that whereas it is possible to draw up a considerable number of checklist questions in advance for a Functional Audit, this is not the case for a Process Audit. Therefore, the Auditor will have to draw up a fresh set of Checklist questions each time a particular process is audited, and to make this easier a blank Process Audit Checklist has been provided in Annex J. Checklist Preparation When preparing checklists, auditors should remember that the fundamental purpose of each audit is:
In effect the Checklist defines the sample so that the Auditor must make it as representative as possible within the objectives of the audit. Auditors may find it helpful to bear the following points in mind when designing their own questions to supplement the Checklists of Annexes F, G and H:
|
|