 |
Observation (print ref: Part 3, Section 4.2.3)
In order to make the auditing process as beneficial as possible to the organisation, it is always helpful for the Auditor(s) to record their observations about a particular process or activity. These observations might refer to potential problems that were noticed, or suggested improvements that could be made even though an actual Non-compliance was not found. For example, the organisation may not have a documented Subject Access Procedure and this could result in Subject Access Requests being delayed for more than 40 days if the person responsible for Data Protection happened to be on holiday.
It is recommended that a separate pro-forma, similar to a Non-compliance Record, is used for recording this information and the suggested layout of such an Observation Note is given in Annex C.7.
|
|