Guide to Data Protection Auditing - What is a Data Protection Audit?


			Data Protection Homepage Audit Guide Homepage Download print version

What does an Audit cover? | Types of Audit | Background to the Audit method


< Previous \| Next >

Audit Categories (print ref: Part 2, section 1)

Section 5 of Part 1 has already discussed the concepts of First, Second and Third Party Audits. The best way to understand the differences between them is by reference to Figure 2.1 below:

Fig. 2.1: The Three Audit Categories

It can be seen from Figure 2.1 that ideally, External and Supplier Audits (i.e. Third and Second Party) are conducted in two parts, namely an Adequacy Audit followed by a Compliance Audit. Internal Audits (i.e. First Party) are conducted as a single Compliance Audit. It is important to realise that Adequacy and Compliance Audits fulfil different purposes in this methodology.

Return to top

Background to the Audit method

The Audit Method
How Audit Categories fit into the Audit method
Stage 1: Adequacy Audit
Stage 2: Compliance Audit
Evidence sought for each stage
Gathering evidence

< Previous | Next >