Adequacy Audit
Purpose of Adequacy Audits (print ref: Part 2, Section 1.1)
The purpose of the Adequacy Audit is to check that any documented Policies, Codes of Practice, Guidelines and Procedures meet the requirements of the Data Protection Act 1998. This part of the audit is performed first and is a desktop exercise that can usually be conducted off-site.
It is possible, of course, for an Adequacy Audit to be conducted by Internal Auditors provided they have the necessary specialist understanding of the requirements of the Data Protection Act.
Adequacy Audit Outcomes (print ref: Part 2, Section 2)
It is very important for Second and Third Party Audits that the Adequacy Audit is conducted first as the results of the Adequacy Audit will determine what happens next in the process. The two possible outcomes of an Adequacy Audit are:
Satisfactory Adequacy Audit
If the Adequacy Audit indicates that the organisation has a documented data protection system in place with perhaps only a small number of gaps or deficiencies, the Auditor can continue with a Compliance Audit as described in section 3.
Unsatisfactory Adequacy Audit
The Adequacy Audit may indicate that the organisation has very little data protection documentation in place with inadequate procedures and major gaps in areas such as data protection awareness training. If an Auditor uncovered such major deficiencies at this preliminary stage, they must make a policy decision as how to proceed. In these circumstances there are three options:
- The organisation may still wish to go ahead with a Compliance Audit to help formulate potential solutions to address the key gaps and weaknesses already identified in its systems
- The Auditor can inform the organisation that there is little point in conducting the Compliance Audit until the major deficiencies have been addressed.
- The Auditor can refer the organisation to the Commissioner or others providing data protection advice and guidance in order to rectify the deficiencies in the data protection system.
Return to top
|
