Regulatory Assurance

Audit 

We help organisations to improve their data protection practices and their compliance with the laws we regulate. We achieve this by:

undertaking audits and assessments of organisations’ compliance with data protection legislation; and

undertaking technical security audits, assessments and industry engagement in relation to the Investigatory Powers Act and the Network and Information Systems Regulations.

Our audits can be carried out consensually or, where appropriate, under an assessment notice.

We have a busy programme of work and provide expert advice to a wide variety of organisations from councils, NHS bodies, police forces and large Government departments to charities, finance companies and some of the biggest names in business.

We review each organisation's policies and procedures, interview staff, observe practices, collect evidence, and undertake sampling and testing to allow us to review and assess how data is managed in practice. 

Once the audit is complete, we write a comprehensive report that identifies areas where the organisation can improve practices and make recommendations about how those improvements can be achieved.

A summary of the report may then be published on the ICO website for all to see. We also produce outcomes reports to share themes and trends identified in our audits with a wider audience.