The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

External audit or compliance check

Your organisation arranges an external data protection and information governance audit or other compliance checking procedure.

Ways to meet our expectations:

  • Your organisation completes externally-provided self-assessment tools to provide assurances on data protection and information security compliance.
  • Your organisation is subject to or employs the services of an external auditor to provide independent assurances (or certification) on data protection and information security compliance.
  • Your organisation adheres to an appropriate code of conduct or practice for your sector (if one exists).
  • You produce audit reports to document the findings.
  • You have a central action plan in place to take forward the outputs from data protection and information governance audits.

Can you answer yes to the following questions?

  • Do staff adhere to the external standards as claimed?
  • Are they aware of a range of suitable external tools?
  • Are senior managers aware?