Your organisation arranges an external data protection and information governance audit or other compliance checking procedure.
Ways to meet our expectations:
- Your organisation completes externally-provided self-assessment tools to provide assurances on data protection and information security compliance.
- Your organisation is subject to or employs the services of an external auditor to provide independent assurances (or certification) on data protection and information security compliance.
- Your organisation adheres to an appropriate code of conduct or practice for your sector (if one exists).
- You produce audit reports to document the findings.
- You have a central action plan in place to take forward the outputs from data protection and information governance audits.
Can you answer yes to the following questions?
- Do staff adhere to the external standards as claimed?
- Are they aware of a range of suitable external tools?
- Are senior managers aware?