DPAS have had a very busy few weeks completing data protection audits for clients, old and new.
Customers are approaching us asking for a data protection audit. Their customers are asking them to demonstrate compliance, as part of a contractual due diligence process. Most have said that the customers they are working with are asking for proof that they are compliant with the new legislation.
Many discussions have taken place with clients old and new explaining that GDPR voluntary certification is months away and information security standards such as ISO27001 already exist. Still, clients want validation of their work to date and an analysis of the work still to be done. So to meet this demand we produced a validation audit of the work done to demonstrate compliance.
We have used our team of practitioners, DPOs and ISO27001 auditors to think about how we bridge that gap. The result is a DPAS audit, report and completion of audit award. This will enable organisations to demonstrate their current level of activity. Some clients like to share this with customers, employees and suppliers.
The DPAS Audit
The resulting audit report is used to target limited resources. By identifying key areas of compliance and data security, the report ensures you are protecting data in line with the GDPR, Data Protection Act 2018, PECR etc.
The tools by which we audit are an effective way of collating information on:
- key business processes
- policies and systems
- highlighting areas of good practice
- areas of improvement
- areas of compliance risk within your organisation
The initial audit discovery comprises reviewing key functional business areas. These areas are then scored depending on the level of compliance currently achieved. This uses a weighted scoring system. Following that process, we produce this report which analyses the information collected to produce heat maps. Then the level of compliance within each organisational department is detailed.
All of this is beneficial in determining areas for focus, areas of risk, and also areas of good practice.
The report is independent assurance of the extent to which your organisation, within the scope of this agreed audit, is complying with the current data protection legislation. Dependent upon any gaps your organisation has, we can provide further services. These focus on solutions, and remediation plans, where policies and procedures may be absent and required.
Here are some snapshots from our report:
Contact us today to discuss arranging a data protection audit.