This sample report focuses on the process of ensuring that effective controls are in place in regard to privacy and handling sensitive data. In this sample, the audit focused on the process steps executed by information services (IS) to print and mail company customer data containing nonpublic personal information (NPPI), including the vendors with whom they have contracted to support this effort (namely the mail presort services company) and the secure document destruction company, in all forms.

This report addresses data privacy, physical security, server security, incident management, job scheduling and vendor management.