Privacy Audit Work Program
Subscriber Content
Best Practices for Auditing Privacy Processes and Policies
This tool contains two sample work programs that highlight risks to consider and general steps to take when facilitating a privacy audit.
Sample steps include: obtain all company-specific security policies pertaining to the accessing, transmission and disposal of sensitive data; verify that current awareness initiatives provide guidance related to the security policies referencing sensitive data; review geographic restrictions on data processing from contract/match against locations of project personnel; review contracts; identify all key servers that store and/or transmit sensitive information; and understand and review a sample of test data to identify where it exists and where it originated.