Data Compliance Limited will review your internal procedures and security practises to help ensure that you are in compliance with EU Law and recommend any corrective measure that may be necessary.
It is best practice to review security controls at least annually. However, depending on circumstances you may find it appropriate to audit bi-annually.
WHY DATA PROTECTION IS VITAL
Information and the supporting processes, systems, and networks are important valuable assets. Defining, achieving, maintaining, and improving information security is essential to maintain:
- Competitive edge
- Cash flow
- Legal compliance
To work effectively, information security must be regarded as an attitude rather than a product. Buying firewalls, anti virus software and intrusion detection, not to mention installing security patches on all your servers and workstations will only get you so far. Unless you can also persuade people of the concept, you are still at significant risk from a security breach of some kind. Cyber criminals know the weakest link in your organisation’s armour is almost certainly a person rather than technology.
In short, any one of your data processors (employees, contractors and third parties) from administration, to credit control, to accounts and senior management could be the target of a virus, cyber crime or social engineering attack.
By helping staff understand the risks to information systems and by outlining their responsibilities of ‘due care’ in policies and procedures, you are not only mitigating risk of attack but are complying with obligations such as the Data Protection Act also.
Auditing identifies gaps in information security and compliance controls while providing assurance of existing controls. Naturally, you want to know your investment in security is working for you while assuring customers, employees and stakeholders of standards in security and data protection.
Auditing can reduce risk of liability. Auditing improves security practices and prepares you for the unexpected.
Our security auditors use International Standards including ISO 27001 to benchmark your organisation security controls.
Data Protection Compliance Program Fig 1
WHAT IS INVOLVED?
Our approach is holistic. This means no matter how large or small your organisation; we include critical operations in our audit. This may mean the audit includes internal and external controls.
In short, information security audits incorporate three key areas –
Every organisation is different. However, most share similarities such as people, processes, technology and of course information.
All audits conclude with an audit report and presentation of recommendations and findings to Senior Management.
12 Step Review covers
- Data Protection Policies
- Notification and registration with ODPC
- IT Security controls
- Data protection procedures
- Disclosure of data
- Data protection roles and responsibility
- Awareness of legislation
- Retention of data
- Access requests
- Data base management
- Physical security
- Third party compliance