Audits play a vital role in the work carried out in relation to information governance and data protection standards, allowing organisations to identify key development needs as well as areas of strength.
As the regulator, the ICO conducts regular audits throughout the UK and publishes the outcomes on its website. The findings from such audits can provide invaluable guidance for all organisations who process personal and special category data.
The most recent examples include:
- Chichester College Group | ICO
Highlighting that the organisations had reasonable level assurance. - Age UK Wiltshire | ICO
Identifed that the organisation had limited and very limited level assurance. - National Crime Agency | ICO
The organisation had reasonable level assurance in records management and limited level assurance in training and awareness.
Despite growing time pressures across all sectors, BLS Stay Compliant always stresses to clients the importance of being proactive, including ensuring that they audit their information governance standards and procedures on a regular basis in order to make a suitable level of assurance should an ICO audit be conducted.
We recommend three key auditing strands:
- Formal, scheduled, internal monitoring. This is carried out by internal staff on a regular, agreed basis. This formal method helps to keep a ‘spotlight’ on information governance practices within an organisation and so promotes positive engagement.
- Regular ‘spot checks’. These are informal, unscheduled and internal. This form of auditing is carried out on a frequent basis and allows organisations to capture a ‘true’ picture of their current procedures.
- Formal, external audits. As well as the ICO, external companies (such as BLS Stay Compliant) can conduct audits providing an expert independent overview of an organisation’s key practices.
As a company we conduct regular audits for our clients to support their ongoing information governance work, including:
- UK GDPR Audit – focusing on an organisation’s compliance with current legislation and the ICO Accountability Framework.
- DSPT Audit – ensuring that clients are in a strong position to submit their DSPT.
- Physical Security Audits – examining the physical security arrangements in place to ensure data is held and used securely.
All audits are conducted by our professional team and following each audit a full RAG rated report is issued identifying strengths, as well as a range of key recommendations.
- We were completely reassured by BLS’ visit and report. They were thorough, professional and provided efficient and understandable feedback on areas that we need to develop around GDPR. We now feel confident that we understand what it means to be compliant …and have a good recommendation on what we need to improve on.
- Thank you for your guidance and assurance.
- Thank you so much its so reassuring to have an expert eye and opinion.
- The audit outcome was great, thank you. We are now working through all the recommendations in time for the (Data Security and Protection) submission. Great job done.
Data Security Protection Toolkit (DSPT) audit and assistance
The DSPT is a self-reporting tool that all organisations with access to NHS data must complete.
At BLS Stay Compliant, we have years of experience in completing the DSPT and can guide your submission, provide a pre-submission audit and check your content follows the required framework.
Find out more about our DSPT guidance
or
GDPR or Data Protection Audits
The Information Commissioner’s Office (ICO) has the power to – and regularly does – audit any organisation to test data protection compliance. Our experts can conduct a thorough audit of your legislation compliance and physical security, providing recommendations where necessary.
Find out more about our expert audit options.
Physical Security Audits
A dedicated and intrusive examination of your physical security arrangements to identify and address weaknesses and vulnerability in the environment your data is stored and the effectiveness of your processes and security.
Find out more about our physical security reviews.
Policy writing and reviews
Many organisations are not aware of what policies are required to ensure they are compliant with data protection legislation, or if they are in place, when they were last updated.
Our policy writing and review service offers peace of mind that your policies are not only up to date, but you have a full suite in place for your requirements.
Find out more about policy writing and reviews.
If we can offer any assistance with any of information, or other services as required, do get in touch via the form below.