Data Security Audit

Use the Data Security Audit Checklist to review data protection practices quarterly, ensuring staff training, security controls, and data sharing to maintain compliance. The Information Commissioner has identified this audit as having a key role to play in educating and assisting organisations to meet their obligations in improving the way organisations deal with information rights issues. Before undertaking Data protection self assessment checklists, you should first determine whether you process personal data as a “controller” or “processor”. The definition of these two terms can be found in our Guide to the UK GDPR.

Download as free PDF

Library
Care Homes
Data Security Audit

Data Security Audit

Staff

Physical Access To Hardcopy Records

Digital Access To Records

Sharing Data

Legal Checks

Is this sample what you are looking for?
Sign up to use & customise this template, or create your own custom checklist:

Checklist by GoAudits.com – Please note that this checklist is intended as an example. We do not guarantee compliance with the laws applicable to your territory or industry. You should seek professional advice to determine how this checklist should be adapted to your workplace or jurisdiction.

Easy inspection app for your digital checklists

Conduct inspections anytime, anywhere - even offline
Capture photos as proof of compliance or areas needing attention
Instantly generate and share detailed reports after the inspections
Assign & track follow-up tasks, view historical trends on a centralized dashboard

Data Security Audit

1. Spot check that staff understand their responsibility towards data security (through discussion in accordance with local policy). Notes from discussion and Q&A

2. Spot check that staff are aware of our data protection policies, their location and how to access them

3. Have any staff undergone disciplinary action in relation to data protection and security?

4. Spot check that staff understand how to report security breaches and near misses

5. What % of all staff have completed Data Protection & GDPR Training?

1. Check the record of which staff have access to confidential areas is up to date.

2. All offices, files, or cabinets which contain confidential information are kept locked when not in use.

3. Has all confidential waste been disposed of securely and are there destruction certificates? (If applicable)

4. Has anyone inappropriately accessed, or attempted to access, confidential records?

1. Is the allocation of administrator rights restricted?

2. Have staff access rights been reviewed within the last 3 months?

3. Check if there is any evidence of staff sharing access rights.

4. Screens are locked when not in use

5. Check that our password policy is being followed

6. Has anyone inappropriately accessed, or attempted to access, confidential records?

7. Have appropriate security measures been applied to all computers, laptops and mobile devices?

8. Staff are using computers appropriately e.g. no personal use, no downloading unapproved software, no social media use etc.

1. Our procedures for safely sharing personal information via post are being followed.

2. Our procedures for safely sharing personal information via fax are being followed.

3. Our procedures for safely sharing personal information via secure email are being followed.

1. The Information Asset Register has been reviewed and signed off.

2. The Record of Processing Activities has been reviewed and signed off.

3. Records of consent are up to date and still applicable.

4. Company / Home Policy is available to staff.

5. Company / Home Policy is in date.