07.04 – Summary of Audit Findings

Areas of Good Practice

There are local risk registers in place that incorporate information risk and are used to drive the Internal Audit plan.
The organisation security controls in place surrounding identity access management include complex passwords and monitoring of starters, leavers and movers.
There are appropriate network access controls in place including the encryption of mobile devices.
Data Protection Officers in each service receive additional training that includes the handling of requests.
There is a central log of SARs which includes details of key dates and who is responsible for completing the request.

Areas for Improvement

There are local risk registers in place that incorporate information risk and are used to drive the Internal Audit plan.
The organisation security controls in place surrounding identity access management include complex passwords and monitoring of starters, leavers and movers.
There are appropriate network access controls in place including the encryption of mobile devices.
Data Protection Officers in each service receive additional training that includes the handling of requests.
There is a central log of SARs which includes details of key dates and who is responsible for completing the request

Freelance DPO