Looking for the best information security audit tips to ensure you’re ready to go? Our blog will tell you all you need to know.

As you are no doubt aware the Data Protection Act is being replaced with the General Data Protection Regulation (GDPR), one of the many ways you can help ensure compliance with these requirements is to conduct an effective Information Audit. The term audit can bring on colds sweats & slightly clammy hands but here at QBH we like to make things as easy and as simple as possible, have a look at our top 5 tips on how to conduct an effective and useful information audit or check.

No 1 – Prove you have done it

Have a really easy to use form or template to record what you have audited, think about the data or information you hold, why you hold it, how long you will keep it, what format it is in and how you will destroy it.

No 2 – Break it down – bite size GDPR baby!

You don’t have to do it all in one sitting, think about splitting the audit into departments, areas, processes etc. It can feel a little daunting if you set out to do the whole lot in one go, think about breaking it down.

No 3 – Right People

Try and engage and involve the right people, who better to tell you about your data than the people that use it every day, chat to your employees, customers and other stakeholders (obviously this may not be appropriate for some private and confidential records)

No 4 – Who, What, Why, Where & When

  • Think about what types of data you have – employee records, customer records, finance etc,
  • Why do you keep these records – is it for a legal obligation, a legitimate business process?
  • Where and how are they stored – electronically, hardcopy, micro-phish
  • How are they secured or protected – passwords, virus software, locked filing cabinets
  • How long should you keep it for – some records need to be kept for a very long time (especially H&S and finance) but what about other records
  • How will you destroy it – will you recycle, shred, delete, electronic shred….

No 5 – Review It

Once you have completed the information audit set a reminder to review it, once a year, once a quarter once a month, its up to you but its important to know when things change and how that will impact on your data security.

We are developing systems that can be customised for your business, and we are happy to spend time with you to get it right first time.

We hope you found this blog useful and you have confidence knowing you’re armed with tops tips to run an information security audit. But if you would like any assistance in understanding how the regulations apply to the information in your business, please do not hesitate to get in touch.