Privacy Audit Work Program
Subscriber Content
![Screenshot of the first page of Privacy Audit Work Program](/sites/default/files/2023-05/Privacy%20Audit%20Work%20Program.jpg)
Best Practices for Auditing Privacy Processes and Policies
This tool contains two sample work programs that highlight risks to consider and general steps to take when facilitating a privacy audit.
Sample steps include: obtain all company-specific security policies pertaining to the accessing, transmission and disposal of sensitive data; verify that current awareness initiatives provide guidance related to the security policies referencing sensitive data; review geographic restrictions on data processing from contract/match against locations of project personnel; review contracts; identify all key servers that store and/or transmit sensitive information; and understand and review a sample of test data to identify where it exists and where it originated.