This tool contains two sample work programs that highlight risks to consider and general steps to take when facilitating a privacy audit.
Sample steps include: obtain all company-specific security policies pertaining to the accessing, transmission and disposal of sensitive data; verify that current awareness initiatives provide guidance related to the security policies referencing sensitive data; review geographic restrictions on data processing from contract/match against locations of project personnel; review contracts; identify all key servers that store and/or transmit sensitive information; and understand and review a sample of test data to identify where it exists and where it originated.
Privacy Program Leading Practices
Checklists & Questionnaires
Privacy and Data Protection Questionnaire