®

®

12 Most Common Questions in a Client Data Protection Audit

®

Data Protection Audit Pressure

Sophisticated cybercriminals have identified third party suppliers as a lucrative back door to steal sensitive information of major corporations.

Consequently, midsize companies face increasing pressure to button up their cybersecurity presence from their corporate clients. These clients are demanding that their suppliers or service providers meet stringent data protection audits.

®

Based on our experience with a wide range of customers who have been required to meet stringent partner or supplier data protection security audits, here are the 12 most common data protection audit questions.

Lessons Learned

®

Question 1 Where is sensitive data located?

®

Question 2 Who in your organization will use client data?

®

Question 3 What do your users do with data?

®

Question 4 Which applications will access and use the data?

®

Question 5 When is the data at risk?

®

Question 6What controls can you provide to mitigate risks?

®

Question 7Can you monitor and provide an audit trail with respect to data transmissions?

®

Question 8Can you control or inhibit inappropriate data use?

®

Question 9Can you ensure that data is only accessed on a need to know basis?

®

Question 10What happens if one of your systems is compromised?

®

Question 11Can you expose any anomalous activity on devices that contain client data?

CONFIDENTIAL

®

Question 12What is your process for revoking usage privileges for users who are no longer authorized to access data?

®

Additional Data Security Audit Prep

Want to learn more? Our Data Protection Security Audit Checklist: Explains what the client is really looking for with each

question Provides guidance on your “audit readiness”

Get the Checklist

Confidential 16