An Independent Security and Data Protection Manager will complete the security and data protection audit using the agreed criteria to evaluate the current engagement processes and methods being performed for adherence to recommended process descriptions, standards, and procedures.

Depending on the security and data protection methods being employed on the engagement, standard questionnaires or checklists may be available to support the execution of the audit. The audit must identify all areas of non-conformance found during the assessment, with the results being recorded and appropriate actions and timescales established to resolve such issues.

If the audit has been requested by the Client or another external party, the Engagement Manager must ensure that the engagement team provides appropriate support to the parties conducting the review. Any minimum requirement for completing an independent security and data protection audit will be defined in the Security and Data Protection Plan.

The Engagement Manager may also need to provide required information for performing the Data Privacy Impact Assessment (DPIA), if requested by the Client. In certain cases, the Engagement Manager may need to assist client in performing the Data Privacy Impact Assessment (DPIA), helping client to gather information from Business/IT etc., as well as drafting the DPIA. DPIA outputs should be validated and approved by business and client DPO.