Regular Audits and Assessments

Purpose: This policy aims to ensure that our data management and security procedures meet or exceed industry standards and regulatory requirements continuously. It is also to identify areas of improvement.

Scope: This policy applies to all systems, processes, and personnel handling data at any stage of the Salesforce implementation process.

‍

1 Principles of Audits and Assessments:
‍We follow the following principles while conducting audits and assessments:

• Continuous Improvement: Regular audits help us improve our data handling processes.‍
• Compliance: We ensure adherence to industry standards and Australian data protection regulations.‍
• Transparency: Audits reinforce trust with clients, stakeholders, and regulatory bodies.

Audit Frequency:
We conduct internal audits semi-annually or as deemed necessary by the data protection officer or equivalent authority (See log below). Additionally, third-party audits will be conducted annually or in response to significant system changes or incidents.

2 Audit Procedures:
‍We follow the below procedures while conducting audits:

• ‍Pre-audit Preparation: We set clear objectives for each audit, defining the scope, targeted systems/processes, and expected outcomes.‍
• Data Collection: We collect information through system scans, personnel interviews, process walkthroughs, and document reviews.‍
• Analysis: We compare the collected data against set standards, regulations, and best practices.‍
• Reporting: We document the audit findings, highlighting areas of compliance, deviations, and recommendations for corrective actions.‍

3 Post-Audit Actions:
‍We take the following actions after each audit:

• ‍Review: We review audit reports with senior management, IT, legal, and other relevant departments.‍
• Implementation: We prioritise and implement suggested corrective actions.‍
• Feedback: We inform all employees of the audit findings to ensure organisation-wide learning and awareness.‍

‍Review and Updates:
We will review this policy annually or after significant organisational changes to ensure that it remains relevant and practical.