The security audit according to the LOPD

The Articles 96 and 110 of the RLOPD establish the obligation of both computer files and non automated or manual, which you have to apply the measures medium or high , to conduct safety audits every two years to verify compliance the security measures in the information systems and the data processing and storage facilities that support or house the files of these security levels, whether automated or manual. techwadia

Likewise, and extraordinarily, an audit must be carried out whenever modifications are made to the information system that may affect compliance with the security measures implemented, in order to verify their adaptation, adequacy and effectiveness.

The audit report

The audit consists of the review and analysis of each of the security measures applied to the medium and high-level files, which must be reflected in a report in which the following must be identified.

1.            The degree of compliance for each of the measures.

2.            The deficiencies and omissions detected.

3.            The necessary corrective or complementary measures.

4.            The data, facts and observations that evidence the analysis and conclusions reached.

5.            The recommendations proposed by the auditor.

In addition, you will need to understand the review of:

1.            Norms, standards, security policies and criteria.

2.            Existing procedures.

3.            Control mechanisms and systems.

4.            Security systems: data encryption, password storage, etc.

5.            Security devices on doors, cabinets, filing cabinets, etc.

People who must do it

The regulations on data protection do not determine who should be in charge of carrying out the audits, so the person responsible for the file may choose between:

1.            Be carried out by the staff of the organization itself : for this, it will be necessary to have staff with the necessary knowledge.

2.            Entrust it to specialized companies : said person in charge must comply with the provisions of the regulations on data protection related to the provision of services.

Aspects when conducting an audit

The audit team will have to consider, when conducting a security audit, the following aspects:

1.            The information systems that process the files.

2.            The premises and their owners.

Procedure for conducting an audit

The file manager , or the person designated to do so, must coordinate its completion and assign the necessary means and resources to carry it out.

In addition, you must provide the audit team with the following information:

1.            The structure of the organization and those responsible for it.

2.            The existence or not of the person in charge of the treatment.

3.            The security document.

4.            The list of authorized persons.

5.            The one related to information systems.

6.            All the information necessary to comply with this measure.

What should an audit analyze?

The audit may cover one or more files , corresponding to one or more information systems.

1.            In general, the following will be analyzed:

1.            The relationship between files and information systems.

2.            The processing mode of each system.

2.            In particular, the audit team will analyze:

1.            The functions and obligations of the staff.

2.            The list of authorized persons.

3.            Access control procedures and passwords.

4.            The mechanisms implemented to achieve access controls.

Audit report

Once the audit is completed, the audit team will issue an audit report in which it must assess compliance with each of the auditable points according to data protection regulations.

If the audit covers several files, the report must indicate, for each file, compliance with each of the security measures, regardless of whether some have been jointly assessed.

The audit reports must be analyzed by the competent security officer, advising the person responsible for the file of the conclusions so that they can initiate the necessary measures to correct the weaknesses found.

 

Popular posts from this blog

Government defense and security

Image
    Computers in government office speed up these tasks because they contain a lot of software, such as word processing software, PPTs, spreadsheets, and database administration programs. Computers are used by all government departments in their daily working life for different purposes such as booking tickets in railway services, recording cases in police stations, checking traffic lights, etc., to complete tasks quickly and efficiently. Government organizations depend on computer and Internet technologies to respond quickly to thousands of residents' requests. Computer and online systems allow different government authoritie to respond immediately to the various demands of businesses and other organizations. State department use computers to distribute salaries, grants, scholarships, health insurance to respective citizens of society. The government regularly hires IT administrators to maintain various types of records. These records are kept in large database, which...
Read more

Benefits & Limitations of Laptops

Image
Users often ask whether they should choose a laptop or a desktop. The answer is, it really depends on IT practices and the day-to-day responsibilities of users. Laptop are more expensive, so we want to make sure that users who request a laptop make good use of it. For example, if you are someone who need to travel, whether on campus or traveling off campus, a laptop is a good option for you. For example, professors, vice-presidents, principals, or anyone who attends many meetings where they want to access their applications and files or take notes through their computer. In addition, coaches, admissions counselors, and development officers can make good use of a laptop. On the other hand, users who mostly perform their tasks at their desks and rarely travel would benefit more from a desktop with more resources and larger screens. Benefits: Unsurprisingly, the main advantage of a laptop is its portability. Those traveling for work or attending regular campus meetings can bring their...
Read more

COMPUTERS AND OUR LIVES: HOW HAVE COMPUTERS CHANGED OUR LIVES?

Image
   Computers and their uses have developed rapidly and widely throughout the world. They are used to dealing with many tasks due to their different potentials. It helps to solve the problems that human life encounters in daily life. Therefore, they have more influence in our life. The impact of computer use in our lives is obviously identified as saving money, time and effort. To understand the depth of computer intervention in human life, take a look at developments in communication, education, utility facilities, and healthcare. Computers and our lives: How have computers changed our lives? During the last 3 decades, the computer has been recognized as the most successful and successful invention to solve the problems of human life. Today, where businesses are run, you will find the application of computer use. Look at the education, health, transportation or communications sector, we can see the influence and application of the computer. It is difficult to survive a bus...
Read more