IT Governance Institute

This paper supports an internal audit of the organization’s regulatory, legal, contractual and reputation protection requirements to maintaining the confidentiality and integrity of sensitive information related to itself, employees, customers, business partners, and other entities.

The paper includes advice on assessing the robustness of privacy controls; guidance on how management and auditors support privacy policies and procedures; and information on ensuring continual improvement of privacy practices