IT Audit and Data Protection

I.T Audit

An IT audit is the examination and evaluation of an organization’s information technology infrastructure, policies and operations. Information technology audits determine whether IT controls protect corporate assets, ensure data integrity and are aligned with the business’s overall goals.

What are the 4 phases of an IT audit?

An IT audit generally follows the same pattern as a typical financial statement audit. There are four primary phases of the audit: planning, tests of controls, substantive tests, and audit completion/reporting.

What is the first step in IT audit?

The first step in an IT audit is to notify the external and internal partners that an audit is coming. It includes all the stakeholders, management, and support. The whole team should be ready to provide any documentation or details that the auditors request.

I.T_audit_cosmos cyber security

Data Protection

Data protection safeguards information from loss through backup and recovery. Data security refers specifically to measures taken to protect the integrity of the data itself against manipulation and malware. It provides defense from internal and external threats. Data privacy refers to controlling access to the data.

What are the 7 data protection principles?

  • Lawfulness, fairness and transparency.
  • Purpose limitation.
  • Data minimization.
  • Accuracy
  • Storage limitation.
  • Integrity and confidentiality (security) & Availability
data-protection-cosmos-cyber-security.png
What is the data protection Act of UAE?

It prohibits the processing of personal data without the consent of its owner, except for some cases in which the processing is necessary to protect a public interest or to carry out any of the legal procedures and rights

What is Article 22 of UAE data protection law?

Article 22 of the PDPL prohibits the transfer of personal data to country or territory outside the UAE unless that country ensures an ‘adequate level of protection’ for the rights and freedoms of data subjects in relation to the processing of personal data.