Audit and review is the assurance function to ensure compliance with the established privacy policies and processes. It is desirable to engage an independent party to perform the audit and review. The Independent party could be internal audit department or external organization who is specialized in privacy audit.
Generally, there are two types of audit and review:
- Design effectiveness: to evaluate that the design of the privacy program to ensure privacy risks are appropriately addressed and support the organizational privacy objectives
- Operations effectiveness: to evaluate that the operations of the privacy program comply with the privacy policies and processes