Printed from CheckTick DSPT Compliance Documentation
Internal Audit & Spot Check Log
Date of Audit: [Insert Date] Auditors: [SIRO Name] (SIRO) & [DPO Name] (CTO)
1. Audit Scope
To verify that CheckTick is operating in accordance with the board-approved Data Protection policies and the 10 Data Security Standards.
2. Checklist & Results
| Control Area | Check Performed | Status | Findings / Actions |
|---|---|---|---|
| User Access | Reviewed GitHub & Northflank user lists. | โ Pass | All accounts belong to current staff; MFA is active. |
| Encryption | Tested a database record to ensure it is unreadable without the DEK. | โ Pass | AES-256-GCM confirmed active on survey fields. |
| Staff Awareness | Random question: "Where is the Incident Response Plan?" | โ Pass | Both staff can locate the IRP in <30 seconds. |
| Backups | Verified the last automated backup was successful. | โ Pass | Success; retention policy enforced (30 days). |
| Individual Rights | Checked SAR Log for open items. | โ Pass | Zero requests pending; tracker is ready. |
3. Actions Arising
- Observation: One Python library was flagged by Dependabot during the audit.
- Action: [DPO Name] to patch to version X.X.X by end of week.
- Owner: [DPO Name]
- Deadline: [Insert Date]
Approved By: [SIRO Name], SIRO