DATA PRIVACY AND THE IS AUDITOR
Information systems (IS) auditors continue to play an important role in providing assurance related to governance and control of information systems. The IS audit profession has grown over the last few decades in line with the ubiquitous growth of information systems.
Increased automation, greater efficiencies and the advantage resulting from innovative solutions have been achieved by deploying information systems. The systems have been diverse in terms of the technology, size as well as the specific benefits. The principles that guide the systems have, however, been relatively uniform irrespective of the nature of the systems. Delivery of reliable, efficient and effective solutions, ensuring an appropriate level of security and supporting compliance requirements, have been a common set of expectations across diverse systems. Many of the performance and security requirements related to information systems can be supported by deploying appropriate technology. Ensuring that systems comply with regulatory and legal requirements needs knowledge of the requirements that may be technology-neutral and expertise to translate them to the appropriate technology. For example, if the requirement expects the stored data to be protected, it is necessary to interpret the requirement so that the expectation can be translated to specific technology including encryption, digital rights management or any other approach that satisfies the data protection requirement.
Apr-Jun 2019 Issue
ISACA