I recently ran an audit on an area that showed some things we needed to improve. We are required, as we all know, to do audits but what do we do with the data? We are supposed to asses it and fix areas that have problems. The real question is do we follow through?
In my case the areas of concern were not showing a security breach. They were pointing out the fact that I needed some more education for my team and to change my policies so they were easier to understand. These actions could prevent possible issues in the future. Those involved with the area we audited got together and discussed the findings and what we could do. We agreed on a solution, made the changes, had education sessions outlining the changes and put the new procedure in place.
If I get audited I can now show, through documentation, my findings and what we did to correct the issues identified. After all, the reason we audit ourselves is so that we can find areas of concern and fix things before they do, in fact, cause us an issue. If we just audit and do nothing with what we find why do the audit at all? Policies can always be improved, and this is a great way to help us find better ways to do things.
For us it’s been 30 days and the audit was done last week on what we changed. I am very excited to see the results of my new audit next week.
No related posts.