Skip to main content

Data Security Standard 5 - Process reviews

Date Published:
28 September 2023

Current Chapter

Data Security Standard 5 - Process reviews

View all

Next Chapter

Root cause analysis (5.1.1)

This guidance relates to the 2023-24 (version 6) standard.

Overview

Past security breaches and near misses must be recorded, and used to inform periodic workshops to identify and manage problem processes. They also allow organisations to learn lessons and prevent future breaches.

Workshops should involve looking in detail at where high risk behaviours are most commonly seen, and then considering actions to address these issues. User representation (staff within your organisation who carry out the processes) at these workshops is crucial. It is important that the impact on the user is factored into considerations of how to address these issues, as a solution which is overly taxing could result in a workaround, creating more security risks.  

Processes are reviewed at least annually to identify and improve processes which have caused breaches or near misses, or which force staff to use workarounds which compromise data security

Please refer to further note on professional judgement, auditing and UK GDPR.

Last edited: 28 September 2023 11:10 am

Chapters

  1. Data Security Standard 5 - Process reviews
  2. Root cause analysis (5.1.1)
  3. Problem processes (5.2.1)