The language that is often used by data protection and information security professionals can be impenetrable to most mortals. So three cheers to the ICO for translating some of the technical terms into plain English. If a data protection or compliance officer ever wanted a conversation opener with their security team, this report contains a list of some 39 questions that could easily be asked by ICO auditors in the event they decide to carry out a formal information security audit on the organisation.
The report helps the less technically gifted professionals appreciate what sorts of questions they need to ask of their security teams, even if they won’t necessarily understand the answers. The key issue is that the officer can (hopefully) rest assured that someone within the organisation understands this stuff, and that they are dealing with it. Which is a lot better than realising that no-one is dealing with it.