Stiki has for many years performed various reviews for its clients. This includes audits of the security of
personal data at the request of the Data Protection Authority (external audits) as well as at the request of the audited organisations themselves (internal audits).
During audits, appropriate standards are applied, e.g. the audit standard EN ISO 19011:2002. This standard defines auditing as a "systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which audit criteria are fulfilled."
Requirements for quality, security, applicability and environmental impact are met by way of audits, among other things.
Internal audits (also known as first-party audits) are carried out by or for the
organisation itself for internal use, and can form the base for the organisation's own statement on compliance with standard procedures.
External audits are conducted by a second or third party. Second-party audits are performed by stakeholders in the company, such as clients, or other persons on their behalf.
Third-party audits are carried out by independent companies. Such companies grant certification in accordance with requirements, as defined in requirement standards such as ISO 9001, ISO 14001 and ISO/IEC 27001
The desire to proceed with care and pass with flying colours is inherent in most people. Audits are not new phenomena. They are a confirmation that things are as expected.