‣
‣
‣
‣
‣
‣
‣
‣
Evidence item 1.1.1: What is your organisation’s Information Commissioner’s Office (ICO) registration number?
Evidence item 1.1.2: Does your organisation have an up to date list of the ways in which it holds and shares different types of personal and sensitive information?
Evidence item 1.1.3: Does your organisation have a privacy notice?
Evidence item 1.1.5: Who has responsibility for data security and data protection and how has this responsibility been formally assigned?
Evidence item 1.3.13: Briefly describe the physical controls your buildings have that prevent unauthorised access to personal data.
Evidence item 1.4.3: If your organisation destroys any records or equipment that hold personal data, how does it make sure that this is done securely?
Evidence item 6.3.5: Have you had any repeat data security incidents within the organisation during the past twelve months?
Evidence item 8.3.1: How do your systems receive updates and how often?