Firstly, I'm new to this forum, so I do hope I've posted this correctly!
Secondly, our LA arranged for an auditor to visit us yesterday, who went through all our policies, procedures, etc. Wanted to look at the server room, cabinets, physical security, everything. He took photocopies of all of our documentation, including internal memos.
Just wondered if anyone else had any experience of something like this, and whether it's something we can expect to be surprised with again!?
It's something you should expect to happen every 2-3 years (perhaps yearly if the auditor isn't happy!)
You ought to have been notified that the auditor was coming; these things are supposed to be supportive - ie they help you to find out what needs doing before things go horribly wrong.
The auditor we had this year was good - she understood IT and was quite happy that (eg) we don't have a fireproof safe full of tapes but we do have a documented procedure for making sure that data gets backed up to discs on severs at remote sites. I have had auditors in the past who simply don't know anything about IT and just have a ticklist. For these, I think creative lying is the best policy :-)
Our paperwork is a mess just not had time to sort it.
I've been with my current school since 1999 and have never been audited like this. They checked our stockbooks once and that was it.
Can they just come in like that? They can't force there way in without a warrant surely.
You need time to get everything together.