Data Audit Planning

Data audit planning works best when the key decision makers in your organization are on board and included in the process. This should include a representative from each department, such as IT, finance, C-level management, human resources, and so on. Once your team is assembled, you are ready to begin data audit planning.

1. Identify Data

First, consider the primary types of information that your company handles, such as social security numbers, payment card numbers, patient records, designs, and employee records. Prioritize what must be protected.

2. Locate Data

Identify and list where each item on the information list resides within your company, such as file servers, workstations, laptops, removable media, and databases.

3. Classify Data

A classification scheme lets you rank information assets based on how much harm would be caused if the information was disclosed or altered. Your team should strive to be realistic and aim for consensus.

Visibility of Information

Type of information


Marketing campaigns, contact information, financial reports


Phone lists, organizational charts, office policies

Internal (sensitive/confidential)

Business plans, strategic initiatives, non-disclosure agreements, customer lists, compensation information, merger and acquisition plans, layoff plan


Patient data, financial records

4. Report Findings

The final stage is to collate findings and report back with recommendations on how data management practices could be improved. Common data issues faced include:

5. Make Recommendations

Improvements to data management and security should include recommendations: