Audit plan

(There are titles that may change during the audit)

Teksti suurus: [-A] [+A]


Database access management

The purpose of the audit is to assess whether database access management has been organised in accordance with the established requirements and whether measures are being implemented in the audited databases that ensure access by authorised persons to the database and prevent access by unauthorised persons.

The main questions in the audit are the following:
1. Have institutions established an access policy and does it comply with the information security framework ISKE?
2. Are accesses opened, used, modified, closed and verified securely (according to the national framework) and in accordance with the established procedures?
3. Are the activities related to the use and administration of the database, including access management, sufficiently logged, is the integrity of the logs secured and are the logs analysed?
4. Are checks on the substantive validity of data requests carried out and are data subjects also provided with the possibility of checks?

Area of government
Institution to be audited
Audit Department Audit Department
Director of Audit Ines Metsalu-Nurminen
Audit Team Toomas Viira, Alo Lääne, Jevgeni Lazartšuk
Audit Number 80087


Planned Start 2nd half of 2021 Actual Start 1st half of 2022
Planned End 2nd half of 2022 Actual End
Status Work in progress
Related Audits
Created on 9/10/2021
Last modified on 6/14/2022
Last reviewed on 6/14/2022