What is horizontal and vertical audit?
Vertical audit involves checking all aspects of the data protection system within a
particular area, function or department. A Vertical audit (Functional Audit) concentrates on processes,
procedures and records restricted to the department itself and does not cross interdepartmental
boundaries. It is recommended that auditors question data protection staff
during functional audits because they should be most familiar with how departmental systems
implement the organisations overall data protection policies.
Horizontal Audit involves tracking a particular process from one end to the other. A process
audit will cross a number of interfaces between areas, functions or departments. It is the key
to understanding how an organisation functions and is best conducted with front-line or
base operational staff.