What is it?

This resource focuses on system or process testing and is designed to be used by those without a high level of information governance (IG) or data protection (DP) knowledge.

The questions in this resource have been produced to support you in your compliance with data protection legislation, but will be useful even if your system or process does not involve processing personal data.

Why did we create it?

The resource will help you incorporate IG questions into your system testing. The answers will aid structured conversations between system/process owners and IG/DP professionals.

The checklist can be given to system testers along with any other prompts you want them to consider, for example on usability.

The answers are valuable for the project or system lead, who can assess the findings and make necessary changes before roll out.

A summary of the answers and the actions you took following the feedback can form part of the written justification for the use of personal data. This may be a Data Protection Impact Assessment (DPIA) or a simpler record of your actions and justification.

Who should use it?

It is for anyone responsible for building or maintaining a system or process. This can be one or more of roles such as:

• Information Asset Owner
• Project lead
• System designer
• System developer
• Team leader.