DASTRA
English
English
  • What is Dastra
  • 🇪🇺USEFUL REMINDERS
    • What is GDPR ?
    • GDPR key concepts
      • Personal data
      • Record of processing activities (ROPA)
      • Privacy impact assessment
      • Data retention period
      • Data Subject Rights (DSR)
      • Privacy by design and by default
      • Security measures
      • Data breach notifications
    • Risk management
      • Definition of risks
      • Risk assessment
      • Vendor risk management
  • 🧑‍🎓GETTING STARTED
    • Setting up
      • Create and set up a workspace
      • Create and set up organizational units
      • Appointing a DPO
      • Add a lead authority
      • Invite users
      • Managing roles and permissions
      • Create and assign teams
      • Frequently asked questions
    • Tutorial
      • Step 1: Setting up
      • Step 2: Map your personal data processing and draw up a register
      • Step 3: Managing risks
      • Step 4: Prioritize actions
      • Step 5: Implement internal processes
      • Step 6: Document compliance
    • Support
      • The dastronaut's assistant
      • Online help
      • Request support
      • The customer support process
  • ⚙️Features
    • Dashboard
    • General
      • Advanced Filters
      • Import your data (Excel, Csv)
      • Tag management
      • Custom fields
      • AI Assistant
      • Email templates
    • Data Mapping
    • Record of processing activities
      • "Data controller" record
      • "Data processor" record
      • Establish your record
      • Export / import the record
      • Use a processing activity template
      • Declare a processing activity
      • Complete a data processing activity
        • General information
        • Stakeholders
        • Purposes
        • Dataset
        • Assets
        • Data subjects
        • Data subjects rights (DSR)
        • Recipients
          • Data transfers outside the EU
        • Security measures
        • Impact analysis
        • Documentation
      • Create relationships between processing activities
      • Processing freshness
      • Share the record of processing
      • Data visualization
        • View the treatment tree
        • View the record data map
        • View the transfers map
      • Frequently asked questions
    • Audits and DPIA
      • Create or modify an audit template or DPIA
      • Scheduling an audit or a PIA
      • Share an audit report or PIA
      • FAQ
    • Privacy hubs
      • Create a Privacy hub
      • Configure your Privacy hub
        • Homepage and general configuration
        • Questionnaires
        • Data subject requests
        • Record of processing activities
        • Attachments
        • Organizational chart
        • Contacts
        • Security
        • Appearance and design
      • Preview and share your privacy hub
      • Collecting data processing projects from a Privacy hub.
    • Contracts
      • Declare a Contract
      • Structure of a contract
      • Documents
      • Assets
      • Signers
      • Linked users
      • Sign the contract
      • Docusign integration
      • Contract versions
      • Contract templates
    • Risk management
      • Glossary of terms
      • Risk management process
        • 1. Identification
        • 2. Assess
        • 3. Monitor
        • 4. Control
        • Let's recap
      • Dastra / eBios RM comparison
      • Attach a risk to a processing activity
      • FAQ
    • Planning
      • Create your action plan
      • Create or modify a project or an iteration
      • Monitor, screen or export your tasks
      • Customise the task workflow
      • Share as calendar
      • Customise the task workflow
      • Go further with planning
      • FAQ
    • Data subject right request
      • Manage data subject right requests
      • Set up a data subject right request widget
      • Technical integration
      • API integration
    • Manage data breach notifications
      • Report a data breach
      • Export your data breach notifications
    • Manage cookies consent
      • Widget configuration
        • Preliminary study
        • Cookies scanning
        • Classify cookies by consent categories
        • The purposes of cookies
        • Implement a cookie consent widget
        • Collect proof of cookie consent
        • Go further on cookie consent
        • In case of unavailability
      • Technical integration
        • Functioning of the widget
        • Quick start
          • Wordpress
        • Language management
        • Test the integration of a widget
        • Blocking cookies
          • Blocking iframes (twitter/youtube...)
          • Google Tag Manager
        • Advanced Design
        • Manage consent programmatically
        • User identification
        • Mobile applications
          • Hybrid applications
          • Native applications
        • TCF 1.1/2.0
      • RGAA compliance
      • Breakdown service
    • Regular review (freshness)
    • Custom Reporting
      • Integration with data analysis tools (BI)
    • AI Systems
      • Establishing a record of AI systems
      • Risk analysis and business value
      • Transparency notice
      • AI Models repository
    • Advanced configuration
      • SCIM
      • Roles and permissions
      • Single Sign On (SSO)
        • SAML 2
        • OpenId
        • ADFS
        • Active Directory
        • Okta
        • Known problems
      • References
      • API key management
      • Notifications
      • Workflow steps / process flow
      • Incoming mail data collection
      • OneDrive/Google Drive integrations
      • Webhooks
      • SMTP configuration
      • Workflow rules
      • Message templates
      • Email domains
  • PARTNERS
    • Portal
  • 📄API documentation
    • Configuration
    • Authentication
    • API References
    • Integrations
      • Frequently asked questions
  • 🛡️Security
    • Security at Dastra
    • Security roadmap
    • Quality of Service
  • Certifications
  • 🤖Other
    • FAQ
    • Known problems
    • Changelog
  • Referentials
    • CNIL referentials
      • HR referential from CNIL
Propulsé par GitBook
Sur cette page
  • Introduction
  • Create or modify an audit / PIA template
  • Create a PIA template
  • Automated audit templates
  • Customised audit templates
  • Items audited
  • Types of templates
  • Combined audit templates
  • Load an audit template you own
  • Go further

Cet article vous a-t-il été utile ?

  1. Features
  2. Audits and DPIA

Create or modify an audit template or DPIA

Learn how to create and modify an audit template or DPIA with Dastra.

Dernière mise à jour il y a 1 an

Cet article vous a-t-il été utile ?

Introduction

Creating or modifying an audit template or PIA in Dastra is a breeze. To do so, access the "Audit" functionality.

Create or modify an audit / PIA template

To create an audit or PIA template, click the "Create Template" button on the "Audit" tab. Then you can select one of the 3 types of audit templates that exist in Dastra: automated, combined or custom.

This brings you to the template type selection interface:

  • By clicking on the "Automated Audit" tab, you will choose an existing predefined audit template from the Dastra Audit Library.

  • By clicking on "Combined Audit" will combine multiple audits into one.

  • By clicking on "Custom Audit" you can build your own audit template.

Unlike automated audits, custom audits are fully customisable. Based on the answers selected by respondents, you will be able to automatically generate an action plan or map the risks associated with the model.

Create a PIA template

PIA templates are included in the automated audit templates and are freely accessible from the Dastra library. To create or modify a PIA template, click on "Automated Audit", then select "PIA (CNIL) - Privacy Impact Analysis" before clicking "save".

In Dastra, PIAs are one of several automated audit models.

Once you have selected the template, you will be taken to the planning screen where you can perform one of the 2 actions below:

  • either modify the template by clicking on the "Modify template" button or

  • schedule an audit by clicking on the "Schedule an audit" button

For PIAs, an additional option is possible, if applicable: import your PIA from the CNIL tool. To do this, click on the "Import your CNIL PIA" button.

Indeed, it is possible to import a PIA made by the CNIL tool. The CNIL PIA must be extracted in .json format and imported into Dastra.

A large part of the elements will be included in the Dastra PIA.

Automated audit templates

Dastra offers a number of automated audit templates to document compliance and drive processes.

For example, templates for legitimate interest assessment (LIA) and transfer out of the EU (TIA) are included in the application.

Customised audit templates

In Dastra, you can create your own custom audit template. To do this, click on the "Custom Audit" option. This will take you to the audit template editing interface.

Build the audit template you want and click on "Save and Continue".

Items audited

You can link audits to items in Dastra. By choosing the type of item being audited, you force all audit responses based on that template to be linked to an object of the chosen type. For example, you can choose that this audit template will always be linked to a process.

You can choose not to link an audit to a particular object. In this case, the response will always be linked to an organisational unit. This may be the case for global compliance audits for example.

Types of templates

When creating a custom template, you will need to choose a template type.

These types allow for some customisation of audit models.

  • Standard audit: this is a standard questionnaire

  • Compliance audit: currently a standard questionnaire

  • Impact analysis: this audit template allows a risk matrix to be displayed (with the required configuration) and to be called up at the PIA stage of a processing operation

  • Subcontractor audit: this audit template is called at the subcontractor recipients stage of a processing operation

  • Transfer Impact Audit (TIA): an audit to analyse the risks related to a data transfer outside the EU

  • Legal Basis Audit of the Register (LIA): audit of the legal basis of legitimate interests to ensure that the interests do not override the rights and freedoms of individuals

  • Training questionnaire: a questionnaire for conducting training quizzes. This type of questionnaire makes it possible to select a correct answer from the answers and to display the correct answers at the end of the questionnaire.

Combined audit templates

In Dastra, you can combine several existing audit templates into one. To do this, select the "Combined Audit" option and follow the steps.

Load an audit template you own

Finally, it is possible to import one of your audit templates, in json format. To do this, when creating the audit, select the "Load a template" option.

Go further

⚙️
Scheduling an audit or a PIA
Share an audit report or PIA