Our unique approach lets us design programmes suited to almost any process.

The GDPR makes organisations accountable for ensuring that their controls are effective and their processes work as intended to protect personal data.

It can be difficult to be sure exactly how your processes operate, especially when there are third party suppliers and processors involved. We will work with you to understand your most important processes and help you make sure they are working just the way you expect.

DQM GRC’s process assurance services allow organisations to track end to end user journeys so you can see exactly what is going on. 

Learn more about our Process Assurance services and solutions below 
Process Assurance Services

How does this service work?

Data Seeding

Our data seeding team will work with you to design a process assurance programme tailored to your needs and requirements. This programme will take into consideration:

  • The nature of the process
  • The demographics and geographic locations of your typical process users
  • The risks and controls you want to test.

We will draw upon our data seeding network to provide covert assurance of your processes through a combination of ‘mystery shopping’ and data tracking.

This allows us to trigger specific process use cases and track the human and automated processing steps that take place.

Your process assurance test can be run as a one-off exercise or as a regular programme.

Examples of process assurance programmes

Data subject rights testing

Under the GDPR, individuals have the right to access their data and request that it is rectified, erased or that the ways it is processed are restricted. This is commonly known as a data subject rights request. The law puts the onus onto the organisation to recognise these requests and respond to them appropriately, regardless of how the request is made.

We will interact with your organisation in planned ways and then make data subject rights requests by different methods agreed with you. We will then track the request to understand:

  • Whether it is recognised as a rights request and the appropriate process triggered
  • Whether the process is followed correctly
  • Whether all the data in scope of the request is accessed, requested, restricted or erased as appropriate
  • Whether the process happens within mandatory time frames and/or your internal SLAs

At the end of the process you will receive a report setting out our findings and, where appropriate, making recommendations for improvements.

Sales process testing

It is essential that your sales teams treat customers fairly and that your target market has confidence in your approach.

We will interact with your organisation in planned ways to test your inbound and outbound sales processes to test:

  • Whether your sales teams place all the outbound sales calls allocated to them
  • Whether your sales teams follow your sales processes correctly
  • Whether your sales teams recognise signs of vulnerability and respond appropriately
  • ​Whether your sales teams treat people fairly and in accordance with your brand values.

At the end of the process you will receive a report setting out our findings and, where appropriate, making recommendations for improvements.

What to expect

Your consultant will work with you to define use cases and testing plans to meet your requirements. These will usually be derived from a combination of complaints data, areas of risk and concern, and standard use cases.

We will then recruit testers from our data seeding network aligned to the demographic and geographic profile of your customers. You will be provided with seeding data to insert into your database or outbound calling lists in order to test outbound sales processes, and our seeds will ‘mystery shop’ your organisation to test inbound sales processes.

Our consultants can work with you to resolve any issues we identify. This can include investigating the root cause of any process failures, working with you to redesign processes and delivering role-based training to individuals to ensure they understand their responsibilities and their role in controlling risks.

Consultancy Interview
Bespoke Solutions

Make it your own

We can tailor your audit programme to your specific needs and requirements.

Examples include:

  • Helping you to define standards for your data recipients to meet
  • Reviewing your contracts and data sharing agreements to ensure they remain in line with best practice and protect you and your data subjects appropriately
  • Incorporating a data seeding programme to provide evidence of data usage
  • Any other support to meet your needs – just ask!

contact us