For the security principle, the audit examines the organization’s safeguards against unauthorized access of data and the security policies/tools in place.
The availability principle deals with the accessibility of the organization’s system. Per any contracts or obligations in place, can parties to the previous access the system or service as stipulated? Availability requires a positive answer.
When a system promises a certain speed and quality of data storage and delivery, they must comply with that promise. The processing integrity principle addresses just that – the entity has to ensure the system is processing data according to the guidelines it has set.
In specific situations or industries, certain data can be restricted to only a few people, deeming the data confidential. Confidential data includes protected health information, personal information, and financial information – among many others. The organization should have proper mechanisms in place to ensure confidentiality of said data.
The privacy principle deals with the use, collection, and removal of data. The organization should be following best practices as delineated in its privacy notice. The privacy controls in place should protect the data according to privacy principles.