Site search

Internal Audit-Data Protection

Updated 20.07.2024

Internal Audit & Data Protection

This comprehensive framework details Stonebridge University's dual commitment to operational accountability and privacy. It outlines the rigorous internal audit processes that safeguard our institutional integrity, alongside the strict data protection protocols that ensure the security and confidentiality of all personal information.

Internal Audit Policy

1. Introduction

Stonebridge University is committed to maintaining the highest standards of academic integrity, operational excellence, and regulatory compliance. The Internal Audit Policy establishes a structured and independent framework to evaluate the effectiveness of the university’s governance, risk management, and internal control systems.

Internal audit is a key component of institutional accountability and continuous improvement. Through systematic review and objective assessment, the university ensures that its academic, administrative, financial, and operational activities align with its strategic objectives and legal obligations.

2. Purpose and Scope

2.1 Purpose

The purpose of this Internal Audit Policy is to:

  • Safeguard the university’s assets and reputation.
  • Ensure compliance with applicable laws, regulations, and accreditation requirements.
  • Evaluate the effectiveness of governance, risk management, and internal control systems.
  • Promote transparency, accountability, and ethical conduct.
  • Identify areas for operational improvement and efficiency.

2.2 Scope

This policy applies to:

  • All academic departments and faculties.
  • Administrative and support services.
  • Financial management and procurement processes.
  • Online learning systems and digital infrastructure.
  • External partnerships, contractors, and third-party service providers where relevant.

The scope of internal audit activities includes, but is not limited to:

  • Academic quality assurance processes.
  • Financial reporting and budget management.
  • Compliance with accreditation standards and regulatory frameworks.
  • Information security and data protection systems.
  • Student services and administrative processes.

3. Definition of Internal Audit

Internal audit is an independent, objective assurance and consulting activity designed to add value and improve the university’s operations. It helps the university accomplish its objectives by bringing a systematic and disciplined approach to evaluating and improving the effectiveness of risk management, control, and governance processes.

4. Principles of Internal Audit

4.1 Independence and Objectivity

Internal audit activities shall remain independent from operational management. Auditors must perform their duties objectively and without conflict of interest.

4.2 Integrity and Confidentiality

All audit activities will be conducted with professionalism and integrity. Information obtained during audits will be treated as confidential and shared only with authorised individuals.

4.3 Transparency and Accountability

Audit findings and recommendations will be clearly documented and communicated to relevant stakeholders. Senior management is responsible for implementing corrective actions.

4.4 Risk-Based Approach

Audit planning will be based on a structured risk assessment process to ensure that areas of highest risk receive appropriate attention.

5. Roles and Responsibilities

5.1 Governing Body / Board of Directors

  • Approve the Internal Audit Policy.
  • Ensure the independence of the internal audit function.
  • Review significant audit findings and monitor corrective actions.

5.2 Senior Management

  • Support internal audit activities.
  • Ensure timely implementation of audit recommendations.
  • Provide access to necessary documentation and systems.

5.3 Internal Audit Function / Internal Auditor

  • Develop an annual risk-based audit plan.
  • Conduct audits in accordance with professional standards.
  • Report findings, risks, and recommendations to senior management and the governing body.
  • Follow up on the implementation of corrective actions.

5.4 Department Heads

  • Cooperate fully during audit activities.
  • Provide requested information in a timely manner.
  • Implement agreed corrective measures.

6. Internal Audit Process

6.1 Annual Audit Planning

An annual audit plan will be prepared based on institutional risk assessments, regulatory requirements, previous audit findings, and strategic priorities. The plan will be reviewed and approved by senior leadership or the governing body.

6.2 Audit Engagement

Each audit will include:

  • Definition of audit objectives and scope.
  • Review of relevant policies, procedures, and documentation.
  • Interviews with relevant personnel.
  • Testing of internal controls and processes.

6.3 Audit Reporting

Upon completion of an audit, a formal report will be issued including:

  • Summary of findings.
  • Identified risks and control weaknesses.
  • Recommendations for improvement.
  • Management responses and action plans.

Reports will be distributed to relevant management and, where appropriate, to the governing body.

6.4 Follow-Up and Monitoring

The internal audit function will monitor the implementation of agreed corrective actions. Follow-up reviews may be conducted to ensure that deficiencies have been adequately addressed.

7. Compliance and Regulatory Alignment

The Internal Audit function supports compliance with:

  • National higher education regulations.
  • Accreditation body requirements.
  • Data protection and privacy laws.
  • Financial reporting standards.
  • Institutional policies and codes of conduct.

Where necessary, the university may engage external auditors to provide additional independent assurance.

8. Confidentiality and Data Protection

All audit documentation, working papers, and reports will be securely stored and handled in accordance with the university’s Data Protection Policy. Sensitive information obtained during audits shall not be disclosed without proper authorisation, except where required by law.

9. Monitoring and Continuous Improvement

Internal audit outcomes will be analysed to identify recurring risks, systemic issues, and improvement opportunities. Findings will contribute to:

  • Policy revisions and updates.
  • Staff training initiatives.
  • Process optimisation.
  • Strategic decision-making.

The effectiveness of the Internal Audit function will be periodically evaluated to ensure alignment with best practices in higher education governance.

10. Policy Review

This Internal Audit Policy will be reviewed annually or as required due to:

  • Changes in legislation or regulatory requirements.
  • Institutional restructuring.
  • Strategic developments.
  • Recommendations arising from audit activities.

Any revisions will be approved by the governing body and communicated to relevant stakeholders.

11. Conclusion

Stonebridge University recognises the critical importance of internal audit in safeguarding institutional integrity, maintaining regulatory compliance, and enhancing operational effectiveness.

By implementing a structured and independent Internal Audit framework, the university demonstrates its commitment to transparency, accountability, and continuous improvement in delivering high-quality online education.

Data Protection Policy

1. Introduction

Stonebridge University is committed to protecting the privacy, confidentiality, and integrity of personal data. As an online higher education institution, the university processes significant volumes of personal and sensitive information relating to students, staff, applicants, partners, and other stakeholders.

This Data Protection Policy establishes the principles and procedures governing the collection, processing, storage, sharing, and protection of personal data. The university ensures compliance with applicable data protection legislation, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Purpose and Scope

2.1 Purpose

The purpose of this policy is to:

  • Ensure lawful, fair, and transparent processing of personal data.
  • Protect the rights and freedoms of individuals.
  • Safeguard personal data against unauthorised access, disclosure, alteration, or destruction.
  • Establish clear responsibilities for data protection across the university.
  • Promote a culture of data protection awareness and accountability.

2.2 Scope

This policy applies to:

  • All employees, academic staff, contractors, and consultants.
  • Students and applicants.
  • Third-party service providers processing data on behalf of the university.
  • All systems, platforms, and digital services used by the university, including virtual learning environments (VLE), admissions systems, HR systems, and cloud-based services.

It applies to all personal data processed by the university in both digital and physical formats.

3. Definitions

3.1 Personal Data

Any information relating to an identified or identifiable individual, including names, contact details, identification numbers, academic records, financial information, IP addresses, and online identifiers.

3.2 Special Category Data

Sensitive personal data requiring enhanced protection, including data relating to health, ethnicity, religious beliefs, biometric data, or criminal convictions.

3.3 Processing

Any operation performed on personal data, including collection, recording, storage, organisation, retrieval, use, disclosure, or deletion.

4. Data Protection Principles

Stonebridge University adheres to the following principles under UK GDPR:

4.1 Lawfulness, Fairness, and Transparency

Personal data shall be processed lawfully, fairly, and in a transparent manner.

4.2 Purpose Limitation

Data shall be collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.

4.3 Data Minimisation

Only data that is adequate, relevant, and necessary for the intended purpose shall be collected.

4.4 Accuracy

Personal data shall be accurate and kept up to date.

4.5 Storage Limitation

Data shall not be retained longer than necessary for the purposes for which it was collected.

4.6 Integrity and Confidentiality

Appropriate technical and organisational measures shall be implemented to ensure data security.

4.7 Accountability

The university is responsible for demonstrating compliance with data protection legislation.

5. Lawful Bases for Processing

Personal data will only be processed where a lawful basis applies, including:

  • Consent of the data subject.
  • Performance of a contract (e.g., student enrolment).
  • Compliance with a legal obligation.
  • Protection of vital interests.
  • Performance of a task carried out in the public interest.
  • Legitimate interests pursued by the university, provided these do not override individual rights.

Special category data will only be processed under additional lawful conditions as required by law.

6. Roles and Responsibilities

6.1 Governing Body

  • Ensure institutional compliance with data protection legislation.
  • Oversee strategic data governance arrangements.

6.2 Data Protection Officer (DPO)

The university shall appoint a Data Protection Officer (DPO) who will:

  • Monitor compliance with data protection laws.
  • Provide advice and guidance on data protection obligations.
  • Act as the primary contact point for the Information Commissioner’s Office (ICO).
  • Support data protection impact assessments (DPIAs).

6.3 Staff and Contractors

All staff must:

  • Process personal data in accordance with this policy.
  • Maintain confidentiality of personal data.
  • Complete mandatory data protection training.
  • Report data breaches immediately.

6.4 Students

Students must:

  • Respect the privacy and confidentiality of others.
  • Use university systems responsibly and in compliance with policies.

7. Data Security Measures

The university implements appropriate technical and organisational measures, including:

  • Secure cloud-based infrastructure.
  • Encryption of sensitive data where appropriate.
  • Multi-factor authentication for system access.
  • Role-based access controls.
  • Regular security audits and vulnerability testing.
  • Secure data backup and disaster recovery procedures.

Physical records, where applicable, will be stored securely with controlled access.

8. Data Subject Rights

Individuals have the following rights under UK GDPR:

  • Right to be informed.
  • Right of access.
  • Right to rectification.
  • Right to erasure (“right to be forgotten”).
  • Right to restrict processing.
  • Right to data portability.
  • Right to object.
  • Rights relating to automated decision-making and profiling.

Requests to exercise these rights must be submitted in writing. The university will respond within one month in accordance with legal requirements.

9. Data Retention

The university maintains a Data Retention Schedule specifying retention periods for different categories of data. Once retention periods expire, data will be securely deleted or anonymised.

10. Data Breaches

A personal data breach includes any unauthorised access, disclosure, loss, or alteration of personal data.

10.1 Reporting

All suspected or actual data breaches must be reported immediately to the Data Protection Officer.

10.2 Investigation and Notification

The university will:

  • Investigate the breach promptly.
  • Assess the risk to individuals.
  • Notify the Information Commissioner’s Office (ICO) within 72 hours where required.
  • Inform affected individuals where there is a high risk to their rights and freedoms.

All breaches will be documented in a central breach register.

11. International Data Transfers

Where personal data is transferred outside the UK, the university will ensure appropriate safeguards are in place, such as:

  • Adequacy decisions.
  • Standard contractual clauses.
  • Approved certification mechanisms.

12. Third-Party Processors

Where external service providers process personal data on behalf of the university, written agreements will ensure:

  • Compliance with data protection legislation.
  • Appropriate security measures.
  • Confidentiality obligations.
  • Audit rights where necessary.

13. Training and Awareness

The university will provide regular data protection training to staff and relevant stakeholders. Training will include:

  • Data handling best practices.
  • Recognising and reporting data breaches.
  • Information security awareness.

14. Monitoring and Policy Review

This policy will be reviewed annually or when significant legal, regulatory, or operational changes occur. Compliance will be monitored through internal audits and risk assessments.

15. Conclusion

Stonebridge University recognises that the protection of personal data is fundamental to maintaining trust, safeguarding individual rights, and upholding institutional integrity.

Through this Data Protection Policy, the university demonstrates its commitment to responsible data governance, regulatory compliance, and the secure delivery of high-quality online education.

We are here for you

Discover the best degrees in United Kingdom. Contact us whenever you need, from the channel you want.

Contact us Apply
Contact options

Prefer email, form, or a quick message? Choose what’s easiest—your request gets routed correctly.

Student Support: 7/24
Email us

Typical response time is under 60 minutes during business hours.

hello@stonebridge.university

STUDY

Short courses
Top-up
Undergranduate
Masters courses
Research degrees
International
Course search

INFORMATION

Student Information
Business Information
Scholarships and funding
Internal Audit
Strategy & Policy
Values and responsibility
Diversity, Equity and Inclusion

USEFUL LINKS

Contact search
Jobs and vacancies
Academic Calendars
Complaints procedure
Online Payments
Applicant Portal
Access you VLE
Student & Staff Portal

Please click here for more information about Stonebridge University's official registration and accreditation.

Copyright © 2025 Stonebridge University. All rights reserved.

Privacy Policy
Terms & Conditions
Cookie Policy
Data Protection
Sitemap
Privacy Policy
Terms & Conditions
Accessibility
Cookie Policy
Data Protection
Sitemap

Copyright © 2025 Stonebridge University. All rights reserved.

Book your place

Mobil Uyumlu Açık Gri Çizgi
Your Course Details

Your Course Details

Mobil Uyumlu Açık Gri Çizgi
Your Course Details

Tell us about yourself

Mobil Uyumlu Açık Gri Çizgi
Opt-in Preferences

Let's keep in touch.

While you’re here, we’d also just like to get your opt-in preferences for keeping in touch.

By opting for us to stay in touch, you agree to Stonebridge University using your personal data in accordance with our Marketing, Recruitment and Admissions Privacy Statement .

We will use your data to provide you with further details on the University, courses we think you may be interested in, and to inform you of forthcoming events, such as our Open Days. We may also use your data for market research purposes, such as data analysis or to ask you to complete one of our online surveys.

To help us to stay in touch, we may use third party advertising services and communication platforms. You can change your preferences or unsubscribe at any time.