# O4.9 Mandate security audits by third parties

{% tabs %}
{% tab title="Principle" %}
[O4 Assure data security by design](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/principles/operational-principles/o4-assure-data-security-by-design)
{% endtab %}

{% tab title="Risks" %}
[RS2 Digital insecurity,](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/risks/risks-to-safety) [SV1 Digital distrust](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/risks/risks-to-structural-vulnerabilities)
{% endtab %}

{% tab title="Lifecycle Stages" %}
[L5 Operations and Maintenance](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/responsible-authorities/r3-donor/l5-operations-and-maintenance-1)
{% endtab %}
{% endtabs %}

## Practices

* Develop guidelines and criteria for selecting qualified third-party auditors with expertise in data security, ensuring audits are thorough and credible.
* Mandate regular security audits for all DPI systems and require the findings to be transparently reported to relevant stakeholders, including government bodies and the public.
* Use audit results to identify vulnerabilities and enforce timely implementation of recommended security enhancements, ensuring continuous improvement of DPI system security.&#x20;