Re: Are TalkTalk auditted?
From the 2015 annual report ( http://www.talktalkgroup.com/investors/reports/2015.aspx) :
4. Data and cybersecurity
Potential impact: Failure to prevent the loss or exploitation of personally identifiable or
commercially sensitive information could result in loss of competitive advantage,
regulatory fines, damage to the brand,and ultimately, churn.
Mitigation: The Group continually reviews and seeks best practice external guidance on its data and cyber security capability and invests in and implements new solutions, both to prevent and detect incidents. TalkTalk continues to adopt the Ten Steps to Cyber Security as a control
framework for mitigating key areas of risk. Progress is monitored via the in house Data Council, which convenes monthly and is chaired by the Chief Technology Officer (CTO). In FY15, key initiatives including the encryption of hardware and removable media , a data loss prevention solution, vulnerability scanning and penetration testing have been completed. A new Head of Security has also been appointed to establish and oversee the new Security Operations Centre, the activities of which have been outsourced to cyber security experts BAe systems.
So either they lied in their annual report or the head of security/BAe needs a kick up the arse.