PricewaterhouseCoopers Independent Audit Report to Hitwise
16th December 2011
Management Assertions – Competitive Intelligence Services Control Procedures
During the period 1 January 2010 through 31 December 2010, Hitwise has maintained effective control procedures to:
Methodology and Data Collection
- Accurately disclose the methodology for measuring the competitiveness and performance of web sites (web-ranking processes) on the following web sites:
- Ensure the completeness and accuracy of the data collection process, from ISPs and other data partners, into the web-ranking processEnsure customer queries over web-ranking information provided on www.hitwise.com are handled in accordance with company policies and procedures.
General Computer Operations
- Ensure program changes and program developments for the systems supporting the web-ranking processes are approved and tested
- Restrict privileged access to programs and data in accordance with access requirements for job roles
- Backup and recovery data collected during the web-ranking process
- Ensure the data collection processes does not include the collection and storage of personal information which would be in contravention of applicable privacy policies where Hitwise websites are hosted.
- United States Federal Privacy Law; New York, California and Texas State Privacy Law
- United Kingdom: The Data Protection Act 1998; The Privacy and Electronic Communications (EC Directive) Regulations 2003
- Australia: The Privacy Act 1988; privacy related laws in Telecommunications Act 1997
- New Zealand: The Privacy Act 1993
- Hong Kong: Hong Kong Personal Data (Privacy) Ordinance
- Singapore: Relevant statutes and common law torts (note no overarching privacy or data protection law in Singapore)
- Brazil: relevant privacy legislation
- Ensure security of customer information, including usage restrictions to a limited number of identified staff.
Improvements in controls are required in the following areas:
Document Retention and Records Management – There have been a limited number of instances where customer queries have not been fully documented in the Customer Relationship Management System in accordance with our Customer Complaint Handling Policy. Similarly, there have been a limited number of instances where issues raised in the Automated Error Alerts System have not been formally documented to indicate resolution in accordance with our Automated Errors Alerts Handling Policy. Additionally, some new user creation authorisation forms granting employee user access to the Customer Relationship Management System have not been consistently archived and maintained.
Product Development - Although there is a process in place to capture the approval of all product development projects there needs to be increased attention paid to ensuring that the project approval is filed for future reference.
Chief Information Officer
Hitwise Pty Ltd