Mikishots
Trusted Information Resource
With respect to AS9100D Clause 7.5.3.2, there is a requirement to define data protection processes.
While our IT group is very much included in our audit that contains review of document and record control (as we almost exclusively have a paperless system), this requirement has them asking exactly what "define' means. They are reluctant to create any kind of document that explains how they go about protecting data because they are not the kind of guys that will do anything outside IT work that they don't have to, and audits have shown that they indeed do have a robust method and infrastructure to do these activities reliably.
But what of "define"? Is there any guidance material that would explain what the Standard specifically means and expects when the term "define" is used? I've had a careful look in ISO 9000:2015 - Fundamentals and Vocabulary, but no dice.
My take: They need some kind of documentation that explains how they go about protecting our data, and to show that they can continue the practice without having to depend on certain individuals simply knowing what to do - a tidy segue-way into organizational knowledge!!!
thanks all.
While our IT group is very much included in our audit that contains review of document and record control (as we almost exclusively have a paperless system), this requirement has them asking exactly what "define' means. They are reluctant to create any kind of document that explains how they go about protecting data because they are not the kind of guys that will do anything outside IT work that they don't have to, and audits have shown that they indeed do have a robust method and infrastructure to do these activities reliably.
But what of "define"? Is there any guidance material that would explain what the Standard specifically means and expects when the term "define" is used? I've had a careful look in ISO 9000:2015 - Fundamentals and Vocabulary, but no dice.
My take: They need some kind of documentation that explains how they go about protecting our data, and to show that they can continue the practice without having to depend on certain individuals simply knowing what to do - a tidy segue-way into organizational knowledge!!!
thanks all.
Last edited: