SBS - The Best Value in QMS software

Efficacy of an IT process after a cyber attack

MDRepair Canada

Starting to get Involved
#1
Hi!
I just joined a company who faced a huge cyber attack that destroyed some data.
I am auditing our IT process (using ISO 9001 standard) and i was wondering if i could conclude on the efficacy of this process knowing what happened. Apart from this big issue, the results are satisfactory.
After this attack some actions have been implemented (containment, corrective and preventive).

Thanks in advance for your help!
MD
 
Elsmar Forum Sponsor

yodon

Staff member
Super Moderator
#2
I think it would be hard for anyone here to offer any conclusions of efficacy without knowing more.

The question that jumped to my mind was why you were auditing to 9001 and not something seemingly more appropriate to security like ISO 27001? I don't think (just) 9001 will give a sufficient foundation for information security.
 

Tagin

Trusted Information Resource
#3
I agree with Yodon: we cannot offer anything on efficacy (do you mean 'effectiveness'?) without much more detail.

When using 9001 for IT defense, you are relying primarily on risk-based thinking (RBT), since 9001 does not offer prescriptive guidance specifically on IT practices. But RBT can work, if you use some best-practices as references or prescriptive guidance in your risk assessment. A good starting point would be the NIST Cybersecurity Framework:
Cybersecurity Framework

Also, look at CISA cybersecurity guidance:
CYBERSECURITY | CISA
 
Thread starter Similar threads Forum Replies Date
H Safety and efficacy study for CE marking CE Marking (Conformité Européene) / CB Scheme 1
B Efficacy of Q-Das system integrated with PC-DMIS Inspection, Prints (Drawings), Testing, Sampling and Related Topics 0
A Efficacy of ISO 9001:2015 - Survey ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
S FDA Class I Medical Device Safety and Efficacy Data Requirements Other US Medical Device Regulations 5
J Safety and Efficacy study for a medical device in US Other US Medical Device Regulations 5
Q When to issue a Customer Complaint related to efficacy of a Medical Device? ISO 13485:2016 - Medical Device Quality Management Systems 3
W FDA Requirements for Disinfectant Efficacy Test of iPhone Other US Medical Device Regulations 8
Ajit Basrur ICH Guidelines - Quality, Safety, Efficacy and Multidisciplinary Pharmaceuticals (21 CFR Part 210, 21 CFR Part 211 and related Regulations) 0
Sidney Vianna The Aerospace ICOP Scheme - Concerns over the Scheme's Efficacy/Effectiveness AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 39
W The value of an assessment approach to measuring processes efficacy General Auditing Discussions 3
Ch00Ch00 Evaluate a process - Issue number Lean in Manufacturing and Service Industries 0
F Rules of process outsourcing in China China Medical Device Regulations 0
B Process / Procedure - Radiographic (X-Ray) Non-Film Document Control Systems, Procedures, Forms and Templates 0
P Certification process for registered device China Medical Device Regulations 11
J NCR- Failure of contract review process - NADCAP audit AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 6
Melissa Process Validation of Rotary Heat Sealer Speeds Design and Development of Products and Processes 4
C Validation of process for releasing the UDI EU Medical Device Regulations 4
Melissa Risk Management Process, How far do I need to go? ISO 14971 - Medical Device Risk Management 10
C Validation of process for production and servicing 5.7.1.5 API Spec Q1, 9th Edition Oil and Gas Industry Standards and Regulations 3
Z IA Construction Procurement Process Internal Auditing 3
H Risk Management Plan in agile process ISO 14971 - Medical Device Risk Management 11
DuncanGibbons Process flow & PFMEA for production planning and simulation activities? Process Maps, Process Mapping and Turtle Diagrams 7
N Help with understanding Process Controls Manufacturing and Related Processes 7
M VDA 6.3 – Workshop for Certified Process Auditor VDA Standards - Germany's Automotive Standards 1
C Process Consistency Manufacturing and Related Processes 5
I PFD (Process Flow Diagram) approach. Setup details as part of PFD? APQP and PPAP 5
K Business Process Flowchart Process Maps, Process Mapping and Turtle Diagrams 2
L Looking for Control Plan and FMEA Stamping process FMEA and Control Plans 2
J License renewal process in Iran Other Medical Device Regulations World-Wide 0
J Definition Outsourced process - Clear definition - 13485 Definitions, Acronyms, Abbreviations and Interpretations Listed Alphabetically 5
S IS0 13485 process flows ISO 13485:2016 - Medical Device Quality Management Systems 2
H Verification Process for the existing MDS Product IEC 62304 - Medical Device Software Life Cycle Processes 5
C Revalidation of Process Equipment for Equipment Transfered to New Facility. ISO 13485:2016 - Medical Device Quality Management Systems 5
Q Process map Evaluation and Analysis Method Process Maps, Process Mapping and Turtle Diagrams 5
S In process inspection Manufacturing and Related Processes 2
S Brexit 100% inspection during in process inspection Manufacturing and Related Processes 11
A Complaint review as part of the complaint handling process? ISO 13485:2016 - Medical Device Quality Management Systems 3
mustomutlu Process Validation Final Report Other Medical Device and Orthopedic Related Topics 2
Q Process Matrix_Audit Matrix Quality Management System (QMS) Manuals 4
Q Process description for outsourced processes ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
Q Process matrix examples of ISO 9001 & 14001 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
J Need Help with FPY Data in Assembly Process Manufacturing and Related Processes 7
A When someone refuses to follow a process.... Misc. Quality Assurance and Business Systems Related Topics 27
E Software maintenance Process Software maintenance Process to IEC 6204? IEC 62304 - Medical Device Software Life Cycle Processes 3
R AS5553 Clause 3.1.7 f - "Implement a returns process....." AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 5
normhowe "The Problem with Quality Management: Process orientation, controllability and zero-defect processes as modern myths" Book, Video, Blog and Web Site Reviews and Recommendations 2
Judy Abbott General temperature used in the blasting process and laser process Manufacturing and Related Processes 2
B SOP for CNC turret punching machine for sheet metal process Manufacturing and Related Processes 0
A API Monogram audit review process Oil and Gas Industry Standards and Regulations 5
R AS9102 FAI Change in Material / Process Supplier AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 4

Similar threads

Top Bottom