SBS - The best value in QMS software

Efficacy of an IT process after a cyber attack

MDRepair Canada

Starting to get Involved
#1
Hi!
I just joined a company who faced a huge cyber attack that destroyed some data.
I am auditing our IT process (using ISO 9001 standard) and i was wondering if i could conclude on the efficacy of this process knowing what happened. Apart from this big issue, the results are satisfactory.
After this attack some actions have been implemented (containment, corrective and preventive).

Thanks in advance for your help!
MD
 
Elsmar Forum Sponsor

yodon

Staff member
Super Moderator
#2
I think it would be hard for anyone here to offer any conclusions of efficacy without knowing more.

The question that jumped to my mind was why you were auditing to 9001 and not something seemingly more appropriate to security like ISO 27001? I don't think (just) 9001 will give a sufficient foundation for information security.
 

Tagin

Trusted Information Resource
#3
I agree with Yodon: we cannot offer anything on efficacy (do you mean 'effectiveness'?) without much more detail.

When using 9001 for IT defense, you are relying primarily on risk-based thinking (RBT), since 9001 does not offer prescriptive guidance specifically on IT practices. But RBT can work, if you use some best-practices as references or prescriptive guidance in your risk assessment. A good starting point would be the NIST Cybersecurity Framework:
Cybersecurity Framework

Also, look at CISA cybersecurity guidance:
CYBERSECURITY | CISA
 
Thread starter Similar threads Forum Replies Date
H Safety and efficacy study for CE marking CE Marking (Conformité Européene) / CB Scheme 1
B Efficacy of Q-Das system integrated with PC-DMIS Inspection, Prints (Drawings), Testing, Sampling and Related Topics 0
A Efficacy of ISO 9001:2015 - Survey ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
S FDA Class I Medical Device Safety and Efficacy Data Requirements Other US Medical Device Regulations 5
J Safety and Efficacy study for a medical device in US Other US Medical Device Regulations 5
Q When to issue a Customer Complaint related to efficacy of a Medical Device? ISO 13485:2016 - Medical Device Quality Management Systems 3
W FDA Requirements for Disinfectant Efficacy Test of iPhone Other US Medical Device Regulations 8
Ajit Basrur ICH Guidelines - Quality, Safety, Efficacy and Multidisciplinary Pharmaceuticals (21 CFR Part 210, 21 CFR Part 211 and related Regulations) 0
Sidney Vianna The Aerospace ICOP Scheme - Concerns over the Scheme's Efficacy/Effectiveness AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 39
W The value of an assessment approach to measuring processes efficacy General Auditing Discussions 3
J Need Help with FPY Data in Assembly Process Manufacturing and Related Processes 6
A When someone refuses to follow a process.... Misc. Quality Assurance and Business Systems Related Topics 21
E Software maintenance Process Software maintenance Process to IEC 6204? IEC 62304 - Medical Device Software Life Cycle Processes 3
R AS5553 Clause 3.1.7 f - "Implement a returns process....." AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 5
normhowe "The Problem with Quality Management: Process orientation, controllability and zero-defect processes as modern myths" Book, Video, Blog and Web Site Reviews and Recommendations 2
Judy Abbott General temperature used in the blasting process and laser process Manufacturing and Related Processes 2
B SOP for CNC turret punching machine for sheet metal process Manufacturing and Related Processes 0
A API Monogram audit review process Oil and Gas Industry Standards and Regulations 4
R AS9102 FAI Change in Material / Process Supplier AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 4
A Process mapping Process Maps, Process Mapping and Turtle Diagrams 1
R MDEL Process Canada Medical Device Regulations 4
optomist1 Rates Daily or Hourly Process Improvement Training Consultants and Consulting 2
S Manufacturing Process FDA FOIA Medical Device and FDA Regulations and Standards News 3
S Manufacturing Process FDA FOIA US Food and Drug Administration (FDA) 4
B Toyota PPAP Process - Three Questions APQP and PPAP 3
R Changes vs CMO - How can we simplify this process? Supplier Quality Assurance and other Supplier Issues 3
A Ethics Committee Review Process for IVD Products EU Medical Device Regulations 2
V Laser Welding Process - Impact on Electrical Properties Reliability Analysis - Predictions, Testing and Standards 4
Q Process: Knowledge Section 7.1.6 of ISO 9001:2015 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
L Documented Information in Internal Audits Process (9.2) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
A Sampling plan for in-process QC (medical devices) Inspection, Prints (Drawings), Testing, Sampling and Related Topics 13
R MRB (Material Review Board) Process using MS Sharepoint or MS Teams Manufacturing and Related Processes 2
M Clinical Benefit of device that only aids in a process for managing or treating disease EU Medical Device Regulations 2
C In-process inspection - Tooling and assembly lines for automotive companies AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 6
N Sterilization Protocol Change in Validation Process and further impacts ISO 13485:2016 - Medical Device Quality Management Systems 1
N Riveting - special process Manufacturing and Related Processes 11
M Material incoming to the production process reflected in PFMEA FMEA and Control Plans 9
A API Spec Q1 Purchasing Process - Supplier Reevaluation based on Supplier Risks 5.6.1.4 Oil and Gas Industry Standards and Regulations 17
B Handling lower detection limits for SPC and process performance Statistical Analysis Tools, Techniques and SPC 1
D Measurables for Plastic Injection molding process Manufacturing and Related Processes 1
S Cleaning process center change ISO 13485:2016 - Medical Device Quality Management Systems 4
Z Rapid audit template for plastic parts manufacturing process Manufacturing and Related Processes 12
R Inspection and Work order process Inspection, Prints (Drawings), Testing, Sampling and Related Topics 9
T ISO 13485:2016 Clauses related to process matrix ISO 13485:2016 - Medical Device Quality Management Systems 3
A How to reduce the process SPC monitoring Capability, Accuracy and Stability - Processes, Machines, etc. 3
John Predmore Configuration Management as a process instead of a procedure AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 8
R PCBA process validation Qualification and Validation (including 21 CFR Part 11) 2
U Internal Auditor not trained but done Audit for some process Nonconformance and Corrective Action 5
B Two excellent examples of process capability analysis from Quality Magazine Capability, Accuracy and Stability - Processes, Machines, etc. 5
D ECO (Engineering Change Order) process questions ISO 13485:2016 - Medical Device Quality Management Systems 7

Similar threads

Top Bottom