ICT Department

Nashi

Registered
I have gone through the ICT internal audit questionnaire and I feel the questions are more based on Housekeeping.

Is there anyone that can share their thoughts on particular clauses or share a template for the ICT department or is it usually ignored in the QMS internal audits?
 

qusys

Trusted Information Resource
I have gone through the ICT internal audit questionnaire and I feel the questions are more based on Housekeeping.

Is there anyone that can share their thoughts on particular clauses or share a template for the ICT department or is it usually ignored in the QMS internal audits?
Hi Nashi
are you auditing vs ISO 9001?
You could check the clause of infrastructure, I mean check the effectiveness of the maintenance plan of the servers, uses of firewall, etc..
Identification and traceability of the product by means of ICT tool could be another area of investigation.
Consider that ISO 9001 has clauses that are traversal:
- risk analysis
-customer requirements if any
- training and competence
- roles and responsibilities
- problem solving and corrective actions
- resource management, including also external resources ( vendors or service suppliers for this process)
- link with other QMS processes ( for example: in case of introduction of new products and processes, how ICT contributes in the planning of tools and infrastructure)

Another topic is cybersecurity ( for example, how the organization is ready for external attack of hackers, ransomware etc) including contingency plan in case of disaster ( data and record management, back procedures etc).

Monitoring and measurement of the process of ICT: KPI, metric, actions in case of objective not met.
Continuous improvement actions in place for this process.
Documentation and controlled information that are applicable to this process.

There area lot of stuff to investigate depending on the criteria of the audit. You can also consider to use process approach and turtle diagram as method to integrate info and evidence to be collected.
Hope this helps.
 

Nashi

Registered
Hi Nashi
are you auditing vs ISO 9001?
You could check the clause of infrastructure, I mean check the effectiveness of the maintenance plan of the servers, uses of firewall, etc..
Identification and traceability of the product by means of ICT tool could be another area of investigation.
Consider that ISO 9001 has clauses that are traversal:
- risk analysis
-customer requirements if any
- training and competence
- roles and responsibilities
- problem solving and corrective actions
- resource management, including also external resources ( vendors or service suppliers for this process)
- link with other QMS processes ( for example: in case of introduction of new products and processes, how ICT contributes in the planning of tools and infrastructure)

Another topic is cybersecurity ( for example, how the organization is ready for external attack of hackers, ransomware etc) including contingency plan in case of disaster ( data and record management, back procedures etc).

Monitoring and measurement of the process of ICT: KPI, metric, actions in case of objective not met.
Continuous improvement actions in place for this process.
Documentation and controlled information that are applicable to this process.

There area lot of stuff to investigate depending on the criteria of the audit. You can also consider to use process approach and turtle diagram as method to integrate info and evidence to be collected.
Hope this helps.
Thank you qusys
 
Top Bottom