Re: ISO 9001:2088 Checklist Help!!!
Good day shami4u,
When auditing IT I consider 6.3, which is about infrastructure. But I do a process audit, which means
1) Inputs from system users, such as what documents and records they need to keep and for how long. How important is data security?
2) What equipment, tools and materials IT uses to keep things running - make sure data is available at all planned times. This could include battery backup power systems and a program for controlled shutdown for extended power loss contingencies. It might involve "mirrored" servers and equipment and materials (tapes etc.) to do data backups.
3) What plans or instructions IT personnel operate with in order to make sure planned activities get done. Since no controlled procedure is needed for this, I have asked for backup schedules and what is used in case they need to teach a new guy what to do.
4) If backups are being done (and I hope they are) how are the media stored to keep safe from degradation loss or being "misplaced"? If data security is important, disposal controls matter. How are old hard drives handled? Does the group manage the data that can be stored in the RAM of photocopiers and fax machines? How?
5) How they can tell if the operations are successful.
6) What's new? Have improvements been made to their backup systems or software?
I hope this helps!
