Information Technology in IATF 16949 audit scope

#1
Hello all,

This is my first time post in the COVE. I have question regarding internal audit for IT dept that need your advise.

I used Turtle diagram when commencing the audit. When we go through the "IT Infrastructure" part, I asked about the server room and the required control condition.

Not only the authorized access, I mean temperature and humidity requirements in the server room. The answer is 25 degree Celsius without reference. "Someone" told them a long time ago !

In case the air conditioning broken down and start to blow warm air, there will be a notification email to IT team, then they will take appropriate actions. Not actions are defined as well. Also, no need to calibrate/verify the temp monitoring system. To add on, there's no company global requirements about it. These are all the answers from our IT team.

My question is what is the scope of auditing IT according to IATF 16949? How deep the auditor should go? There are many comments from our internal auditor team that IATF has no specific requirements about IT and the server room. Just only audit the data back up system and cyber attack is enough. Is that true?

Thanks
Fahsai
 
Elsmar Forum Sponsor
#4
I'm wondering why you are auditing the server room and asking such questions. IATF 16949 is about product quality and meeting customer requirements, effectively and efficiently. Are you sure WHY you are asking about these (IT) things, relative to those principles?
 
#5
Every activities in manufacturing are relied on it. Server down is very critical for the users. It can lead to not meeting the customer delivery requirements.And it is the “what” in the turtle diagram. Why we should not consider it?
 
#6
Why we should not consider it?
I didn't suggest you shouldn't consider it, however, I'm wondering WHY you are auditing it. Are you there as part of an audit of the contingency plan? I don't recall seeing anything in IATF 16949 which requires the IT Department to be part of the QMS, or for an audit to consider the questions you posted - access, calibration etc. May I ask who required the audit of the IT department?
 

Coury Ferguson

Moderator here to help
Staff member
Super Moderator
#7
I didn't suggest you shouldn't consider it, however, I'm wondering WHY you are auditing it. Are you there as part of an audit of the contingency plan? I don't recall seeing anything in IATF 16949 which requires the IT Department to be part of the QMS, or for an audit to consider the questions you posted - access, calibration etc. May I ask who required the audit of the IT department?
Andy,

Just my opinion on this...I think the IT would be considered resources. Taking that into consideration, ISO9001, para. 7.1 and IATF 16949 para. 7.1.1 would apply.

As to the OP I would say this in my opinion: The IT Department, maintains your computer processes, most likely phone service, and would need to be reviewed to see if the IT Department is maintaining those resources. They would play an important part of your infrastructure. Just my opinion on this.
 

Coury Ferguson

Moderator here to help
Staff member
Super Moderator
#9
It'll be obvious to users if this isn't happening... It won't need an audit.
Wouldn't IT be identified as a process? I think it would. How are they maintaining back-ups, software updates (1st and 2nd Party), maintaining the computers that maybe located out in the manufacturing areas and are being used to read policies, procedures and such... just because it maybe obvious to users, it still would need to be evaluated for risk and importance, in my opinion.
 
#10
IT isn't a process. To answer your question(s) it's going to depend on the organization's approach to addressing the "Context of the Organization" isn't it? I don't see an obvious "requirement" specifically addressing the IT department, other than to "determine, provide and maintain...for the operation of processes and achieve conformity of products."

I'm simply questioning WHY such an audit would be being conducted, against what scope/criteria? When an auditor posts questions pertaining to an audit and there's disagreement (apparently) then, clearly, there's something wrong...
 
Thread starter Similar threads Forum Replies Date
E ISO 9001:2015 for Information Technology Department Human Factors and Ergonomics in Engineering 2
V Information Technology Dashboard - IT Department Performance Metrics IEC 27001 - Information Security Management Systems (ISMS) 2
P Seeking Information on ISO 15504 - Information Technology Process Assessment Other ISO and International Standards and European Regulations 3
Richard Regalado ISO/IEC 27000:2014 - Information technology - Overview and vocabulary (FREE download) IEC 27001 - Information Security Management Systems (ISMS) 4
S Information Technology Department (IT) Checklist for ISO 9001:2008 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
B ITIL (Information Technology Infrastructure Library) Foundation Certificate Career and Occupation Discussions 1
A Information Technology Process Mapping per ISO 13485 - example wanted Process Maps, Process Mapping and Turtle Diagrams 1
S External Documents in the I.T. (Information Technology) Field ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
A Non Conforming Product in an IT (Information Technology) Company ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
Q What ISO 9001:2008 procedures apply for IT (Information Technology)? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 21
A ISO 20001 (ITIL) Information Technology Infrastructure Library IT (Information Technology) Service Management 2
L Auditing Information Technology (IT) in the ISO 9001 workplace Internal Auditing 15
M Information Technology Record Retention time best practices Quality Management System (QMS) Manuals 2
D Internal Audit of Information Technology Internal Auditing 8
D Information Technology Process Audit - Suggestions for Auditing IT IATF 16949 - Automotive Quality Systems Standard 12
C Understanding Concepts of Information Technology & Infrastructure Library (ITIL) Misc. Quality Assurance and Business Systems Related Topics 1
netwizard Looking for an ISO 9001:2000 Internal Audit Checklist - UOP (Information Technology) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
A QMS For IT (information Technology) Sector ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
K EU MDR Annex 1 Chapter III: Information in the Instructions for Use-23.4 (e) the performance characteristics of the device; EU Medical Device Regulations 1
A GMDN Registration Basic preliminary Information EU Medical Device Regulations 0
J Controlled information versus defined documents / records ISO 13485:2016 - Medical Device Quality Management Systems 3
A Medical device Reporting : Good Faith Effort for Additional information Other US Medical Device Regulations 2
P Cenelec updated standard information CE Marking (Conformité Européene) / CB Scheme 1
Richard Regalado Automotive News TISAX - VDA ISA (information security assessment) VDA Standards - Germany's Automotive Standards 4
JoCam False information provided for Medical Device Registration - What are the implications? Other Medical Device Related Standards 3
adir88 Information of safety can reduce risk now? ISO 14971 - Medical Device Risk Management 12
Richard Regalado What could go wrong with information: Ransomware statistics and facts (2018 to present) IEC 27001 - Information Security Management Systems (ISMS) 0
Q LOT or Serial Number Symbol not used when the information is contained in the UDI? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
A Information about Medical Device Test Laboratories Other Medical Device and Orthopedic Related Topics 4
C Missing routers/documented information Nonconformance and Corrective Action 5
MrTetris Unacceptable risk and information for safety ISO 14971 - Medical Device Risk Management 16
M Is Harmonised EN 1041 (Information Supplied By Manufacturer) Worth Looking At? EU Medical Device Regulations 7
P Predicate Device Information for 510(k) Submission Medical Device and FDA Regulations and Standards News 4
V IS/ISO/IEC 17025:2017 Clause 7, sub clause 7.11 Control of data and information management ISO 17025 related Discussions 1
A Medical Device Contract Manufacturing Requirements and Information - Help wanted ISO 13485:2016 - Medical Device Quality Management Systems 5
H Analog Pressure Gauge with no EN837 accuracy class information General Measurement Device and Calibration Topics 5
M Informational EU – MDCG 2019-12 Designating authority’s final assessment form: Key Information Medical Device and FDA Regulations and Standards News 0
G What information to put on measurement Dimensional Results APQP and PPAP 7
L MDR - Information in the instructions for use - clausole 23.4.(z) EU Medical Device Regulations 2
K AS9100D Clause 7.5.2.a) - What is considered to be "documented information"? AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 5
A Information on good laboratory practices (GLP) for the non-medical or food industry wanted Manufacturing and Related Processes 1
I What kind of information needs to be in a calibration record? General Measurement Device and Calibration Topics 25
M Informational TGA – Medical device patient information leaflets and implant cards Medical Device and FDA Regulations and Standards News 0
Q AS9120 7.5.3.2 Control of Documented Information - Audit Nonconformance AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 20
G Posting Measuring Equipment Accuracy for User Information General Measurement Device and Calibration Topics 4
J EC REP information and CE Mark - Component of a system that is not a medical device EU Medical Device Regulations 2
M Informational EU – Medical devices: Implementation of Regulation (EU) 2017/745 on medical devices (MDR) – Information from the Irish and German delegations Medical Device and FDA Regulations and Standards News 0
D ISO 9001:2015 Clause 8.4.3 "Information for External Providers" buying from online retailers. ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
B Practical ideas for information labelling in healthcare environment IEC 27001 - Information Security Management Systems (ISMS) 2
M Informational US FDA – Historical Information about Device Emergency Use Authorizations Medical Device and FDA Regulations and Standards News 0
Similar threads


















































Top Bottom