Internal Audit - Findings - Recent Internet Audit (Prior to Certification)

Adaym

Involved In Discussions
#1
In recent internet audit (prior to certification) following findings were identified

1. lack of DR site for one of the sites clarify if
Please review solution below and advise if this will suffice to fulfill the requirement.
* set of members are equipped with data cards and all they need is an internet to connect to the VPN and start operations.
* incase of emergency situations we can just mobilize these identified members swiftly and also they hv to take their respective laptops and get on to work from home, or even some safe place nearby or even just do the work on the move or in some transport.

If not - what are the reasons.

2. Background verification - Is it not enough to seek candidate's passport, education certificates, salary slips, references,appointment letter?
Is it necessary to have proper character check done by any independent agency? Candidate's passport is the testimony that he has gone through all those checks.

Please clarify what is the logic of having an independent check done, it is quite possible that he may not have any criminal record history at the point recruitment stage but we don't know what's going to happen in future. Isn't it?
 
Elsmar Forum Sponsor

Jen Kirley

Quality and Auditing Expert
Staff member
Admin
#2
I am sorry for the delay in responding.

Can you tell me what "lack of DR for site" means? Is this about data security?

Do you have legal or customer requirements for any specific controls, such as security clearances?

Do you already do the things you described in #2? If so, did you show them to the auditor?

What risks have been identified in this process? Have/will your actions adequately addressed the identified risks? I did a Google search on the subject and came up with this list of information sources on the subject. How did you decide on the actions you listed?
 

howste

Thaumaturge
Super Moderator
#4
I'm still confused. Many companies use acronyms with different meanings. Please clarify what you mean by DR?
 

Richard Regalado

Trusted Information Resource
#8
Hello.

I would like to clarify that "NO" security control is required by ISO/IEC 27001. You just need to justify if excluding any or ALL. (ISO/IEC 27001, 6.1.3.d).

1. DR site

There is no requirement from the standard to have a DR site. But it could be that you have specific contractual obligations to have one. In some countries, having a DR site is a regulatory requirement.

2. Background verification - same reason as above. Do you need it? Really? Why? Go to your risk registers and check. Do you have a risk that requires background verification? If none, think about excluding this.

Come back here with answers.

Regards,

Richard
 
Thread starter Similar threads Forum Replies Date
dubrizo Are you documenting Internal Audit findings as NCRs? Internal Auditing 18
dubrizo Audit Findings: Writing against Internal an ISO Clause Internal Auditing 10
M Do all findings (nonconformities) in an internal audit require a corrective action? Quality Management System (QMS) Manuals 55
S Internal Audit Findings Summary Rewrite by an Auditee ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
M Help with Internal Audit Findings ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
M Internal Audit Findings and Issuance Problem Internal Auditing 4
I Types of Internal Audit findings based on ISO 9001 Clause 8.2.2 Quality Manager and Management Related Issues 10
D Management Review Analysis of Internal Audit Findings Quality Manager and Management Related Issues 8
A How to Address Internal Quality Audit Findings Internal Auditing 8
B Critical Action Limits (CAL) for All Internal and External Audit Findings General Auditing Discussions 17
X ISO 9001:2008 Internal Audit - Classification of Audit Findings Internal Auditing 5
S External Auditor Findings when an Internal Audit found a Nonconformance Yesterday Document Control Systems, Procedures, Forms and Templates 11
L Categorizing Internal Audit Findings Internal Auditing 10
Michael Malis For Internal Audit findings, would you open a CAPA for every observation? Internal Auditing 31
E Internal Audits - Presenting Audit Findings to Upper Management General Auditing Discussions 19
V Documenting the Root Causes for Internal Audit Non-Conformance Findings Problem Solving, Root Cause Fault and Failure Analysis 5
C Internal Audit Findings - Do I need to raise NC for amendments/revisions? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
eternal_atlas Review on Internal Audit Findings ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 20
eternal_atlas Internal Audit Findings in C&M works (HVAC, Firefighting, etc.) - Your Comments? General Auditing Discussions 6
R When and when not to write up minor internal audit findings? Internal Auditing 23
A Format for Reporting Internal Audit Findings General Auditing Discussions 17
J Nonconformance reports written only through internal audit findings? Nonconformance and Corrective Action 8
S How to Present Action Plans in Response to Internal Audit Findings? Preventive Action and Continuous Improvement 18
J Internal Audit Findings - Major vs. Minor Finding - Defining the differences Internal Auditing 14
Marc Internal Audit Findings and the Registrar Internal Auditing 5
L Internal audit during COVID-19 restrictions ISO 13485:2016 - Medical Device Quality Management Systems 5
O ISO13485 implementation - Are internal audits expected before stage 1 audit? Design and Development of Products and Processes 3
B Using Unreleased Documents & Process Maps for Internal Audit purposes ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 12
N Small Company - Internal audit process - Who does the audit? Internal Auditing 16
J Does anyone have an excel IATF 16949 Internal Audit checklist I could use? IATF 16949 - Automotive Quality Systems Standard 7
G Addressing Non-Conformances from an Internal Audit that are not product related ISO 13485:2016 - Medical Device Quality Management Systems 11
S Internal audit discrepancy - We missed a few audits that were scheduled Internal Auditing 12
Raffy ISO 14001 9.2.2 Internal Audit Programme Content Internal Auditing 3
N Internal Audit Schedule – Who gets to set the schedule? Internal Auditing 16
V IATF 16949 9.2.2.1 Internal Audit Program - "Process Changes" IATF 16949 - Automotive Quality Systems Standard 11
G Non Conformance During ISO 9001 Audit - Not All Internal Audits Completed General Auditing Discussions 19
B Using external FDA and ISO 13485 audit as internal audit Internal Auditing 6
T Internal Audit Schedule when Hiring Out Internal Auditing 7
D ISO 9001:2015 Internal Audit Training Advice Internal Auditing 10
M Internal audit consultant ISO 13485 (English speaker) Consultants and Consulting 3
S Implementing a 45001 Health & Safety standard - Internal audit plan wanted Internal Auditing 1
F Internal Audit - Procedure example Internal Auditing 5
C Internal Audit - Process Clause Matrix / Audit Checklist ISO 13485:2016 - Medical Device Quality Management Systems 7
CPhelan Internal audit - Combine similar nonconformities in one or keep separate? Internal Auditing 6
M Internal Audit Plan in Retail Internal Auditing 10
D Management of NC after internal system audit IATF 16949 - Automotive Quality Systems Standard 7
A Purchasing - Internal Audit Questions Internal Auditing 8
N Comprehensive Compliance Matrix for Internal Audit Checklist Other Medical Device Regulations World-Wide 1
W Where to begin with an ISO 9001:2015 internal audit Internal Auditing 13
D Internal audit forms or checklists for a medical/veterinary laboratory General Auditing Discussions 5
Similar threads


















































Top Bottom