Internal Audit - Findings - Recent Internet Audit (Prior to Certification)


Involved In Discussions
In recent internet audit (prior to certification) following findings were identified

1. lack of DR site for one of the sites clarify if
Please review solution below and advise if this will suffice to fulfill the requirement.
* set of members are equipped with data cards and all they need is an internet to connect to the VPN and start operations.
* incase of emergency situations we can just mobilize these identified members swiftly and also they hv to take their respective laptops and get on to work from home, or even some safe place nearby or even just do the work on the move or in some transport.

If not - what are the reasons.

2. Background verification - Is it not enough to seek candidate's passport, education certificates, salary slips, references,appointment letter?
Is it necessary to have proper character check done by any independent agency? Candidate's passport is the testimony that he has gone through all those checks.

Please clarify what is the logic of having an independent check done, it is quite possible that he may not have any criminal record history at the point recruitment stage but we don't know what's going to happen in future. Isn't it?
Elsmar Forum Sponsor

Jen Kirley

Quality and Auditing Expert
Staff member
I am sorry for the delay in responding.

Can you tell me what "lack of DR for site" means? Is this about data security?

Do you have legal or customer requirements for any specific controls, such as security clearances?

Do you already do the things you described in #2? If so, did you show them to the auditor?

What risks have been identified in this process? Have/will your actions adequately addressed the identified risks? I did a Google search on the subject and came up with this list of information sources on the subject. How did you decide on the actions you listed?


Trusted Information Resource
I'm still confused. Many companies use acronyms with different meanings. Please clarify what you mean by DR?

Richard Regalado

Trusted Information Resource

I would like to clarify that "NO" security control is required by ISO/IEC 27001. You just need to justify if excluding any or ALL. (ISO/IEC 27001, 6.1.3.d).

1. DR site

There is no requirement from the standard to have a DR site. But it could be that you have specific contractual obligations to have one. In some countries, having a DR site is a regulatory requirement.

2. Background verification - same reason as above. Do you need it? Really? Why? Go to your risk registers and check. Do you have a risk that requires background verification? If none, think about excluding this.

Come back here with answers.


Thread starter Similar threads Forum Replies Date
dubrizo Are you documenting Internal Audit findings as NCRs? Internal Auditing 18
dubrizo Audit Findings: Writing against Internal an ISO Clause Internal Auditing 10
M Do all findings (nonconformities) in an internal audit require a corrective action? Quality Management System (QMS) Manuals 55
S Internal Audit Findings Summary Rewrite by an Auditee ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
M Help with Internal Audit Findings ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
M Internal Audit Findings and Issuance Problem Internal Auditing 4
I Types of Internal Audit findings based on ISO 9001 Clause 8.2.2 Quality Manager and Management Related Issues 10
D Management Review Analysis of Internal Audit Findings Quality Manager and Management Related Issues 8
A How to Address Internal Quality Audit Findings Internal Auditing 8
B Critical Action Limits (CAL) for All Internal and External Audit Findings General Auditing Discussions 17
X ISO 9001:2008 Internal Audit - Classification of Audit Findings Internal Auditing 5
S External Auditor Findings when an Internal Audit found a Nonconformance Yesterday Document Control Systems, Procedures, Forms and Templates 11
L Categorizing Internal Audit Findings Internal Auditing 10
Michael Malis For Internal Audit findings, would you open a CAPA for every observation? Internal Auditing 31
E Internal Audits - Presenting Audit Findings to Upper Management General Auditing Discussions 19
V Documenting the Root Causes for Internal Audit Non-Conformance Findings Problem Solving, Root Cause Fault and Failure Analysis 5
C Internal Audit Findings - Do I need to raise NC for amendments/revisions? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
eternal_atlas Review on Internal Audit Findings ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 20
eternal_atlas Internal Audit Findings in C&M works (HVAC, Firefighting, etc.) - Your Comments? General Auditing Discussions 6
R When and when not to write up minor internal audit findings? Internal Auditing 23
A Format for Reporting Internal Audit Findings General Auditing Discussions 17
J Nonconformance reports written only through internal audit findings? Nonconformance and Corrective Action 8
S How to Present Action Plans in Response to Internal Audit Findings? Preventive Action and Continuous Improvement 18
J Internal Audit Findings - Major vs. Minor Finding - Defining the differences Internal Auditing 14
Marc Internal Audit Findings and the Registrar Internal Auditing 5
B Internal audit checklist Internal Auditing 5
V Internal Audit Software IATF 16949 - Automotive Quality Systems Standard 5
J Internal Audit Schedule IATF Internal Auditing 3
C ISO 14001 Internal Audit - Opportunity for Improvement ISO 14001:2015 Specific Discussions 2
P Does FDA require certification for quality system internal audit for auditor? Qualification and Validation (including 21 CFR Part 11) 1
P Looking to outsource Internal Audit - MDSAP competent auditor needed Other Medical Device Regulations World-Wide 9
J Outsourced Internal Audit requirements for Aerospace Suppliers AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 21
D Number of people to be interviewed during an internal audit? Internal Auditing 10
Q Easy CARs for Internal Audit ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 14
A Internal audit plan and processes for ISO 14001:2015 ISO 14001:2015 Specific Discussions 3
C API Q1 internal audit report Internal Auditing 3
P Filled in F48/F49 for internal audit ISO 17025:2017 Internal Auditing 2
J Internal audit random sampling methodology Internal Auditing 2
G Organizing internal audit program for an Integrated QHSE Management System Internal Auditing 13
W How do you phrase your internal audit questions? Internal Auditing 3
M IATF - Internal Audit 3 year span Internal Auditing 4
Q ISO 9001-2015 Internal audit finding Internal Auditing 14
lanley liao How to understand this words that the planning of internal audit shall take into consideration the results of previous audits? Oil and Gas Industry Standards and Regulations 10
A Add MDSAP to Internal Audit Schedule Medical Device Related Regulations 0
J IATF 16949 Internal Audit question - Auditor's responsibility Internal Auditing 6
S IATF 16949 Internal Audit Example IATF 16949 - Automotive Quality Systems Standard 18
R AS9100D internal audit checklist or ISO 9001 2015 to AS9100 D AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
M ISO 13485:2016 internal audit checklist Medical Device and FDA Regulations and Standards News 8
A Internal Audit Questions ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
salaheddine96 Internal audit planning Internal Auditing 2

Similar threads

Top Bottom