SBS - the best value in QMS software

Internal Audit - Findings - Recent Internet Audit (Prior to Certification)


Involved In Discussions
In recent internet audit (prior to certification) following findings were identified

1. lack of DR site for one of the sites clarify if
Please review solution below and advise if this will suffice to fulfill the requirement.
* set of members are equipped with data cards and all they need is an internet to connect to the VPN and start operations.
* incase of emergency situations we can just mobilize these identified members swiftly and also they hv to take their respective laptops and get on to work from home, or even some safe place nearby or even just do the work on the move or in some transport.

If not - what are the reasons.

2. Background verification - Is it not enough to seek candidate's passport, education certificates, salary slips, references,appointment letter?
Is it necessary to have proper character check done by any independent agency? Candidate's passport is the testimony that he has gone through all those checks.

Please clarify what is the logic of having an independent check done, it is quite possible that he may not have any criminal record history at the point recruitment stage but we don't know what's going to happen in future. Isn't it?
Elsmar Forum Sponsor

Jen Kirley

Quality and Auditing Expert
Staff member
I am sorry for the delay in responding.

Can you tell me what "lack of DR for site" means? Is this about data security?

Do you have legal or customer requirements for any specific controls, such as security clearances?

Do you already do the things you described in #2? If so, did you show them to the auditor?

What risks have been identified in this process? Have/will your actions adequately addressed the identified risks? I did a Google search on the subject and came up with this list of information sources on the subject. How did you decide on the actions you listed?


Super Moderator
I'm still confused. Many companies use acronyms with different meanings. Please clarify what you mean by DR?

Richard Regalado

Trusted Information Resource

I would like to clarify that "NO" security control is required by ISO/IEC 27001. You just need to justify if excluding any or ALL. (ISO/IEC 27001, 6.1.3.d).

1. DR site

There is no requirement from the standard to have a DR site. But it could be that you have specific contractual obligations to have one. In some countries, having a DR site is a regulatory requirement.

2. Background verification - same reason as above. Do you need it? Really? Why? Go to your risk registers and check. Do you have a risk that requires background verification? If none, think about excluding this.

Come back here with answers.


Thread starter Similar threads Forum Replies Date
dubrizo Are you documenting Internal Audit findings as NCRs? Internal Auditing 18
dubrizo Audit Findings: Writing against Internal an ISO Clause Internal Auditing 10
M Do all findings (nonconformities) in an internal audit require a corrective action? Quality Management System (QMS) Manuals 55
S Internal Audit Findings Summary Rewrite by an Auditee ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
M Help with Internal Audit Findings ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
M Internal Audit Findings and Issuance Problem Internal Auditing 4
I Types of Internal Audit findings based on ISO 9001 Clause 8.2.2 Quality Manager and Management Related Issues 10
D Management Review Analysis of Internal Audit Findings Quality Manager and Management Related Issues 8
A How to Address Internal Quality Audit Findings Internal Auditing 8
B Critical Action Limits (CAL) for All Internal and External Audit Findings General Auditing Discussions 17
X ISO 9001:2008 Internal Audit - Classification of Audit Findings Internal Auditing 5
S External Auditor Findings when an Internal Audit found a Nonconformance Yesterday Document Control Systems, Procedures, Forms and Templates 11
L Categorizing Internal Audit Findings Internal Auditing 10
Michael Malis For Internal Audit findings, would you open a CAPA for every observation? Internal Auditing 31
E Internal Audits - Presenting Audit Findings to Upper Management General Auditing Discussions 19
V Documenting the Root Causes for Internal Audit Non-Conformance Findings Problem Solving, Root Cause Fault and Failure Analysis 5
C Internal Audit Findings - Do I need to raise NC for amendments/revisions? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
eternal_atlas Review on Internal Audit Findings ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 20
eternal_atlas Internal Audit Findings in C&M works (HVAC, Firefighting, etc.) - Your Comments? General Auditing Discussions 6
R When and when not to write up minor internal audit findings? Internal Auditing 23
A Format for Reporting Internal Audit Findings General Auditing Discussions 17
J Nonconformance reports written only through internal audit findings? Nonconformance and Corrective Action 8
S How to Present Action Plans in Response to Internal Audit Findings? Preventive Action and Continuous Improvement 18
J Internal Audit Findings - Major vs. Minor Finding - Defining the differences Internal Auditing 14
Marc Internal Audit Findings and the Registrar Internal Auditing 5
salaheddine96 Internal audit planning Internal Auditing 2
M ISO 9001 Major Nonconformance Internal Audit Schedule/COVID-19 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 18
E MDR internal audit Medical Device and FDA Regulations and Standards News 0
U Internal Auditor not trained but done Audit for some process Nonconformance and Corrective Action 5
B Looking for 10 Internal Audit Online Training Participants ISO 17025 related Discussions 2
H AS9100 Checklist for Internal Audit needed AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
A What are the pros and cons of using an audit software for internal auditing? General Auditing Discussions 7
F Internal Audit before Pre-Assessment ISO 17025 related Discussions 2
Q Internal audit plan template Internal Auditing 6
L Internal audit during COVID-19 restrictions ISO 13485:2016 - Medical Device Quality Management Systems 5
O ISO13485 implementation - Are internal audits expected before stage 1 audit? Design and Development of Products and Processes 3
B Using Unreleased Documents & Process Maps for Internal Audit purposes ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 12
N Small Company - Internal audit process - Who does the audit? Internal Auditing 16
J Does anyone have an excel IATF 16949 Internal Audit checklist I could use? IATF 16949 - Automotive Quality Systems Standard 7
G Addressing Non-Conformances from an Internal Audit that are not product related ISO 13485:2016 - Medical Device Quality Management Systems 11
S Internal audit discrepancy - We missed a few audits that were scheduled Internal Auditing 12
Raffy ISO 14001 9.2.2 Internal Audit Programme Content Internal Auditing 10
N Internal Audit Schedule – Who gets to set the schedule? Internal Auditing 16
V IATF 16949 Internal Audit Program - "Process Changes" IATF 16949 - Automotive Quality Systems Standard 11
G Non Conformance During ISO 9001 Audit - Not All Internal Audits Completed General Auditing Discussions 19
B Using external FDA and ISO 13485 audit as internal audit Internal Auditing 6
T Internal Audit Schedule when Hiring Out Internal Auditing 7
D ISO 9001:2015 Internal Audit Training Advice Internal Auditing 10
M Internal audit consultant ISO 13485 (English speaker) Consultants and Consulting 3
S Implementing a 45001 Health & Safety standard - Internal audit plan wanted Internal Auditing 1

Similar threads

Top Bottom