ISO 9001:2000 - Document Disaster Recovery Program Requirement?

E

Edith

#1
Document Disaster Recovery

Hey everyone!

Long time no talk! Sorry been so quiet. We just finished year 3 of 92k audits.. No Minors this time, but I think the auditor was going through OFI withdrawl.. (Raised about 15)

Anyway, one of the things that was identified as an OFI was a document disaster recovery program. This all came to surface when I presented him with our drafted BCP plan which we used as part of our preventative action.

Is there anyone out there that has one? From my understanding there is a standard out there that covers this specifically?

Look forward to your comments!
Edith:eek:
 
Elsmar Forum Sponsor
R

Randy Stewart

#3
Is it really a requirement?

As far as 9K2K goes, I don't "think" that it out right states that you need one. Now read between the lines, 6.3, 6.4, etc. It is all over the place. Also a good business practice.
We are required by Ford to have one and we have linked it with the ISO 14001 preparedness requirement. Most are simple, I would be surprised if your IT department didn't already have something in place (off-site storage of backups, etc.). :bigwave:
 
T

tomvehoski

#4
I believe there are ISO standards concerning data security, but I can't recall the numbering and if they are officially released or not. You may be able to search ISo_Org for them.

You can draw the line from the ISO requirement for record protection to data backup/recovery. Usually if we keep records on a server I just include a brief backup procedure, making sure somebody removes backup tapes from the premisis in case of fire.

You can get more advanced and contract with companies that will automatically backup your data across the internet to secure servers. We share the building with a company that does this. For a monthly fee they will back up your server to theirs every night. In the event of a disaster you are able to restore your data and even run on their server if your systems are down.

Tom
 
#5
As far as ISO9001:2000 is concerned, I cannot really see the need for any data security standards in this case. I think clauses 4.2.3e & 4.2.4 are all it takes...

4.2.3e: to ensure that documents remain legible and readily identifiable,

4.2.4 Documents shall remain legible, readily identifiable and retrievable.

This would mean that a document disaster recovery program (Usually a computer based backup) is a good idea, right?

/Claes
 
G

Graeme

#6
Claes Gefvenberg said:
As far as ISO9001:2000 is concerned, I cannot really see the need for any data security standards in this case. I think clauses 4.2.3e & 4.2.4 are all it takes...

4.2.3e: to ensure that documents remain legible and readily identifiable,
4.2.4 Documents shall remain legible, readily identifiable and retrievable.

This would mean that a document disaster recovery program (Usually a computer based backup) is a good idea, right?
Randy Stewart said:
As far as 9K2K goes, I don't "think" that it out right states that you need one. Now read between the lines, 6.3, 6.4, etc. It is all over the place. Also a good business practice.
Both of the above are very good points. In the QMS of the lab I am working with, we are trying to be as paperless as possible consistent with other needs. We treat the computer system issues under 6.3 Infrastructure, on the basis that the computer network is part of the laboratory facilities. The procedure to implement that clause with respect to computers deals with physical security, data security (including backups), loss of computer system availability, and disaster recovery.

Our philosphy is that a properly functioning and secure computer network infrastructure (6.3) is important to enable the procedures of 4.2.3e and 4.2.4.

(We have also learned to test the procedures to ensure that they work. That was strongly reinforced the first time a server crashed -- in the middle of an audit!)


Graeme
-------------------------
"Murphy was an optimist!"
 

Mike S.

Happy to be Alive
Trusted Information Resource
#7
Edith,

What docs. are really important to your company? If there was a fire at your place, what might you lose that is critical to the functioning of your company and your customer? Of course it varies company to company. Maybe finance stuff like invoices, AP/AR, payroll data or tax data; maybe compositions or recipes for your products; maybe test records? Once you know the answer to this question, decide how you might back-up this info. so it would survive a fire, flood, tornado, computer virus attack, computer HD failure, etc. If it is all computerized, the job can be as easy as a backup to an off-site server as mentioned or a CD or tape backup carried home by someone as often as required. Paper docs. are more of a pain. For our company, we don't worry about any ISO standards to cover it, we simply do computer data backups every week and store copies of critical paper records in a fireproof safe. Keep it a simple as needed, but no simpler.
 
A

Aaron Lupo

#8
Re: Document Disaster Recovery

Edith said:

Hey everyone!

Long time no talk! Sorry been so quiet. We just finished year 3 of 92k audits.. No Minors this time, but I think the auditor was going through OFI withdrawl.. (Raised about 15)

Anyway, one of the things that was identified as an OFI was a document disaster recovery program. This all came to surface when I presented him with our drafted BCP plan which we used as part of our preventative action.

Is there anyone out there that has one? From my understanding there is a standard out there that covers this specifically?

Look forward to your comments!
Edith:eek:
Couple of questions what is BCP? What type of business are you in and are your records electronic or paper?

Lastly is the Standard you refer to BS DISC PD 0013- RECORDS MANAGEMENT - A GUIDE TO DISASTER PREVENTION AND RECOVERY AKA ISO 17799
 
Last edited by a moderator:

RoxaneB

Super Moderator
Super Moderator
#9
Re: Document Disaster Recovery

Edith said:

Anyway, one of the things that was identified as an OFI was a document disaster recovery program. This all came to surface when I presented him with our drafted BCP plan which we used as part of our preventative action.
Hi, Edith!

Our Registrar gave us an OFI on this as well....and was summarily rejected. We do tape back-ups of our systems, but she wanted us to have a programme with our computer system supplier(s) to reinstate hardware and software as quickly as possible in case of a disaster (natural or otherwise). The intent is to ensure that we are back in business as quickly as possible.

We acknowledged her point but pointed out that it was not worth the cost to set-up that kind of programme.

Her response was that she was actually giving us a mandatory OFI! :confused: Arguing that an OFI is not mandatory...it is a recommendation from the Auditor to improve efficiency and effectivess that we, as the Auditee, can reject....she backed off. But every time she is back, she starts going down that path again.

There is no "shall" requiring us to have some sort of contingency plan. We do tape backups as part of "Good Management Practices"...and for now, that is where we draw the line. :cool:
 
E

Edith

#10
Re: Document Disaster Recovery

Thanks for the info guys...

Most of our documents our hard copy, as they are shipping documents. However, we do back ups on our operating systems and accounting systems so it should cover most anyway..

Mandatory OFI... Wow, I think I've heard it all now... :bonk:
 
Thread starter Similar threads Forum Replies Date
R Key Process Indicators (KPIs) for ISO 9001:2000-certified Service Organization ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
P Internal Audit for ISO 9001:2000 vs. Internal Audit for OHSAS 18001:2007 Internal Auditing 4
H ISO 9001:2000 Certificate - Original approval date 18 July 1995 and valid until 2012 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 27
E ISO 9001:2000 transition to ISO 9001:2008 - Do I have to rewrite the QMS? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 22
M Advantage between ISO 9001:2000 vs ISO 9001:2008 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
A Quitting ISO 9001:2000 - Necessary Changes to product literature, logos, etc. ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 14
M Updating a Quality Manual from ISO 9001:2000 to ISO 9001:2008 Quality Management System (QMS) Manuals 57
B Updating from ISO 9001:2000 to ISO 9001:2008 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
B Advice needed for ISO 9001:2000 update to 2008 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
K How to update from Procedure to Process - ISO 9001:2000 to ISO 9001:2008 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
F How much longer can a company declare registration to ISO 9001:2000? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 21
N ISO 9001: 2000 to ISO 9001: 2008 - How to change the documents & procedures? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
S Transition from ISO 9001:2000 to ISO 9001:2008 and TS 16949:2002 to TS 16949:2009 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
V ISO 9001:2000 to ISO 9001:2008 - Identification in meeting notes. ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 17
E Validity of ISO 9001:2000 Certificates - How to handle supplier ISO 9001 certificates ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
K Interpretation of the differences between ISO 9001: 2000 & 2008? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
Q How long is ISO 9001:2000 good for (valid) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
N ISO 9001:2000 version to ISO 9001:2008 - Necessary Document Revisions ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
Q ISO 9001:1994 Upgrading to ISO 9001:2000 or ISO 9001:2008? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
D Time frame for validity of ISO 9001:2000 Certifications IATF 16949 - Automotive Quality Systems Standard 3
H Effectiveness of ISO 9001:2000 Implementation in small industrial organizations? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 29
J Is Version Change needed for ammending ISO 9001:2000 to 2008 Document Control Systems, Procedures, Forms and Templates 1
L ISO 9001:2000 vs. ISO 9001:2008 differences and concerns ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
R ISO 9001:2000 to ISO 9001:2008 Transition - Changing documentation ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 22
C Recertification for ISO 9001:2000 - framework ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 13
D Relationship between ISO 9001:2000 and EFQM ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
D Acquisition (Merger) of an ISO certified to ISO 9001:2000 company ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
A Is ISO 9001 Transition (from 2000 to 2008 version) Training Required? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 24
pammesue Calibration - Clause 7.6 of ISO 9001:2000 - Is all this necessary? General Measurement Device and Calibration Topics 42
D To change or not to change? Our documents reference ISO 9001:2000 Document Control Systems, Procedures, Forms and Templates 31
A Registration to ISO 9001:2000 in 2009? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
S What are the consequences of having an expired ISO 9001:2000 Certificate ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
A A macro-process structure approach to auditing for ISO 9001:2000(8) General Auditing Discussions 19
B CNC Controls under ISO 9001:2000 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
Marc Summary of ISO 9001:2000 and ISO 9001:2008 Changes ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 166
A Brief discussion about ISO 9001:2000 clauses ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
K Advice on exclusion of 7.5.2 of the ISO 9001:2000 Standard ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
L ISO 9001:2000 and CMMI v1.2 Integration and Org Deployment ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
GStough REACH and ISO 9001:2000/13485:2003 - Never the Twain Shall Meet? RoHS, REACH, ELV, IMDS and Restricted Substances 4
S GAP Analysis for ISO 9001:2000 vs. ISO 13485:2003 ISO 13485:2016 - Medical Device Quality Management Systems 2
D ISO 9001:2000 - Implementation in an Environmental Consulting Firm ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
K Getting started with ISO 9001:2000 Templates Document Control Systems, Procedures, Forms and Templates 18
Z Synchronizing two quality management systems: ISO 9001:2000 Quality Manager and Management Related Issues 5
J ISO 9001:2000 4.2.3- Quality Records, Production Travelers Records and Data - Quality, Legal and Other Evidence 9
C ISO 9001:2000 Certificate - How to have a 3 year validity instead of 1? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 15
N When will ISO 9001:2000 Certificates turn into ISO 9001:2008? General Auditing Discussions 11
J Should product brochures be controlled per ISO 9001:2000? Document Control Systems, Procedures, Forms and Templates 2
I ISO 9001:2000 Recertification controls ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
J ISO 9001:2000 7.3.5 "Verification" and 7.3.6 "Validation"- Clarification ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 29
J Must you use an ISO 17025 lab in order to receive ISO 9001:2000 Certification ISO 17025 related Discussions 16

Similar threads

Top Bottom