ISO 9001:2000 - Document Disaster Recovery Program Requirement?

R

Raptorwild

#11
Distaster Plan

Edith said:
Thanks for the info guys...

Most of our documents our hard copy, as they are shipping documents. However, we do back ups on our operating systems and accounting systems so it should cover most anyway..

Mandatory OFI... Wow, I think I've heard it all now... :bonk:
I was just informed from our previous auditor that we would need to have a documented disaster plan. I said we back up our server twice a month and keep the disc's off site. She asked what happens if the place burns down, how would we provide our customer with their products in the time they requested them? Do we have a back up plan to subcontract the work out to another supplier? I said NO! Since our customer is mainly Honeywell and we are an OEM I seriously doubt, we will be sending our work out to another supplier of Honeywell's with our proprietary information. Is it not enough that we have Insurance, sprinkler systems, surge protectors, and fire extenguishers? Should I have stated in our procedure for the control of records that we back up our server? Help!

Paula
 
Elsmar Forum Sponsor

RoxaneB

Super Moderator
Super Moderator
#12
Raptorwild said:
I was just informed from our previous auditor that we would need to have a documented disaster plan. I said we back up our server twice a month and keep the disc's off site. She asked what happens if the place burns down, how would we provide our customer with their products in the time they requested them? Do we have a back up plan to subcontract the work out to another supplier? I said NO! Since our customer is mainly Honeywell and we are an OEM I seriously doubt, we will be sending our work out to another supplier of Honeywell's with our proprietary information. Is it not enough that we have Insurance, sprinkler systems, surge protectors, and fire extenguishers? Should I have stated in our procedure for the control of records that we back up our server? Help!

Paula

What "shall" are they quoting from? There is no "shall" for contingency plans.

6.3 states "Infrastructure includes, as applicable..." - If it ain't applicable to your organization (like mine due to financial reasons), so be it.

4.2.3 states nothing about back-ups for doc control.

4.2.4 states that you shall establish "the controls needed for the identification, storage, protection, retrieval, retention time and disposition of records." No mention of contingency plans. If you are happy with your contingency plan so be it.

Look, we all agree that it would be nice if we could have state-of-the-art backup plans that would guarantee our start-up after a disasater to avoid Customer Complaints. Unfortunately, the Real World seldom matches the Ideal World we would all rather live in.

Raptor, get that "shall" from the auditor. My organization has gone through this the past two audits and thankfully, our auditor has backed away.
 
R

Randy Stewart

#13
Paula,
I know that Ford requires us to have a Disaster Recovery Plan for internal controls and GAO. So it may fall under Customer Requirements again.
We took DRP and combined it with our Emergency Preparedness Plan for ISO-14001.
 
R

Raptorwild

#14
Disaster Recovery

I found what she was talking about... ISO9004 6.3 The process to define the infrastructure necessary for achieving effective and efficient product realization should include the following:
.........
"The plan for the infrastructure should consider the identification and mitigation of associated risks and should include strategies to protect the interests of interested parties."

But I totaly disagree that process to define = shall document.
Our Audit is scheduled for November, I can throw together a process for backing up the server and state the responsiblities and requirements, or can I just tell them the auditor if they ask, This is how we do it?

Thanks for your responses and help! :)
Paula
 

Mike S.

Happy to be Alive
Trusted Information Resource
#15
Unless a customer requires it, or your documentation requires it, I see no basis for a 9k2k auditor requiring a disaster plan of the scope your auditor suggested. A wise man once coined a pithy little quote: "Where is the shall?" Short and succinct, and I think applicable here as far as asking your registrar. Sounds like another registrar-specific "above and beyond ISO" requirement. :mad:
 

Mike S.

Happy to be Alive
Trusted Information Resource
#16
Raptorwild said:
I found what she was talking about... ISO9004 6.3 The process to define the infrastructure necessary for achieving effective and efficient product realization should include the following:
.........
"The plan for the infrastructure should consider the identification and mitigation of associated risks and should include strategies to protect the interests of interested parties."

But I totaly disagree that process to define = shall document.
Our Audit is scheduled for November, I can throw together a process for backing up the server and state the responsiblities and requirements, or can I just tell them the auditor if they ask, This is how we do it?

Thanks for your responses and help! :)
Paula
9004 is not 9001! Your registrar should be auditing to 9001, not 9004!
 
R

Raptorwild

#17
Mike S. said:
9004 is not 9001! Your registrar should be auditing to 9001, not 9004!
EXACTLY what I was thinking and I just gained a few more grey hairs over this whole mess! :ko:

We are going for our AS9100A cetification and I thought we were ready untill the phone conversation I had earlier with our former auditor. She told me to just think about it....and then I came here where the smartest people on earth live! :D
 
C

CHESHIRE STEVE

#18
We were given an improvement note against IT Management.

Quote :

"Guidlines have not been issued for the system back-ups carried out daily using 2 sets of tapes. Also any Disaster Recover Plans have neither been specified nor formally implemented"

Now I took this as meaning 6.3 b, as our main function is Sales, and the hardware and software of the computer being the process equipment necessary to operate our business.

I've just detailed our backup procedure, and a short note about what happens if the server breaks down, and I reckon that goes as deep as I need to, but we'll see after the next visit.
 
C

Cathy

#19
I agree with you Mike :agree:

Your right it goes as far as you need steve. I Have read this thread with alarm. i can't belive that auditors are insisting on this!! RCB, I was particularly alarmed by yours. No auditor can insist on you having this and it is un professional to bring this up time and time again. If I were you this would be nipped in the bud immediately with a call to the chief certification manager of your registrar.

We have 1 sentence in the document control procedure saying the computer system is backed up every night. We also keep a hard copy of procedures in case anything goes wrong ! i can't belive some of the things you guys are up against.

Steve, you do not have to write a procedure for this. it is down to the experience and skills of the IT department to carry this. And make sure you don't let your auditor dictate the way your system is run. They are only there to ensure compliance with the std.!!!
 

RoxaneB

Super Moderator
Super Moderator
#20
Cathy said:
RCB, I was particularly alarmed by yours. No auditor can insist on you having this and it is un professional to bring this up time and time again. If I were you this would be nipped in the bud immediately with a call to the chief certification manager of your registrar.
That would have been the process followed if the "suggestion" had become a finding. As it did not progress beyond the OFI stage the first time around, and was simply an "off-the-wall" comment during the secound audit, there was no need to bring this up with the Registar.

I made comments about the professionalism on my feedback sheet and have been contacted by the Registrar before.

But there was no point in fighting a non-issue. If she had made it a finding and refused to budge, then yes, more drastic measures would have been taken on my end.

It's more than just fight the fights....it's fight the right fights.
 
Thread starter Similar threads Forum Replies Date
R Key Process Indicators (KPIs) for ISO 9001:2000-certified Service Organization ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
P Internal Audit for ISO 9001:2000 vs. Internal Audit for OHSAS 18001:2007 Internal Auditing 4
H ISO 9001:2000 Certificate - Original approval date 18 July 1995 and valid until 2012 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 27
E ISO 9001:2000 transition to ISO 9001:2008 - Do I have to rewrite the QMS? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 22
M Advantage between ISO 9001:2000 vs ISO 9001:2008 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
A Quitting ISO 9001:2000 - Necessary Changes to product literature, logos, etc. ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 14
M Updating a Quality Manual from ISO 9001:2000 to ISO 9001:2008 Quality Management System (QMS) Manuals 57
B Updating from ISO 9001:2000 to ISO 9001:2008 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
B Advice needed for ISO 9001:2000 update to 2008 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
K How to update from Procedure to Process - ISO 9001:2000 to ISO 9001:2008 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
F How much longer can a company declare registration to ISO 9001:2000? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 21
N ISO 9001: 2000 to ISO 9001: 2008 - How to change the documents & procedures? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
S Transition from ISO 9001:2000 to ISO 9001:2008 and TS 16949:2002 to TS 16949:2009 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
V ISO 9001:2000 to ISO 9001:2008 - Identification in meeting notes. ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 17
E Validity of ISO 9001:2000 Certificates - How to handle supplier ISO 9001 certificates ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
K Interpretation of the differences between ISO 9001: 2000 & 2008? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
Q How long is ISO 9001:2000 good for (valid) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
N ISO 9001:2000 version to ISO 9001:2008 - Necessary Document Revisions ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
Q ISO 9001:1994 Upgrading to ISO 9001:2000 or ISO 9001:2008? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
D Time frame for validity of ISO 9001:2000 Certifications IATF 16949 - Automotive Quality Systems Standard 3
H Effectiveness of ISO 9001:2000 Implementation in small industrial organizations? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 29
J Is Version Change needed for ammending ISO 9001:2000 to 2008 Document Control Systems, Procedures, Forms and Templates 1
L ISO 9001:2000 vs. ISO 9001:2008 differences and concerns ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
R ISO 9001:2000 to ISO 9001:2008 Transition - Changing documentation ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 22
C Recertification for ISO 9001:2000 - framework ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 13
D Relationship between ISO 9001:2000 and EFQM ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
D Acquisition (Merger) of an ISO certified to ISO 9001:2000 company ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
A Is ISO 9001 Transition (from 2000 to 2008 version) Training Required? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 24
P Calibration - Clause 7.6 of ISO 9001:2000 - Is all this necessary? General Measurement Device and Calibration Topics 42
D To change or not to change? Our documents reference ISO 9001:2000 Document Control Systems, Procedures, Forms and Templates 31
A Registration to ISO 9001:2000 in 2009? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
S What are the consequences of having an expired ISO 9001:2000 Certificate ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
A A macro-process structure approach to auditing for ISO 9001:2000(8) General Auditing Discussions 19
B CNC Controls under ISO 9001:2000 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
Marc Summary of ISO 9001:2000 and ISO 9001:2008 Changes ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 166
A Brief discussion about ISO 9001:2000 clauses ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
K Advice on exclusion of 7.5.2 of the ISO 9001:2000 Standard ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
L ISO 9001:2000 and CMMI v1.2 Integration and Org Deployment ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
GStough REACH and ISO 9001:2000/13485:2003 - Never the Twain Shall Meet? RoHS, REACH, ELV, IMDS and Restricted Substances 4
S GAP Analysis for ISO 9001:2000 vs. ISO 13485:2003 ISO 13485:2016 - Medical Device Quality Management Systems 2
D ISO 9001:2000 - Implementation in an Environmental Consulting Firm ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
K Getting started with ISO 9001:2000 Templates Document Control Systems, Procedures, Forms and Templates 18
Z Synchronizing two quality management systems: ISO 9001:2000 Quality Manager and Management Related Issues 5
J ISO 9001:2000 4.2.3- Quality Records, Production Travelers Records and Data - Quality, Legal and Other Evidence 9
C ISO 9001:2000 Certificate - How to have a 3 year validity instead of 1? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 15
N When will ISO 9001:2000 Certificates turn into ISO 9001:2008? General Auditing Discussions 11
J Should product brochures be controlled per ISO 9001:2000? Document Control Systems, Procedures, Forms and Templates 2
I ISO 9001:2000 Recertification controls ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
J ISO 9001:2000 7.3.5 "Verification" and 7.3.6 "Validation"- Clarification ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 29
J Must you use an ISO 17025 lab in order to receive ISO 9001:2000 Certification ISO 17025 related Discussions 16

Similar threads

Top Bottom