Search the Elsmar Cove!
**Search ALL of Elsmar.com** with DuckDuckGo including content not in the forum - Search results with No ads.

IT Process is Taken From company and Added to Corporate Structure

ugurkavi

Registered Visitor
#1
Our company (let's say Company X) is part of a Group (Let's say Group G). Our IT department is taken from the organisation structure of our company and added to organisation structure of Group G. Upto now, IT was managing the Information Systems, Network etc just for our company. However, they will be giving service to all the other companies under Group G, including us. There are some issues I am not sure how to handle, any help/suggestion would be greatly appreciated.

  • Does IT Department become a supplier for us considering ISO9001?
  • Are we to add IT process to our exclusion clause?
  • Considering information management and the security, are we to reference these processes as outsourced processes?
 

ugurkavi

Registered Visitor
#3
Our company is a manufacturer. There are also construction company, hotels and mining companies under seperate management, but owned by same owner. It's like a corporate structure in a way.
 

indubioush

Involved In Discussions
#4
  • Does IT Department become a supplier for us considering ISO9001?
    • If they are still considered part of your organization and report in to the same Executive Management as the rest of your organization, then no, they should not be considered a supplier. If they have different Executive Management, then they should be considered a supplier.
  • Are we to add IT process to our exclusion clause?
    • No. You are not excluding it. You are outsourcing it if you determine your IT department is not part of your company.
  • Considering information management and the security, are we to reference these processes as outsourced processes?
    • Yes. You could still have SOPs that the external entity follows though. You will have to qualify the external entity as a supplier to you and ensure you have adequate controls over what they do for you.
 
#5
Interesting - I spoke with a fellow in IT just yesterday who lamented that much of the duties (and permissions) had gone offshore and must be handled by the user logging a request in the system and waiting for action by the offshore entity.
 
Top Bottom