During an internal audit I conducted (AS9120B standard), I found out that one of our contractual employees did not have a company badge ID. According to him, he has reported it to his manager, but unfortunately, it didn't look like it was done. There has been changes in the organization lately and to make the long story short, he never got issued one for months and was only able to get in the company premises with a temporary badge. But during the audit, he did not have one. What is even worse is the discovery of credentials sharing and some folks know about it, but are not saying something. These are all grave company violations and I just need help citing which applicable clause will it fall under:
Should it fall under:
- Leadership (5.1.1.j)?
- Ifrastructure (7.1.3.a & b)?
- Awareness (7.3.h)?
Truly appreciate your help. Thank you!
Should it fall under:
- Leadership (5.1.1.j)?
- Ifrastructure (7.1.3.a & b)?
- Awareness (7.3.h)?
Truly appreciate your help. Thank you!