IMS:Compliance Check of the Compliance Requirements of the IT Services Department: Difference between revisions

(Created page with "{{IMS Audit |coverage=IT Services |auditor=Sandra Meier |auditPlannedDate=2022-08-15 |auditType=Process audit |auditStatus=open }} ==Overview== ''What was the overall approac...")
 
No edit summary
Line 7: Line 7:
}}
}}
==Overview==
==Overview==
''What was the overall approach to the conducted audit?''
The audit was carried out in accordance with the previously communicated audit plan. The inspection of the server rooms planned for the 2nd day of the audit has to be canceled for reasons of time. A catch-up date was therefore agreed. The audit was carried out taking into account the ISO9001 quality criteria, as the company is aiming for certification.
 
All of the planned aspects were adequately discussed.
 
==<span class="mw-headline ve-pasteProtect" id="Considered_aspects_of_the_regulations">Considered aspects of the regulations</span>==
==<span class="mw-headline ve-pasteProtect" id="Considered_aspects_of_the_regulations">Considered aspects of the regulations</span>==
''Select any that apply or replace with applicable aspects.''


*Context of the organization and interested parties
* Organization context and interested parties
*Dealing with risks and opportunities
* Dealing with risks and opportunities
*Operational processes of IT service, process landscape, interfaces and ticket system
* Operational processes IT service, process landscape, interfaces and ticket system
*Identification and systematization of binding commitments
* Identification and systematisation of binding obligations
*Evaluation of performance and improvement
* Assessment of performance and improvement
*Application of operational ticket processes and compliance
* Application of operational ticket processes and compliance
*Training and knowledge of the organization
* Training and knowledge of the organization
*Communication
* communication
*Document control
* Document control
*Order processing
* Order processing
*Work and test equipment
* Work and test equipment
*Evaluation of service providers / contractors
* Evaluation of service providers / contractors
*Production / performance
* Production / service provision
*Critical Infrastructure Protection (CIP) issues
* CIP topics


==<span class="mw-headline ve-pasteProtect" id="Conclusion">Conclusion</span>==
==<span class="mw-headline ve-pasteProtect" id="Conclusion">Conclusion</span>==
''Provide a summary of the audit findings.''
The IT service was audited as part of the internal audit.
 
Numerous positive findings were made in the course of the internal audit. This particularly applies to the leadership role of the team leader. Their active leadership has positive effects on the implementation of processes and measures, such as B. the handling of the ticket system "Easy Redmine". The employees are actively informed and trained by the managers.
 
Many specifications and processes from the management systems are actively implemented and are easy to understand.
 
==<span class="mw-headline ve-pasteProtect" id="Individual_results">Individual results</span>==
==<span class="mw-headline ve-pasteProtect" id="Individual_results">Individual results</span>==
''Describe the results by regulations aspect.''
''Describe the results by regulations aspect.''


===<span class="mw-headline ve-pasteProtect" id="Communications">Communications</span>===
===<span class="mw-headline ve-pasteProtect" id="Communications">Communications</span>===
''Describe the results for this communications aspect of the audit.''
The employees were trained with regard to the changes in the process documentation and how to use the Easy Redmine software (group training on April 10, 2021). The Easy Redmine process overview and individual company processes were presented. The audited employees are familiar with handling Easy Redmine.
 
The inquiry process was audited as an example.
 
Based on the message "Contact request for personal data" from May 3, 2021, the process flow was verified in Easy Redmine. The process was easy to understand and corresponded to the specifications of the ticket system documentation in the IT service manual. The necessary steps in the course of processing have been properly carried out.
 
 
Other documents viewed:
 
Proof of training for Rüdiger Strauss from April 10, 2021 (area-related processes / Easy Redmine)
 
Proof of authorizations Mr. Rüdiger Strauss


==SW analysis==
==SW analysis==
Line 41: Line 59:
|- style="width:50%;" data-ve-attributes="{&quot;style&quot;:&quot;width:50%;&quot;}"
|- style="width:50%;" data-ve-attributes="{&quot;style&quot;:&quot;width:50%;&quot;}"
|
|
*Observation 1
* Active leadership role by the team leader
*Observation 2
* Many specifications from the management systems are already being implemented
* Employees are also trained in documentation and process requirements (e.g. Easy Redmine)
* Exemplary compliance management throughout the company
|
|
*Observation 3
* Dealing with risks and opportunities as well as process management have to be further developed and systematized.
*Observation 4
* Involvement of external consultants (especially legal advice)
|}
|}
==Signatures==
==Signatures==
<bs:signhere />
<bs:signhere />

Revision as of 17:47, 2 December 2021


Audit type: Process audit
Audit status: open
Audit coverage: IT Services
Auditor: Sandra Meier
Audit planned date: August 15, 2024 red
Audit execution date: June 27, 2024

Overview

The audit was carried out in accordance with the previously communicated audit plan. The inspection of the server rooms planned for the 2nd day of the audit has to be canceled for reasons of time. A catch-up date was therefore agreed. The audit was carried out taking into account the ISO9001 quality criteria, as the company is aiming for certification.

All of the planned aspects were adequately discussed.

Considered aspects of the regulations

  • Organization context and interested parties
  • Dealing with risks and opportunities
  • Operational processes IT service, process landscape, interfaces and ticket system
  • Identification and systematisation of binding obligations
  • Assessment of performance and improvement
  • Application of operational ticket processes and compliance
  • Training and knowledge of the organization
  • communication
  • Document control
  • Order processing
  • Work and test equipment
  • Evaluation of service providers / contractors
  • Production / service provision
  • CIP topics

Conclusion

The IT service was audited as part of the internal audit.

Numerous positive findings were made in the course of the internal audit. This particularly applies to the leadership role of the team leader. Their active leadership has positive effects on the implementation of processes and measures, such as B. the handling of the ticket system "Easy Redmine". The employees are actively informed and trained by the managers.

Many specifications and processes from the management systems are actively implemented and are easy to understand.

Individual results

Describe the results by regulations aspect.

Communications

The employees were trained with regard to the changes in the process documentation and how to use the Easy Redmine software (group training on April 10, 2021). The Easy Redmine process overview and individual company processes were presented. The audited employees are familiar with handling Easy Redmine.

The inquiry process was audited as an example.

Based on the message "Contact request for personal data" from May 3, 2021, the process flow was verified in Easy Redmine. The process was easy to understand and corresponded to the specifications of the ticket system documentation in the IT service manual. The necessary steps in the course of processing have been properly carried out.


Other documents viewed:

Proof of training for Rüdiger Strauss from April 10, 2021 (area-related processes / Easy Redmine)

Proof of authorizations Mr. Rüdiger Strauss

SW analysis

List of all strengths and weaknesses observed during the audit.

Strength Weakness
  • Active leadership role by the team leader
  • Many specifications from the management systems are already being implemented
  • Employees are also trained in documentation and process requirements (e.g. Easy Redmine)
  • Exemplary compliance management throughout the company
  • Dealing with risks and opportunities as well as process management have to be further developed and systematized.
  • Involvement of external consultants (especially legal advice)

Signatures

Signatures
No categories assignedEdit

Discussions