Last edited 5 months ago
by Monique Williams

Compliance Check of the Compliance Requirements of the IT Services Department


edit
Audit type: Process audit
Audit status: open
Audit coverage: IT Services
Auditor: Sandra Meier
Audit planned date: August 15, 2024 red
Audit execution date: June 27, 2024

Overview

The audit was carried out in accordance with the previously communicated audit plan. The inspection of the server rooms planned for the 2nd day of the audit has to be canceled for reasons of time. A catch-up date was therefore agreed. The audit was carried out taking into account the ISO9001 quality criteria, as the company is aiming for certification.

All of the planned aspects were adequately discussed.

Considered aspects of the regulations

  • Organization context and interested parties
  • Dealing with risks and opportunities
  • Operational processes IT service, process landscape, interfaces and ticket system
  • Identification and systematisation of binding obligations
  • Assessment of performance and improvement
  • Application of operational ticket processes and compliance
  • Training and knowledge of the organization
  • communication
  • Document control
  • Order processing
  • Work and test equipment
  • Evaluation of service providers / contractors
  • Production / service provision
  • CIP topics

Conclusion

The IT service was audited as part of the internal audit.

Numerous positive findings were made in the course of the internal audit. This particularly applies to the leadership role of the team leader. Their active leadership has positive effects on the implementation of processes and measures, such as B. the handling of the ticket system "Easy Redmine". The employees are actively informed and trained by the managers.

Many specifications and processes from the management systems are actively implemented and are easy to understand.

Individual results

Describe the results by regulations aspect.

Communications

The employees were trained with regard to the changes in the process documentation and how to use the Easy Redmine software (group training on April 10, 2021). The Easy Redmine process overview and individual company processes were presented. The audited employees are familiar with handling Easy Redmine.

The inquiry process was audited as an example.

Based on the message "Contact request for personal data" from May 3, 2021, the process flow was verified in Easy Redmine. The process was easy to understand and corresponded to the specifications of the ticket system documentation in the IT service manual. The necessary steps in the course of processing have been properly carried out.


Other documents viewed:

Proof of training for RĂ¼diger Strauss from April 10, 2021 (area-related processes / Easy Redmine)

Proof of authorizations Mr. RĂ¼diger Strauss

SW analysis

List of all strengths and weaknesses observed during the audit.

Strength Weakness
  • Active leadership role by the team leader
  • Many specifications from the management systems are already being implemented
  • Employees are also trained in documentation and process requirements (e.g. Easy Redmine)
  • Exemplary compliance management throughout the company
  • Dealing with risks and opportunities as well as process management have to be further developed and systematized.
  • Involvement of external consultants (especially legal advice)

Signatures

Signatures
Retrieved from "https://en.demo.bluespice.com/w/index.php?title=IMS:Compliance_Check_of_the_Compliance_Requirements_of_the_IT_Services_Department&oldid=2725"