Difference between revisions of "QM:Compliance Check of the Compliance Requirements of the IT Services Department"
← QM:Compliance Check of the Compliance Requirements of the IT Services Department
| [unchecked revision] | [unchecked revision] |
m (added planned audit date) |
m (Tag: Visual edit) |
| General Audit Information | |
|---|---|
| Coverage | IT Services |
| Auditor | Sandra Meier |
| Audit planned date | 2019/08/14 |
| Audit execution date | 2019/08/21 |
| Audit type | Process audit |
| Audit status | open |
Examination of the processes for the implementation of the EU data protection regulation.
Contents
Results[edit | edit source]
The audit was carried out in accordance with the previously communicated audit plan.
The inspection of the server rooms scheduled for the 2nd day of the audit had to be canceled due to time constraints. Therefore, a catch-up date for August 2019 has been scheduled.
All planned aspects were adequately discussed.
Considered aspects of the regulations[edit | edit source]
- Context of the organization and interested parties
- Dealing with risks and opportunities
- Operational processes of IT service, process landscape, interfaces and ticket system
- Identification and systemisation of binding commitments
- Evaluation of performance and improvement
- Application of operational ticket processes and compliance
- Training and knowledge of the organization
- Communication
- Document control
- Order processing
- Work and test equipment
- Evaluation of service providers / contractors
- Production / performance
- CIP issues
Conclusion[edit | edit source]
As part of the internal audit, the IT service was audited.
Within the scope of the internal audit, numerous positive findings could be made. This particularly applies to the leadership role of team leadership. Their active leadership has a positive impact on the implementation of processes and measures, such as the handling of the ticket system "Easy Redmine". The employees are actively informed and trained by the executives.
Many requirements and processes from the management systems are actively implemented and are easy to understand.
Individual results[edit | edit source]
Communications[edit | edit source]
The staff were trained on the change in the process documentation and how to use the Easy Redmine software (group training of April 10, 2018). It presented the process overview Easy Redmine and individual company processes. Dealing with Easy Redmine is known to the audited employees.
As an example, the request process was audited.
Based on the message "Contact request personal data" dated 3 May 2018, the process flow in Easy Redmine was verified. The process was easy to follow and met the requirements of the ticket system documentation in the IT service manual. The necessary steps during processing the request were made properly.
Further documents viewed:
- Training certificate Rüdiger Strauß from April 10, 2018 (area related processes / Easy Redmine)
- Proof of permissions Mr. Rüdiger Strauß
SW-analysis[edit | edit source]
| Positive | Potential for improvement |
|---|---|
|
|
{{QM Audit
|Coverage=IT Services
|Auditor=Sandra Meier
|Planned auditAudit planned date=2019/08/14
|Audit execution date=2019/08/21
|Audit type=Process audit
|Audit status=open
|Planned date=2019/08/14
}}
Examination of the processes for the implementation of the EU data protection regulation.
<br />
==Results==
The audit was carried out in accordance with the previously communicated audit plan.
The inspection of the server rooms scheduled for the 2nd day of the audit had to be canceled due to time constraints.
Therefore, a catch-up date for August 2019 has been scheduled.
All planned aspects were adequately discussed.
<br />
===Considered aspects of the regulations===
*Context of the organization and interested parties
*Dealing with risks and opportunities
*Operational processes of IT service, process landscape, interfaces and ticket system
*Identification and systemisation of binding commitments
*Evaluation of performance and improvement
*Application of operational ticket processes and compliance
*Training and knowledge of the organization
*Communication
*Document control
*Order processing
*Work and test equipment
*Evaluation of service providers / contractors
*Production / performance
*CIP issues
<br />
===Conclusion===
As part of the internal audit, the IT service was audited.
Within the scope of the internal audit, numerous positive findings could be made. This particularly applies to the leadership role of team leadership. Their active leadership has a positive impact on the implementation of processes and measures, such as the handling of the ticket system "Easy Redmine". The employees are actively informed and trained by the executives.
Many requirements and processes from the management systems are actively implemented and are easy to understand.
<br />
===Individual results===
====Communications====
The staff were trained on the change in the process documentation and how to use the Easy Redmine software (group training of April 10, 2018). It presented the process overview Easy Redmine and individual company processes. Dealing with Easy Redmine is known to the audited employees.
As an example, the request process was audited.
Based on the message "Contact request personal data" dated 3 May 2018, the process flow in Easy Redmine was verified. The process was easy to follow and met the requirements of the ticket system documentation in the IT service manual. The necessary steps during processing the request were made properly.
Further documents viewed:
*Training certificate Rüdiger Strauß from April 10, 2018 (area related processes / Easy Redmine)
*Proof of permissions Mr. Rüdiger Strauß
==SW-analysis==
{| class="wikitable"
|+Summary of strengths, weaknesses and potential for improvement
!Positive
!Potential for improvement
|- style="vertical-align:top"
|
*Active leadership by the team lead
*Many requirements from the management systems are already being implemented
*Employees are also trained in documentation and process requirements (e.g., Easy Redmine)
*Exemplary compliance management in the entire enterprise
|
*Dealing with risks and opportunities as well as process management must be further developed and systematized.
*Integration of external consultants (mainly legal advice).
|}
<br />| Line 2: | Line 2: | ||
|Coverage=IT Services | |Coverage=IT Services | ||
|Auditor=Sandra Meier | |Auditor=Sandra Meier | ||
| − | | | + | |Audit planned date=2019/08/14 |
|Audit execution date=2019/08/21 | |Audit execution date=2019/08/21 | ||
|Audit type=Process audit | |Audit type=Process audit | ||