Compliance Check of the Compliance Requirements of the IT Services Department
-
- Last edited 5 years ago by Margit Link-Rodrigue
-
-
- This page is a first draft
General Audit Information | |
---|---|
Coverage | IT Services |
Auditor | Sandra Meier |
Audit planned date | 2019/08/14 |
Audit execution date | 2019/08/21 |
Audit type | Process audit |
Audit status | open |
Examination of the processes for the implementation of the EU data protection regulation.
Contents
Results
The audit was carried out in accordance with the previously communicated audit plan.
The inspection of the server rooms scheduled for the 2nd day of the audit had to be canceled due to time constraints. Therefore, a catch-up date for August 2019 has been scheduled.
All planned aspects were adequately discussed.
Considered aspects of the regulations
- Context of the organization and interested parties
- Dealing with risks and opportunities
- Operational processes of IT service, process landscape, interfaces and ticket system
- Identification and systemisation of binding commitments
- Evaluation of performance and improvement
- Application of operational ticket processes and compliance
- Training and knowledge of the organization
- Communication
- Document control
- Order processing
- Work and test equipment
- Evaluation of service providers / contractors
- Production / performance
- CIP issues
Conclusion
As part of the internal audit, the IT service was audited.
Within the scope of the internal audit, numerous positive findings could be made. This particularly applies to the leadership role of team leadership. Their active leadership has a positive impact on the implementation of processes and measures, such as the handling of the ticket system "Easy Redmine". The employees are actively informed and trained by the executives.
Many requirements and processes from the management systems are actively implemented and are easy to understand.
Individual results
Communications
The staff were trained on the change in the process documentation and how to use the Easy Redmine software (group training of April 10, 2018). It presented the process overview Easy Redmine and individual company processes. Dealing with Easy Redmine is known to the audited employees.
As an example, the request process was audited.
Based on the message "Contact request personal data" dated 3 May 2018, the process flow in Easy Redmine was verified. The process was easy to follow and met the requirements of the ticket system documentation in the IT service manual. The necessary steps during processing the request were made properly.
Further documents viewed:
- Training certificate Rüdiger Strauß from April 10, 2018 (area related processes / Easy Redmine)
- Proof of permissions Mr. Rüdiger Strauß
SW-analysis
Positive | Potential for improvement |
---|---|
|
|