IRCA Home page
IRCA Registration: How to apply
How to get IRCA Registration
IRCA on line forum
IRCA All forums
Sunday, December 30, 2007
Friday, October 19, 2007
auditing ISO 27001
You may please look for all mentioned below during internal audit.. in addition to Annex A controls..
Basic Checklist
List of assets (with owners, threats, controls and vulnerabilities) available?
Access controls defined? (Authorization forms)
Information labelling carried out?
Security Incidents monitored?
Security events monitored?
Backup integrity monitored?
Risk assessment methodology defined?
Risk assessment covers all the assets?
Risk assessment study documents available?
Additional Control Records maintained?
Test records maintained? (mainly for System admin)
SoA Prepared and complete?
Employee Training records available with respect to ISMS?
Internal audit Plan and Audit reports maintained?
Risk Mitigation plan available?
Competency Matrix available?
Training effectiveness records available?
Roles and Responsibilities defined?
Department specific procedures documented?
(mainly HR / Admin/ System admin / MR related)
BCP and management Process available?
Basic Checklist
List of assets (with owners, threats, controls and vulnerabilities) available?
Access controls defined? (Authorization forms)
Information labelling carried out?
Security Incidents monitored?
Security events monitored?
Backup integrity monitored?
Risk assessment methodology defined?
Risk assessment covers all the assets?
Risk assessment study documents available?
Additional Control Records maintained?
Test records maintained? (mainly for System admin)
SoA Prepared and complete?
Employee Training records available with respect to ISMS?
Internal audit Plan and Audit reports maintained?
Risk Mitigation plan available?
Competency Matrix available?
Training effectiveness records available?
Roles and Responsibilities defined?
Department specific procedures documented?
(mainly HR / Admin/ System admin / MR related)
BCP and management Process available?
Thursday, October 18, 2007
Audit standards
The Department of Employment and Industrial Relations has developed an audit program that employers can access that allows employers to evaluate their performance against ten defined elements. Details of this standard are available from the Tri-safe management systems audit program (PDF, 342 KB).
Self-insurance audit standard
The Department of Employment and Industrial Relations is responsible for the administration of the occupational health and safety performance requirements for current and prospective self-insurers. This role includes the accreditation of self-insurer auditors, coordination of audits with self-insurers and reporting of audit findings to Q-COMP.
Employers seeking a self-insurance licence from Q-COMP are required to have an assessment of occupational health and safety performance as part of licence requirements.
An element of this assessment process is a requirement for an OHS management systems audit. The standards that this audit is conducted against are detailed in the The Workers’ Compensation Self Insurers Performance Criteria and Guidelines.
Audits conducted for the purposes of self-insurance licence requirements are conducted by auditors accredited by the Department of Employment and Industrial Relations. Persons wishing to become accredited can apply to the Department of Employment and Industrial Relations after addressing the requirements set out in the Self Insurance Accreditation Criteria.
Last updated October 17, 2006
more
ISO 19011:2002 provides guidance on the principles of auditing, managing audit programmes, conducting quality management system audits and environmental management system audits, as well as guidance on the competence of quality and environmental management system auditors.
It is applicable to all organizations needing to conduct internal or external audits of quality and/or environmental management systems or to manage an audit programme.
The application of ISO 19011 to other types of audits is possible in principle provided that special consideration is paid to identifying the competence needed by the audit team members in such cases.
Revision information
Revises: ISO 10011-1:1990
Revises: ISO 10011-2:1991
Revises: ISO 10011-3:1991
Revises: ISO 14010:1996
Revises: ISO 14011:1996
Revises: ISO 14012:1996
more
Self-insurance audit standard
The Department of Employment and Industrial Relations is responsible for the administration of the occupational health and safety performance requirements for current and prospective self-insurers. This role includes the accreditation of self-insurer auditors, coordination of audits with self-insurers and reporting of audit findings to Q-COMP.
Employers seeking a self-insurance licence from Q-COMP are required to have an assessment of occupational health and safety performance as part of licence requirements.
An element of this assessment process is a requirement for an OHS management systems audit. The standards that this audit is conducted against are detailed in the The Workers’ Compensation Self Insurers Performance Criteria and Guidelines.
Audits conducted for the purposes of self-insurance licence requirements are conducted by auditors accredited by the Department of Employment and Industrial Relations. Persons wishing to become accredited can apply to the Department of Employment and Industrial Relations after addressing the requirements set out in the Self Insurance Accreditation Criteria.
Last updated October 17, 2006
more
ISO 19011:2002 provides guidance on the principles of auditing, managing audit programmes, conducting quality management system audits and environmental management system audits, as well as guidance on the competence of quality and environmental management system auditors.
It is applicable to all organizations needing to conduct internal or external audits of quality and/or environmental management systems or to manage an audit programme.
The application of ISO 19011 to other types of audits is possible in principle provided that special consideration is paid to identifying the competence needed by the audit team members in such cases.
Revision information
Revises: ISO 10011-1:1990
Revises: ISO 10011-2:1991
Revises: ISO 10011-3:1991
Revises: ISO 14010:1996
Revises: ISO 14011:1996
Revises: ISO 14012:1996
more
Hazard specific audits
Hazard specific audits address particular issues such as confined space entry, or working at heights and involve the inspection and testing of current workplace control methods. This type of audit has a narrow focus and looks at the effectiveness of policies and procedures in dealing with specific hazards.
These audits differ from compliance audits in that the standards set by the organisation to address a risk of injury may exceed legislative requirements. Many organisations use suitably qualified external providers to undertake these types of audits especially when hazardous tasks are being undertaken.
Workplace Health and Safety Queensland inspectors may review specific hazards in order to monitor legislative compliance at a workplace.
The Workplace Health and Safety Act 1995 (PDF, 766 KB) requires that workplace health and safety officers (WHSO’s) conduct a hazard based assessment of the workplace using criteria approved by the Chief Executive of Workplace Health and Safety Queensland or criteria agreed to by the Workplace Health and Safety Committee at the workplace.
More on WHSO’s.
These assessments must be conducted at least once every twelve months, or at intervals agreed between the WHSO and the Health and Safety Committee. There are eight elements referred to under this criteria and includes a number of common workplace hazards-
Hazard identification, risk assessment and control
Work environment
Noise
Plant
Electrical
Hazardous substances
Manual tasks
Information, instruction, training and supervision
An example of a hazard based assessment form (PDF, 144 KB) is provided for your convenience.
Last updated July 18, 2005
more
These audits differ from compliance audits in that the standards set by the organisation to address a risk of injury may exceed legislative requirements. Many organisations use suitably qualified external providers to undertake these types of audits especially when hazardous tasks are being undertaken.
Workplace Health and Safety Queensland inspectors may review specific hazards in order to monitor legislative compliance at a workplace.
The Workplace Health and Safety Act 1995 (PDF, 766 KB) requires that workplace health and safety officers (WHSO’s) conduct a hazard based assessment of the workplace using criteria approved by the Chief Executive of Workplace Health and Safety Queensland or criteria agreed to by the Workplace Health and Safety Committee at the workplace.
More on WHSO’s.
These assessments must be conducted at least once every twelve months, or at intervals agreed between the WHSO and the Health and Safety Committee. There are eight elements referred to under this criteria and includes a number of common workplace hazards-
Hazard identification, risk assessment and control
Work environment
Noise
Plant
Electrical
Hazardous substances
Manual tasks
Information, instruction, training and supervision
An example of a hazard based assessment form (PDF, 144 KB) is provided for your convenience.
Last updated July 18, 2005
more
OHSAS AUDIT
An occupational health and safety management systems audit has a wider scope, and although addressing hazards and risk controls, it also looks at organisational structures, planning activities, responsibilities, implemented procedures, review cycles and measurement and evaluation issues.
A basic occupational health and safety management system has some of the following characteristics:
Existence of a health and safety policy that is communicated to staff
Management commitment
Allocation of responsibilities and accountability for health and safety matters
Controls for suppliers, sub-contractors and purchasing
Health and safety consultation
Hazard identification, evaluation and control
Provision of information and training of staff
Incident recording, investigation, analysis and review
Measuring and evaluating workplace health and safety performance.
more
A basic occupational health and safety management system has some of the following characteristics:
Existence of a health and safety policy that is communicated to staff
Management commitment
Allocation of responsibilities and accountability for health and safety matters
Controls for suppliers, sub-contractors and purchasing
Health and safety consultation
Hazard identification, evaluation and control
Provision of information and training of staff
Incident recording, investigation, analysis and review
Measuring and evaluating workplace health and safety performance.
more
Audit Management
An audit is a systematic examination used to determine whether or not an object meets previously specified requirements, and is usually performed using question lists. The results of an audit are valuated and documented.
SAP PLM QM Audit Management helps you plan and process audits, monitor corrective and preventive actions that were determined during audits, and evaluate audit data according to different criteria.
The audit management solution is very flexible and allows you to perform any type of audit that you require, for example, quality audits (system audits, process audits, product audits, supplier audits), environmental audits, security audits (site security, function security, data security), or industrial safety audits. The solution can be applied to the needs of all relevant norms like QS9000 or the DIN ISO 9000 series.
It encourages integration of different audits, for example, in accordance with DIN ISO 19011. Since audits are usually performed outside the office, mobile options are essential in supporting effective audit processing. Collaboration between the auditor and the audited party is required when corrective or preventive actions are agreed on, and have to be monitored. The audited party may use an Internet or intranet-based access to the actions to report their completion.
The solutions suitability to processing a wide variety of audit usages meets the requirements of companies to unify different management systems in one integrated management system. This greatly reduces audit expenses. A HTML interface ensures that the functions of the audit management solution are accessible for everyone who has authorization, from any location, on the Internet or intranet. Moreover, you can directly attach documents and notes to the data objects used in audit management. Thus, the information on audits is available company-wide avoiding double work and leading to improvement of products, processes, and supplier relationships. The integration of the audit management solution with the data environment of SAP.com provides access to a vast array of information from other areas.
If necessary, it is possible for you to use interfaces to tools such as Microsoft Project® for the project management of an extensive audit plan, and Microsoft Excel® for the handling of question lists. The multi-lingual nature of the user interface and of the audit information supports you when working with foreign partners. For each audit phase, you can specify the partners and communicate with them using the SAP.com platform. Audit management provides a complete solution, which is easy-to-use and enables benchmarking and the evaluation of best practices inside and outside the company.
more
SAP PLM QM Audit Management helps you plan and process audits, monitor corrective and preventive actions that were determined during audits, and evaluate audit data according to different criteria.
The audit management solution is very flexible and allows you to perform any type of audit that you require, for example, quality audits (system audits, process audits, product audits, supplier audits), environmental audits, security audits (site security, function security, data security), or industrial safety audits. The solution can be applied to the needs of all relevant norms like QS9000 or the DIN ISO 9000 series.
It encourages integration of different audits, for example, in accordance with DIN ISO 19011. Since audits are usually performed outside the office, mobile options are essential in supporting effective audit processing. Collaboration between the auditor and the audited party is required when corrective or preventive actions are agreed on, and have to be monitored. The audited party may use an Internet or intranet-based access to the actions to report their completion.
The solutions suitability to processing a wide variety of audit usages meets the requirements of companies to unify different management systems in one integrated management system. This greatly reduces audit expenses. A HTML interface ensures that the functions of the audit management solution are accessible for everyone who has authorization, from any location, on the Internet or intranet. Moreover, you can directly attach documents and notes to the data objects used in audit management. Thus, the information on audits is available company-wide avoiding double work and leading to improvement of products, processes, and supplier relationships. The integration of the audit management solution with the data environment of SAP.com provides access to a vast array of information from other areas.
If necessary, it is possible for you to use interfaces to tools such as Microsoft Project® for the project management of an extensive audit plan, and Microsoft Excel® for the handling of question lists. The multi-lingual nature of the user interface and of the audit information supports you when working with foreign partners. For each audit phase, you can specify the partners and communicate with them using the SAP.com platform. Audit management provides a complete solution, which is easy-to-use and enables benchmarking and the evaluation of best practices inside and outside the company.
more
Tuesday, October 9, 2007
Wednesday, September 5, 2007
Auditing ISO 9001 QMS
The auditors will check compliance to ISO 9001 QMS requirements
The auditors will want to see:
DOCUMENTATION
at least 6 mandatory documented procedures
21 mandatory records (16 if design exemption is claimed and granted)
Apex Quality Manual containing as a minimum
a)
b)
c)
d)
Quality Plans
Work Instructions where required
Quality Data
IMPLEMENTATION
At least 2 Internal Audits conducted
At least 2 management reviews conducted
Monitoring of Quality Objectives
Customer Satisfaction perception determination
Evidence of continual improvement
Answers to Questions posed by auditors
go here
The auditors will want to see:
DOCUMENTATION
at least 6 mandatory documented procedures
21 mandatory records (16 if design exemption is claimed and granted)
Apex Quality Manual containing as a minimum
a)
b)
c)
d)
Quality Plans
Work Instructions where required
Quality Data
IMPLEMENTATION
At least 2 Internal Audits conducted
At least 2 management reviews conducted
Monitoring of Quality Objectives
Customer Satisfaction perception determination
Evidence of continual improvement
Answers to Questions posed by auditors
go here
Saturday, August 18, 2007
ISO 19011:2002
Guidelines for quality and/or environmental management systems auditing
Abstract
ISO 19011:2002 provides guidance on the principles of auditing, managing audit programmes, conducting quality management system audits and environmental management system audits, as well as guidance on the competence of quality and environmental management system auditors.
It is applicable to all organizations needing to conduct internal or external audits of quality and/or environmental management systems or to manage an audit programme.
The application of ISO 19011 to other types of audits is possible in principle provided that special consideration is paid to identifying the competence needed by the audit team members in such cases.
Abstract
ISO 19011:2002 provides guidance on the principles of auditing, managing audit programmes, conducting quality management system audits and environmental management system audits, as well as guidance on the competence of quality and environmental management system auditors.
It is applicable to all organizations needing to conduct internal or external audits of quality and/or environmental management systems or to manage an audit programme.
The application of ISO 19011 to other types of audits is possible in principle provided that special consideration is paid to identifying the competence needed by the audit team members in such cases.
Tuesday, July 17, 2007
Certification is Conformity Assessment, what is accreditation ?
ISO/IEC standard for "one-stop accreditation" to boost cross-border trade
A new International Standard aims to harmonize requirements worldwide for organizations that assess the competence of "conformity assessment" bodies.It will provide a global benchmark for "accreditations bodies" to ensure that they operate in a consistent, comparable and reliable manner worldwide, thereby providing confidence to purchasers and regulators and facilitating cross-border trade.
go here
A new International Standard aims to harmonize requirements worldwide for organizations that assess the competence of "conformity assessment" bodies.It will provide a global benchmark for "accreditations bodies" to ensure that they operate in a consistent, comparable and reliable manner worldwide, thereby providing confidence to purchasers and regulators and facilitating cross-border trade.
go here
Sunday, June 10, 2007
Auditing Body of Knowledge
Avail free downloads
Auditing Knowledge Bank
Good Audit Practices
ISO 14001 Audit Checklist Word Document
The other ISO 9001 Auditing Practices Group papers and presentations may be downloaded from the web sites:
www.iaf.nu
www.iso.org/tc176/ISO9001AuditingPracticesGroup
Auditing Knowledge Bank
Good Audit Practices
ISO 14001 Audit Checklist Word Document
The other ISO 9001 Auditing Practices Group papers and presentations may be downloaded from the web sites:
www.iaf.nu
www.iso.org/tc176/ISO9001AuditingPracticesGroup
Friday, March 9, 2007
FAQ's
QMS auditing topics
· The need for a 2-stage approach to auditing
· Measuring QMS effectiveness and improvements
· Identification of processes
· Understanding the process approach
· Determination of the “where appropriate” processes
· Auditing the “where appropriate” requirements
· Demonstrating conformity to the standard
· Linking an audit of a particular task, activity or process to the overall system
· Auditing continual improvement
· Auditing a QMS which has minimum documentation
· How to audit top management processes
· The role and value of the audit checklist
· Scope of ISO 9001:2000, Scope of Quality Management System and Defining Scope of Certification
· How to Add Value during the audit process
· Auditing competence and the effectiveness of actions taken
· Auditing Statutory and Regulatory requirements
· Auditing the Quality Policy and Quality Objectives
· Auditing ISO 9001, Clause 7.6 Control of monitoring and measuring devices
· Making effective use of ISO 19011
· Auditing Customer Feedback processes
· Documenting a Nonconformity
· Guidance for reviewing and closing nonconformities
· Auditing Internal Communications
· Auditing Preventive Action
· Auditing Service Organizations
· Third Party Auditor Impartiality and Conflict of Interest
· Auditing the Effectiveness of the Internal Audit
· Auditing Electronic Based Management Systems
· Auditing the Management of Resources
· Auditing Customer Communications
Feedback from users will be used by the ISO 9001 Auditing Practices Group to determine whether additional guidance documents should be developed, or if these current ones should be revised.
Comments on the papers or presentations can be sent to the following email address: charles.corrie@bsi-global.com.
These papers and presentations may be downloaded from the web sites:
http://www.iaf.nu/
www.iso.org/tc176/ISO9001AuditingPracticesGroup
http://isotc.iso.org/livelink/livelink/3553375/APG-Introduction.doc?func=doc.Fetch&nodeid=3553375
· The need for a 2-stage approach to auditing
· Measuring QMS effectiveness and improvements
· Identification of processes
· Understanding the process approach
· Determination of the “where appropriate” processes
· Auditing the “where appropriate” requirements
· Demonstrating conformity to the standard
· Linking an audit of a particular task, activity or process to the overall system
· Auditing continual improvement
· Auditing a QMS which has minimum documentation
· How to audit top management processes
· The role and value of the audit checklist
· Scope of ISO 9001:2000, Scope of Quality Management System and Defining Scope of Certification
· How to Add Value during the audit process
· Auditing competence and the effectiveness of actions taken
· Auditing Statutory and Regulatory requirements
· Auditing the Quality Policy and Quality Objectives
· Auditing ISO 9001, Clause 7.6 Control of monitoring and measuring devices
· Making effective use of ISO 19011
· Auditing Customer Feedback processes
· Documenting a Nonconformity
· Guidance for reviewing and closing nonconformities
· Auditing Internal Communications
· Auditing Preventive Action
· Auditing Service Organizations
· Third Party Auditor Impartiality and Conflict of Interest
· Auditing the Effectiveness of the Internal Audit
· Auditing Electronic Based Management Systems
· Auditing the Management of Resources
· Auditing Customer Communications
Feedback from users will be used by the ISO 9001 Auditing Practices Group to determine whether additional guidance documents should be developed, or if these current ones should be revised.
Comments on the papers or presentations can be sent to the following email address: charles.corrie@bsi-global.com.
These papers and presentations may be downloaded from the web sites:
http://www.iaf.nu/
www.iso.org/tc176/ISO9001AuditingPracticesGroup
http://isotc.iso.org/livelink/livelink/3553375/APG-Introduction.doc?func=doc.Fetch&nodeid=3553375
Subscribe to:
Posts (Atom)
