You have been asked to conduct an audit of the QA system in a client company, outline and discuss the key elements of the audit you will conduct. Explain the QA precautionary actions you may take if some aspects of the audit are not to ISO9001 standards (10 marks)
Key elements:
Physical and environmental review— this includes physical security, power supply, air conditioning, humidity control and other environmental factors.
System administration review— this includes security review of the operating systems, database management systems, all system administration procedures and compliance.
Application software review— the business application could be payroll, invoicing, a web-based customer order processing system or an enterprise resource planning system that actually runs the business.
Network security review—Review of internal and external connections to the system, perimeter security, firewall review, router access control lists, port scanning and intrusion detection are some typical areas of coverage.
Business continuity review— this includes existence and maintenance of fault tolerant and redundant hardware, backupprocedures and storage, and documented and tested disaster recovery/business continuity plan.
Data integrity review— the purpose of this is scrutiny of live data to verify adequacy of controls and impact of weaknesses, as noticed from any of the above reviews. Such substantive testing can be done using generalized audit software (e.g., computer assisted audit techniques).
An audit may vary in how much is covered. For instance, it may only scrutinize only one of these elements or a degree of all or some components described on the previous slide .It is important to cover all elements but they do not need to be done in one assignment. Skills sets required for each element are different. It could depend on the client sometimes
QA precautionary action:
If some aspects of audit are not to standard ISO9001, I will set them as high priority when conduct audit and implement the following steps:
Locate the issues
For example, if one of the application software does not meet the ISO9001, we should understand the conditions, characteristics and functions of the software, and find out reasons why it fails to meet standard, if it is due to technologies, or management, or human issues.
Study the ISO 9001
We should ensure that we have fully understood the nature and scope of the ISO 9001, so that we can find the differences and defects and improve them to meet the standard.
Meeting and discussion
Organize meeting within my audit team to discuss the problems and work out the solutions.
Generate conclusion
Generate the conclusion of the issues formally.
Implementation plan
Provide the implementation plan to my client company, with report about our findings and specific evaluations and suggestions.
1.
您被要求对客户公司的 QA 系统进行审核,概述并讨论您将进行的审核的关键要素。说明如果审核的某些方面不符合 ISO9001 标准,您可能采取的 QA 预防措施(10 分) 关键要素:
原题
You have been asked to conduct an audit of the QA system in a client company, outline and discuss the key elements of the audit you will conduct. Explain the QA precautionary actions you may take if some aspects of the audit are not to ISO9001 standards (10 marks) Key elements:
An audit may vary in how much is covered. For instance, it may only scrutinize only one of these elements or a degree of all or some components described on the previous slide .It is important to cover all elements but they do not need to be done in one assignment. Skills sets required for each element are different. It could depend on the client sometimes
质量保证预防措施:
如果审核的某些方面不符合 ISO9001 标准,我会在审核时将其设置为高优先级,并执行以下步骤: 1. 定位问题 例如,如果其中一个应用软件不符合ISO9001,我们应该了解该软件的条件、特点和功能,找出它不符合标准的原因,是技术原因,还是管理原因,或者人的问题。 2. 学习 ISO 9001 我们应该确保我们已经充分理解了 ISO 9001 的性质和范围,以便我们能够发现差异和缺陷并加以改进以达到标准。 三、会议讨论 在我的审计团队内组织会议,讨论问题并制定解决方案。 4. 生成结论 正式生成问题的结论。 五、实施方案 向我的客户公司提供实施计划,报告我们的调查结果和具体的评估和建议。
QA precautionary action: If some aspects of audit are not to standard ISO9001, I will set them as high priority when conduct audit and implement the following steps: