Tuesday, March 30, 2021
ISO9001/2015 Document Control Audit
Date
Thursday, November 26, 2020
Audit Number
18
Name of Auditor
Lucy Bennett-Poole
Audit Subject
Record retention & document control
Scope & Objective of Audit The requirements for document control are stated in section 7.5.3 of the ISO9001:2015 standard. The objective of this audit is to ensure that :1. It is available for use where and when required 2. It is adequately protected DEFINITION OF DOCUMENTED INFORMATION documented information refers to information that must be controlled and maintained. Therefore, it expects that you also maintain and control the medium as well as the information. For the purposes of This Audit Process, PWS has de ned the following information as Documented Information: 1: Customer details - All details concerning our customers incl contacts, addresses 2. Account Information - All accounts data incl Sales Orders, Invoices and Credit Notes, Purchase orders to suppliers. 3. Supplier details - All details concerning our suppliers incl contacts, addresses. 4. Staff Files - All HR Documentation is considered con dential and must therefore be treated as Documented Information.
GDPR - How does PWS gain permission from the client to retain their company data? On quotation for contract renewal, when a customer accepts a quote, they are agreeing for us to keep any / all details relating to our services on le for the duration of that contract. Should the customer not renew their contract, all data is de-activated from our database and no-one is able to access it. The MD is the only person who can re-activate it and this would only be done if the customer came back to us.
1
Create your own automated PDFs with JotForm PDF Editor
SAGE. All Sales Orders, Invoices, Credit notes and Purchase orders are stored on Sage. Is the Auditor con dent and it it proven that the documents stored within SAGE are only accessible by authorised personnel?
Yes
SAGE. All Sales Orders, Invoices, Credit notes and Purchase orders are stored on Sage. Is the Auditor con dent that all system data is backed up securely and is fully recoverable in the event of it being required? Yes. This has had to be done during 2020 due to a server being replaced and the data having to be recovered from the cloud after a back up failed.
What System is in place for PWS Systems and document back up.
LIVEDRIVE
Is this Method of back up guaranteed by the manufacturer? What assurances are in place to ensure all data is retrievable as and when required. 'STATEMENT FROM LIVEDRIVE' Transfer security Your les are transferred securely from your device to our servers using the strongest available TLS encryption. Data Protection Act Fully compliant with EU privacy laws, registered under the Data Protection Act and with the ICO (Information Commissioner’s O ce). PCI compliant Livedrive stores, transmits and processes card details according to the Payment Card Industry Data Security Standard (PCI-DSS). Obfuscated data Customer le information is masked when on our servers so it cannot be identi ed or linked to a particular account. Distributed data Individual customer data is split across multiple independent systems with no single system containing enough to retrieve an individual le via any unauthorized methods. Two factor authentication (2FA) 2FA increases security by requiring users to type in a unique code displayed on their mobile/tablet, in addition to their password, when logging into Livedrive. This can be turned on in the "Privacy and Security" section of the web portal.
How long are hard copy invoices and related documents stored for on PWS Premises?
7 Years
How are these hard copies stored?
Palletised and shrink wrapped. On expiring 7 years they are shredded.
Statement of Finding 2
Create your own automated PDFs with JotForm PDF Editor
That all documents and record retention is being done in accordance with the requirement.
Corrective Action Required
No
Result of Audit
Pass
Upload copies of evidence / related documents here
3
Create your own automated PDFs with JotForm PDF Editor