SlideShare a Scribd company logo
1
Jerimi (Yuko) Soma
Auditors Notes for ISO20000-1 : Hypothetical Enterprise XYZ Inc.
Client Name XYZ Inc.
Contact
Person
Ms. Ichiro Tanaka (Service Manager) +81 3 1111 2222
Audit
Objectives
To access the implementation status and its effectiveness of
the audit criteria; in view to evaluate the organization, for
their potential in the growing educational market in JAPAN
and other areas.
Audit scope
Technical Scope:
- Providing platforms and applications on clouds for virtual live
courses, e-learning contents for their own educational
institutions for 24365 continuously.
Physical Location(s):
- Headquarters in the JAPAN including their office, server
rooms.
People:
- Executive Director, BRM, Service Manager, Internal Auditor
and other all employees in JAPAN
Audit Criteria XYZ service management system, ISO20000-1 and intended
outcomes
Audit
Conclusion
The audit findings are listed below:
Major NC: 0 item
Minor NC: 1 item
OFI: 4 items
・Based on the results of this audit, XYZ is recommended for
certification to the ISO 20000-1:2018 by Better Life Japan
Certification Corporation
Positive
Findings
・Top management well prepared for the SMS audit and his
explanation was clear and convincing enough to the auditors.
Agreed
Actions
・XYZ shall respond against 1 Minor nonconformity in the next
surveillance visit.
2
Jerimi (Yuko) Soma
・They closely work together for the SMS cycle’s continuous
improvement.
・The Organization Process for Managing IT services were
very detailed and it adequately showed their resiliency to
their business.
・This entity may respond against 4 opportunities for
improvement in the next surveillance visit, but these are optional
for XYZ and not mandatory.
AUDIT FIDINGS
Ref.
Number
Report
ing
Date
NC Description Correction
Root Cause
Analysis
Corrective Action Plans(s)
Revie
w of
CAP
by
Team
Lead
Revie
w
Date
Verific
ation
of CAP
by
Team
Lead
Verific
ation
Date
Action Item Resp.
Target
Date
Minor NC
Ref.
Number
#0001
2019/
SEP/2
Finding:
2 Internal Audits have not been conducted
as planned for Business relationship and
agreement processes even once since the
last audit.
Requirement of Standard: (Clause 9.2.1.b)
The organization shall conduct internal
audits at planned intervals to provide
information whether the SMS: b) is
effectively implemented and maintained.
Evidence:
・Interview with Ms. Marry Suzuki (BRM)
Will be
reviewed in
next Cycle
Will be
reviewed in
next Cycle
Will be
reviewed in
next Cycle
2019/JUL
/10
2019/J
UL/10
3
Jerimi (Yuko) Soma
・XYZ Operation Manual v1.2 page 40
“Updated Internal Audit Program 20xx”
OFI Ref.
Number
#0002
2019/
SEP/2
Finding:
Internal Audit has not conducted as
planned for Continual improvement and
Supply and demand processes, (it is held
only once each since last year)
Requirement of Standard: (Clause 9.2.1.b)
The organization shall conduct internal
audits at planned intervals to provide
information whether the SMS: b) is
effectively implemented and maintained.
Evidence:
・Interview with Ms. Amy Torii(BRM)
・Interview with Mr.IchiroTanaka(Service
Manager)
・XYZ Operation Manual v1.2 page 40
“Updated Internal Audit Program 20xx”
Will be
reviewed in
next Cycle,
but correction
is optional.
Will be
reviewed in
next Cycle, but
correction is
optional.
Will be
reviewed in
next Cycle,
but
correction is
optional.
OFI Ref.
Number
#0003
2019/
SEP/2
Finding:
Internal Audit results were not
documented as minutes for all process
even though “Procedure for Internal Audit”
said as follows.
Conducting Audit:
Will be
reviewed in
next Cycle,
but correction
is optional.
Will be
reviewed in
next Cycle, but
correction is
optional.
Will be
reviewed in
next Cycle,
but
correction is
optional.
4
Jerimi (Yuko) Soma
All audit findings are documented on the
Audit Report.
Requirement of Standard: (Clause 9.2.2 e)
The organization shall: a) plan, establish,
implement and maintain an audit
programme(s), including the frequency,
methods, responsibilities, planning
requirements and reporting, which shall
take into consideration: e) retain
documented information as evidence of
the implementation of the audit
programme(s) and the audit results.
Evidence:
・XYZ Operation Manual v1.2 page 38
“Procedure for Internal Audits”
OFI Ref.
Number
#0004
2019/
SEP/2
Finding:
・“Critical: 4 hours” in SLA was not
accurate. Anyone working on weekdays
and after hours and there was no
exception regarding after hours and
weekends was found in those documents.
Requirement of Standard: (Clause 8.3.3)
The organization and the customer shall
agree the services to be delivered. For
each service delivered, the organization
Will be
reviewed in
the next
Cycle, but
correction is
optional.
Will be
reviewed in the
next Cycle, but
correction is
optional.
Will be
reviewed in
the next
Cycle, but
correction is
optional.
5
Jerimi (Yuko) Soma
includes service level targets, workload
limits and exceptions.
Evidence:
・XYZ Operation Manual v1.2 page 117
“Service Level Agreement (Extract)”
・Interview with Mr. Ichiro Tanaka(Service
Manager)
・Interview with Ms. Marry Suzuki(BRM)
OFI Ref.
Number
#0005
2019/
SEP/2
Finding:
None of upper management except for the
Executive director involved in
Management review.
Requirement of Standard: (Clause 5.1)
Top management shall demonstrate
leadership and commitment with respect
to the SMS by promoting continual
improvement of the SMS and the services
Evidence:
・XYZ Operation Manual v1.2 page10
“Organization Chart”
・XYZ Operation Manual v1.2 page35
“Management review record Oct. 20xx”
・XYZ Operation Manual v1.2 page 36
“Minutes”
Will be
reviewed in
next Cycle,
but correction
is optional.
Will be
reviewed in
next Cycle, but
correction is
optional.
Will be
reviewed in
next Cycle,
but
correction is
optional.
6
Jerimi (Yuko) Soma
Check List
No
.
Clauses Items to check What to look for GAPs/Findings from Document
Reviews
#1 Clause 9.2.1.b
The organization shall conduct
internal audits at planned
intervals to provide information
whether the SMS: b) is
effectively implemented and
maintained.
・Do you have any reasons why Internal
Audits have not conducted for Business
relationship and agreement processes
even once since last audit?
・If those are not conducted even once,
do you think there are any risks for that?
・XYZ Operation Manual
v1.2 page 40 “Updated
Internal Audit Program 20xx”
・Interview with Ms. Marry
Suzuki (BRM)
・2 Internal Audits have not
conducted as planned for Business
relationship and agreement processes
even once since last audit.
#2 Clause 9.2.1.b)
The organization shall conduct
internal audits at planned
intervals to provide information
whether the SMS: b) is
effectively implemented and
maintained.
・Do you have any reasons why Internal
Audits have not conducted as planned for
Continual improvement and Supply and
demand processes?
・If those are not conducted as planned,
do you think there are any risks by that?
・Interview with Ms. Marry
Suzuki (BRM)
・Interview with Mr. Ichiro
Tanaka(Service Manager)
・XYZ Operation Manual
v1.2 page 40 “Updated
Internal Audit Program 20xx”
・Internal Audit has not conducted as
planned for Continual improvement
and Supply and demand processes, (it
is held only once each since last year)
#3 Clause 9.2.2 e)
The organization shall: a) plan,
establish, implement and
maintain an audit
programme(s), including the
frequency, methods,
responsibilities, planning
requirements and reporting,
which shall take into
consideration: e) retain
documented information as
evidence of the implementation
・Could you please show me minutes of
Internal Audit results?
“Procedure for Internal Audit” said as
follows.
Conducting Audit:
All audit findings are documented on the
Audit Report.
・Don’t you think “Updated Internal Audit
Program” on page 40 is not enough to
align your organization policies written in
“Procedure for Internal Audit”?
・XYZ Operation Manual
v1.2 page 38 “Procedure for
Internal Audits”
・ Internal Audit results were not
documented as minutes for all
process even though “Procedure for
Internal Audit” said as follows.
Conducting Audit:
All audit findings are documented on
the Audit Report.
7
Jerimi (Yuko) Soma
of the audit programme(s) and
the audit results.
・Don’t you think there are any risks by
that?
#4 Clause 8.3.3
The organization and the
customer shall agree the
services to be delivered. For
each service delivered, the
organization include service
level targets, workload limits
and exceptions.
・Do Anyone work on weekdays and after
hours for incident?
・Is “Critical: 4 hours” in SLA was in XYZ
Operation Manual v1.2 page 117
accurate?
・Didn’t you try to add exception for after
afterhours and weekends?
・Have you ever discussed about update
this discrepancy about SLA for emergency
with business units?
・If no one work for weekends, how did
you maintain SLA for e-learning
customers?
・Don’t you think there are any risks by
that?
・XYZ Operation Manual
v1.2 page 117 “Service Level
Agreement (Extract)”
・Interview with Mr. Ichiro
Tanaka (Service Manager)
・Interview with Ms. Marry
Suzuki (BRM)
・“Critical: 4 hours” in SLA was not
accurate. Anyone works on weekdays
and after hours and there was no
exception written regarding after
those was found in that documents.
#5 Clause 5.1 k)
Top management shall
demonstrate leadership and
commitment with respect to the
SMS by promoting continual
improvement of the SMS and
the services
・Could you please explain why those 4
people were chosen to attend
Management Review after last audit?
・Don’t you think they are not enough for
attending MR?
・When I refer your organization chart, I
can see there are 2 Vice Provosts and 6
process owners. Don’t you think those
business units require to take leadership
for Service Management?
・XYZ Operation Manual
v1.2 page10 “Organization
Chart”
・XYZ Operation Manual
v1.2 page35 “Management
review record Oct. 20xx”
・XYZ Operation Manual
v1.2 page 36 “Minutes”
None of upper management expect
for Executive director involved to
Management review.
of the documents

More Related Content

Similar to ISO20000-1 Auditors note 【My Continuous Learning】

Webinar Slides: Error or Change in Estimate? How to Navigate a Common Account...
Webinar Slides: Error or Change in Estimate? How to Navigate a Common Account...Webinar Slides: Error or Change in Estimate? How to Navigate a Common Account...
Webinar Slides: Error or Change in Estimate? How to Navigate a Common Account...
MHM (Mayer Hoffman McCann P.C.)
 
Kiran Adtani_Resume
Kiran Adtani_ResumeKiran Adtani_Resume
Kiran Adtani_ResumeKiran Adtani
 
PMI-Service-Level-Agreement for all transactions
PMI-Service-Level-Agreement for all transactionsPMI-Service-Level-Agreement for all transactions
PMI-Service-Level-Agreement for all transactions
RaymondSmith96
 
62493024-Wld-Services-Review-Final-Report.ppt
62493024-Wld-Services-Review-Final-Report.ppt62493024-Wld-Services-Review-Final-Report.ppt
62493024-Wld-Services-Review-Final-Report.ppt
kEWQ865k
 
Deepak Mysore Nagaraj (1)
Deepak Mysore Nagaraj (1)Deepak Mysore Nagaraj (1)
Deepak Mysore Nagaraj (1).Deepak Gowda
 
Isbm construction management . taxation. project mgmt. data mgmt. market res...
Isbm  construction management . taxation. project mgmt. data mgmt. market res...Isbm  construction management . taxation. project mgmt. data mgmt. market res...
Isbm construction management . taxation. project mgmt. data mgmt. market res...
NMIMS ASSIGNMENTS HELP
 
Resume puja bajaj
Resume puja bajajResume puja bajaj
Resume puja bajaj
Puja Bajaj
 
Resume puja bajaj
Resume puja bajajResume puja bajaj
Resume puja bajaj
Puja Bajaj
 
SGBS - sample Case Studies Aug 2015
SGBS - sample Case Studies Aug 2015SGBS - sample Case Studies Aug 2015
SGBS - sample Case Studies Aug 2015Sarvotham Pejavar
 
1 Assessment Task – Tutorial Questions Assignment
1  Assessment Task – Tutorial Questions Assignment  1  Assessment Task – Tutorial Questions Assignment
1 Assessment Task – Tutorial Questions Assignment
SilvaGraf83
 
1 Assessment Task – Tutorial Questions Assignment
1  Assessment Task – Tutorial Questions Assignment  1  Assessment Task – Tutorial Questions Assignment
1 Assessment Task – Tutorial Questions Assignment
MartineMccracken314
 
Amit_Dubey_Resume[1]
Amit_Dubey_Resume[1]Amit_Dubey_Resume[1]
Amit_Dubey_Resume[1]Amit Dubey
 
Audit and investigations ii questions
Audit and investigations ii questionsAudit and investigations ii questions
Audit and investigations ii questions
allhomeworktutors
 
474386529-Deloitte-KPMG-and-the-IL-FS-Saga-NFRA-finds-deficiencies-in-BSR-s-a...
474386529-Deloitte-KPMG-and-the-IL-FS-Saga-NFRA-finds-deficiencies-in-BSR-s-a...474386529-Deloitte-KPMG-and-the-IL-FS-Saga-NFRA-finds-deficiencies-in-BSR-s-a...
474386529-Deloitte-KPMG-and-the-IL-FS-Saga-NFRA-finds-deficiencies-in-BSR-s-a...
AnkurNagwan1
 
BKD Operational Assessment
BKD Operational AssessmentBKD Operational Assessment
BKD Operational Assessment
Indiana Bureau of Motor Vehicles
 
Customer satisfaction survey august 2014 comments
Customer satisfaction survey   august 2014 commentsCustomer satisfaction survey   august 2014 comments
Customer satisfaction survey august 2014 commentsAngel Ann
 
Acct 503 Social Responsibility / tutorialrank.com
Acct 503 Social Responsibility / tutorialrank.comAcct 503 Social Responsibility / tutorialrank.com
Acct 503 Social Responsibility / tutorialrank.com
PrescottLunt432
 

Similar to ISO20000-1 Auditors note 【My Continuous Learning】 (20)

Webinar Slides: Error or Change in Estimate? How to Navigate a Common Account...
Webinar Slides: Error or Change in Estimate? How to Navigate a Common Account...Webinar Slides: Error or Change in Estimate? How to Navigate a Common Account...
Webinar Slides: Error or Change in Estimate? How to Navigate a Common Account...
 
Hammad Resume..
Hammad Resume.. Hammad Resume..
Hammad Resume..
 
Kiran Adtani_Resume
Kiran Adtani_ResumeKiran Adtani_Resume
Kiran Adtani_Resume
 
PMI-Service-Level-Agreement for all transactions
PMI-Service-Level-Agreement for all transactionsPMI-Service-Level-Agreement for all transactions
PMI-Service-Level-Agreement for all transactions
 
62493024-Wld-Services-Review-Final-Report.ppt
62493024-Wld-Services-Review-Final-Report.ppt62493024-Wld-Services-Review-Final-Report.ppt
62493024-Wld-Services-Review-Final-Report.ppt
 
Deepak Mysore Nagaraj (1)
Deepak Mysore Nagaraj (1)Deepak Mysore Nagaraj (1)
Deepak Mysore Nagaraj (1)
 
Resume of Ujjal
Resume of UjjalResume of Ujjal
Resume of Ujjal
 
Isbm construction management . taxation. project mgmt. data mgmt. market res...
Isbm  construction management . taxation. project mgmt. data mgmt. market res...Isbm  construction management . taxation. project mgmt. data mgmt. market res...
Isbm construction management . taxation. project mgmt. data mgmt. market res...
 
Resume puja bajaj
Resume puja bajajResume puja bajaj
Resume puja bajaj
 
Resume puja bajaj
Resume puja bajajResume puja bajaj
Resume puja bajaj
 
SGBS - sample Case Studies Aug 2015
SGBS - sample Case Studies Aug 2015SGBS - sample Case Studies Aug 2015
SGBS - sample Case Studies Aug 2015
 
1 Assessment Task – Tutorial Questions Assignment
1  Assessment Task – Tutorial Questions Assignment  1  Assessment Task – Tutorial Questions Assignment
1 Assessment Task – Tutorial Questions Assignment
 
1 Assessment Task – Tutorial Questions Assignment
1  Assessment Task – Tutorial Questions Assignment  1  Assessment Task – Tutorial Questions Assignment
1 Assessment Task – Tutorial Questions Assignment
 
Amit_Dubey_Resume[1]
Amit_Dubey_Resume[1]Amit_Dubey_Resume[1]
Amit_Dubey_Resume[1]
 
Audit and investigations ii questions
Audit and investigations ii questionsAudit and investigations ii questions
Audit and investigations ii questions
 
474386529-Deloitte-KPMG-and-the-IL-FS-Saga-NFRA-finds-deficiencies-in-BSR-s-a...
474386529-Deloitte-KPMG-and-the-IL-FS-Saga-NFRA-finds-deficiencies-in-BSR-s-a...474386529-Deloitte-KPMG-and-the-IL-FS-Saga-NFRA-finds-deficiencies-in-BSR-s-a...
474386529-Deloitte-KPMG-and-the-IL-FS-Saga-NFRA-finds-deficiencies-in-BSR-s-a...
 
BKD Operational Assessment
BKD Operational AssessmentBKD Operational Assessment
BKD Operational Assessment
 
Customer satisfaction survey august 2014 comments
Customer satisfaction survey   august 2014 commentsCustomer satisfaction survey   august 2014 comments
Customer satisfaction survey august 2014 comments
 
Acct 503 Social Responsibility / tutorialrank.com
Acct 503 Social Responsibility / tutorialrank.comAcct 503 Social Responsibility / tutorialrank.com
Acct 503 Social Responsibility / tutorialrank.com
 
Madhusudhan_Resume
Madhusudhan_ResumeMadhusudhan_Resume
Madhusudhan_Resume
 

More from Jerimi Soma

IRCA ISMS Auditor Certification for Version 2022 (Since 2017)
IRCA ISMS Auditor Certification for Version 2022 (Since 2017)IRCA ISMS Auditor Certification for Version 2022 (Since 2017)
IRCA ISMS Auditor Certification for Version 2022 (Since 2017)
Jerimi Soma
 
Another ITIL4 story of a Japanese business hotel
Another ITIL4 story of a Japanese business hotelAnother ITIL4 story of a Japanese business hotel
Another ITIL4 story of a Japanese business hotel
Jerimi Soma
 
Japan Data Privacy Auditor Certification (Since Jan. 2021)
Japan Data Privacy Auditor Certification (Since Jan. 2021)Japan Data Privacy Auditor Certification (Since Jan. 2021)
Japan Data Privacy Auditor Certification (Since Jan. 2021)
Jerimi Soma
 
ITILv3 /2011 Edition Case Study
ITILv3 /2011 Edition Case StudyITILv3 /2011 Edition Case Study
ITILv3 /2011 Edition Case Study
Jerimi Soma
 
ITIL4 Managing Professtioal
ITIL4 Managing ProfesstioalITIL4 Managing Professtioal
ITIL4 Managing Professtioal
Jerimi Soma
 
JRCA ISO27017 Cloud Security Training & Exam
JRCA ISO27017 Cloud  Security Training & ExamJRCA ISO27017 Cloud  Security Training & Exam
JRCA ISO27017 Cloud Security Training & Exam
Jerimi Soma
 
ITIL v2011 Expert 6 exams
ITIL v2011 Expert 6 examsITIL v2011 Expert 6 exams
ITIL v2011 Expert 6 exams
Jerimi Soma
 
QSA training & exam in 2017, 2018, 2019, 2020, 2021 and PCIP in 2022 - 2025
QSA training & exam in 2017, 2018, 2019, 2020, 2021 and PCIP in 2022 - 2025QSA training & exam in 2017, 2018, 2019, 2020, 2021 and PCIP in 2022 - 2025
QSA training & exam in 2017, 2018, 2019, 2020, 2021 and PCIP in 2022 - 2025
Jerimi Soma
 
ISO20000-1 Training Completion in 2022
ISO20000-1 Training Completion in 2022ISO20000-1 Training Completion in 2022
ISO20000-1 Training Completion in 2022
Jerimi Soma
 
Six Sigma Black Belt
Six Sigma Black BeltSix Sigma Black Belt
Six Sigma Black Belt
Jerimi Soma
 
IRCA BCMS Lead Auditor Training & Exam
IRCA BCMS Lead Auditor Training & ExamIRCA BCMS Lead Auditor Training & Exam
IRCA BCMS Lead Auditor Training & Exam
Jerimi Soma
 
BSI ISO27001 Lead Implementer ENR-00775738
BSI ISO27001 Lead Implementer ENR-00775738BSI ISO27001 Lead Implementer ENR-00775738
BSI ISO27001 Lead Implementer ENR-00775738
Jerimi Soma
 
IRCA QMS Lead Auditor 5-day training & exam
IRCA QMS Lead Auditor 5-day training & examIRCA QMS Lead Auditor 5-day training & exam
IRCA QMS Lead Auditor 5-day training & exam
Jerimi Soma
 
IRCA ISMS Lead Auditor Training & Exam in 2014
IRCA ISMS Lead Auditor Training & Exam in 2014IRCA ISMS Lead Auditor Training & Exam in 2014
IRCA ISMS Lead Auditor Training & Exam in 2014
Jerimi Soma
 
Henry James Study
Henry James StudyHenry James Study
Henry James Study
Jerimi Soma
 
My Gap analysis results between ISO27001: 2022 and 2013 version as of 2022 fall.
My Gap analysis results between ISO27001: 2022 and 2013 version as of 2022 fall.My Gap analysis results between ISO27001: 2022 and 2013 version as of 2022 fall.
My Gap analysis results between ISO27001: 2022 and 2013 version as of 2022 fall.
Jerimi Soma
 
SixSigma 【Continuous Study】
SixSigma 【Continuous Study】SixSigma 【Continuous Study】
SixSigma 【Continuous Study】
Jerimi Soma
 
Use Cases for ISO20000-1 based on ITIL in English 【Continuous Study】
Use Cases for ISO20000-1 based on ITIL in English 【Continuous Study】Use Cases for ISO20000-1 based on ITIL in English 【Continuous Study】
Use Cases for ISO20000-1 based on ITIL in English 【Continuous Study】
Jerimi Soma
 
ISO20000-1 mapping to PCI 【Continuous Study】
ISO20000-1 mapping to PCI 【Continuous Study】ISO20000-1 mapping to PCI 【Continuous Study】
ISO20000-1 mapping to PCI 【Continuous Study】
Jerimi Soma
 
Mapping Japanese FISC guideline to PCI DSS v3.2.1 【Continuous Study】
Mapping Japanese FISC guideline to PCI DSS v3.2.1 【Continuous Study】Mapping Japanese FISC guideline to PCI DSS v3.2.1 【Continuous Study】
Mapping Japanese FISC guideline to PCI DSS v3.2.1 【Continuous Study】
Jerimi Soma
 

More from Jerimi Soma (20)

IRCA ISMS Auditor Certification for Version 2022 (Since 2017)
IRCA ISMS Auditor Certification for Version 2022 (Since 2017)IRCA ISMS Auditor Certification for Version 2022 (Since 2017)
IRCA ISMS Auditor Certification for Version 2022 (Since 2017)
 
Another ITIL4 story of a Japanese business hotel
Another ITIL4 story of a Japanese business hotelAnother ITIL4 story of a Japanese business hotel
Another ITIL4 story of a Japanese business hotel
 
Japan Data Privacy Auditor Certification (Since Jan. 2021)
Japan Data Privacy Auditor Certification (Since Jan. 2021)Japan Data Privacy Auditor Certification (Since Jan. 2021)
Japan Data Privacy Auditor Certification (Since Jan. 2021)
 
ITILv3 /2011 Edition Case Study
ITILv3 /2011 Edition Case StudyITILv3 /2011 Edition Case Study
ITILv3 /2011 Edition Case Study
 
ITIL4 Managing Professtioal
ITIL4 Managing ProfesstioalITIL4 Managing Professtioal
ITIL4 Managing Professtioal
 
JRCA ISO27017 Cloud Security Training & Exam
JRCA ISO27017 Cloud  Security Training & ExamJRCA ISO27017 Cloud  Security Training & Exam
JRCA ISO27017 Cloud Security Training & Exam
 
ITIL v2011 Expert 6 exams
ITIL v2011 Expert 6 examsITIL v2011 Expert 6 exams
ITIL v2011 Expert 6 exams
 
QSA training & exam in 2017, 2018, 2019, 2020, 2021 and PCIP in 2022 - 2025
QSA training & exam in 2017, 2018, 2019, 2020, 2021 and PCIP in 2022 - 2025QSA training & exam in 2017, 2018, 2019, 2020, 2021 and PCIP in 2022 - 2025
QSA training & exam in 2017, 2018, 2019, 2020, 2021 and PCIP in 2022 - 2025
 
ISO20000-1 Training Completion in 2022
ISO20000-1 Training Completion in 2022ISO20000-1 Training Completion in 2022
ISO20000-1 Training Completion in 2022
 
Six Sigma Black Belt
Six Sigma Black BeltSix Sigma Black Belt
Six Sigma Black Belt
 
IRCA BCMS Lead Auditor Training & Exam
IRCA BCMS Lead Auditor Training & ExamIRCA BCMS Lead Auditor Training & Exam
IRCA BCMS Lead Auditor Training & Exam
 
BSI ISO27001 Lead Implementer ENR-00775738
BSI ISO27001 Lead Implementer ENR-00775738BSI ISO27001 Lead Implementer ENR-00775738
BSI ISO27001 Lead Implementer ENR-00775738
 
IRCA QMS Lead Auditor 5-day training & exam
IRCA QMS Lead Auditor 5-day training & examIRCA QMS Lead Auditor 5-day training & exam
IRCA QMS Lead Auditor 5-day training & exam
 
IRCA ISMS Lead Auditor Training & Exam in 2014
IRCA ISMS Lead Auditor Training & Exam in 2014IRCA ISMS Lead Auditor Training & Exam in 2014
IRCA ISMS Lead Auditor Training & Exam in 2014
 
Henry James Study
Henry James StudyHenry James Study
Henry James Study
 
My Gap analysis results between ISO27001: 2022 and 2013 version as of 2022 fall.
My Gap analysis results between ISO27001: 2022 and 2013 version as of 2022 fall.My Gap analysis results between ISO27001: 2022 and 2013 version as of 2022 fall.
My Gap analysis results between ISO27001: 2022 and 2013 version as of 2022 fall.
 
SixSigma 【Continuous Study】
SixSigma 【Continuous Study】SixSigma 【Continuous Study】
SixSigma 【Continuous Study】
 
Use Cases for ISO20000-1 based on ITIL in English 【Continuous Study】
Use Cases for ISO20000-1 based on ITIL in English 【Continuous Study】Use Cases for ISO20000-1 based on ITIL in English 【Continuous Study】
Use Cases for ISO20000-1 based on ITIL in English 【Continuous Study】
 
ISO20000-1 mapping to PCI 【Continuous Study】
ISO20000-1 mapping to PCI 【Continuous Study】ISO20000-1 mapping to PCI 【Continuous Study】
ISO20000-1 mapping to PCI 【Continuous Study】
 
Mapping Japanese FISC guideline to PCI DSS v3.2.1 【Continuous Study】
Mapping Japanese FISC guideline to PCI DSS v3.2.1 【Continuous Study】Mapping Japanese FISC guideline to PCI DSS v3.2.1 【Continuous Study】
Mapping Japanese FISC guideline to PCI DSS v3.2.1 【Continuous Study】
 

Recently uploaded

Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdfMeas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
dylandmeas
 
Digital Transformation in PLM - WHAT and HOW - for distribution.pdf
Digital Transformation in PLM - WHAT and HOW - for distribution.pdfDigital Transformation in PLM - WHAT and HOW - for distribution.pdf
Digital Transformation in PLM - WHAT and HOW - for distribution.pdf
Jos Voskuil
 
What is the TDS Return Filing Due Date for FY 2024-25.pdf
What is the TDS Return Filing Due Date for FY 2024-25.pdfWhat is the TDS Return Filing Due Date for FY 2024-25.pdf
What is the TDS Return Filing Due Date for FY 2024-25.pdf
seoforlegalpillers
 
anas about venice for grade 6f about venice
anas about venice for grade 6f about veniceanas about venice for grade 6f about venice
anas about venice for grade 6f about venice
anasabutalha2013
 
Affordable Stationery Printing Services in Jaipur | Navpack n Print
Affordable Stationery Printing Services in Jaipur | Navpack n PrintAffordable Stationery Printing Services in Jaipur | Navpack n Print
Affordable Stationery Printing Services in Jaipur | Navpack n Print
Navpack & Print
 
20240425_ TJ Communications Credentials_compressed.pdf
20240425_ TJ Communications Credentials_compressed.pdf20240425_ TJ Communications Credentials_compressed.pdf
20240425_ TJ Communications Credentials_compressed.pdf
tjcomstrang
 
FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134
LR1709MUSIC
 
Filing Your Delaware Franchise Tax A Detailed Guide
Filing Your Delaware Franchise Tax A Detailed GuideFiling Your Delaware Franchise Tax A Detailed Guide
Filing Your Delaware Franchise Tax A Detailed Guide
YourLegal Accounting
 
Business Valuation Principles for Entrepreneurs
Business Valuation Principles for EntrepreneursBusiness Valuation Principles for Entrepreneurs
Business Valuation Principles for Entrepreneurs
Ben Wann
 
Global Interconnection Group Joint Venture[960] (1).pdf
Global Interconnection Group Joint Venture[960] (1).pdfGlobal Interconnection Group Joint Venture[960] (1).pdf
Global Interconnection Group Joint Venture[960] (1).pdf
Henry Tapper
 
Search Disrupted Google’s Leaked Documents Rock the SEO World.pdf
Search Disrupted Google’s Leaked Documents Rock the SEO World.pdfSearch Disrupted Google’s Leaked Documents Rock the SEO World.pdf
Search Disrupted Google’s Leaked Documents Rock the SEO World.pdf
Arihant Webtech Pvt. Ltd
 
Putting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptxPutting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptx
Cynthia Clay
 
BeMetals Presentation_May_22_2024 .pdf
BeMetals Presentation_May_22_2024   .pdfBeMetals Presentation_May_22_2024   .pdf
BeMetals Presentation_May_22_2024 .pdf
DerekIwanaka1
 
April 2024 Nostalgia Products Newsletter
April 2024 Nostalgia Products NewsletterApril 2024 Nostalgia Products Newsletter
April 2024 Nostalgia Products Newsletter
NathanBaughman3
 
Cree_Rey_BrandIdentityKit.PDF_PersonalBd
Cree_Rey_BrandIdentityKit.PDF_PersonalBdCree_Rey_BrandIdentityKit.PDF_PersonalBd
Cree_Rey_BrandIdentityKit.PDF_PersonalBd
creerey
 
Introduction to Amazon company 111111111111
Introduction to Amazon company 111111111111Introduction to Amazon company 111111111111
Introduction to Amazon company 111111111111
zoyaansari11365
 
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
BBPMedia1
 
India Orthopedic Devices Market: Unlocking Growth Secrets, Trends and Develop...
India Orthopedic Devices Market: Unlocking Growth Secrets, Trends and Develop...India Orthopedic Devices Market: Unlocking Growth Secrets, Trends and Develop...
India Orthopedic Devices Market: Unlocking Growth Secrets, Trends and Develop...
Kumar Satyam
 
Set off and carry forward of losses and assessment of individuals.pptx
Set off and carry forward of losses and assessment of individuals.pptxSet off and carry forward of losses and assessment of individuals.pptx
Set off and carry forward of losses and assessment of individuals.pptx
HARSHITHV26
 
What are the main advantages of using HR recruiter services.pdf
What are the main advantages of using HR recruiter services.pdfWhat are the main advantages of using HR recruiter services.pdf
What are the main advantages of using HR recruiter services.pdf
HumanResourceDimensi1
 

Recently uploaded (20)

Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdfMeas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
 
Digital Transformation in PLM - WHAT and HOW - for distribution.pdf
Digital Transformation in PLM - WHAT and HOW - for distribution.pdfDigital Transformation in PLM - WHAT and HOW - for distribution.pdf
Digital Transformation in PLM - WHAT and HOW - for distribution.pdf
 
What is the TDS Return Filing Due Date for FY 2024-25.pdf
What is the TDS Return Filing Due Date for FY 2024-25.pdfWhat is the TDS Return Filing Due Date for FY 2024-25.pdf
What is the TDS Return Filing Due Date for FY 2024-25.pdf
 
anas about venice for grade 6f about venice
anas about venice for grade 6f about veniceanas about venice for grade 6f about venice
anas about venice for grade 6f about venice
 
Affordable Stationery Printing Services in Jaipur | Navpack n Print
Affordable Stationery Printing Services in Jaipur | Navpack n PrintAffordable Stationery Printing Services in Jaipur | Navpack n Print
Affordable Stationery Printing Services in Jaipur | Navpack n Print
 
20240425_ TJ Communications Credentials_compressed.pdf
20240425_ TJ Communications Credentials_compressed.pdf20240425_ TJ Communications Credentials_compressed.pdf
20240425_ TJ Communications Credentials_compressed.pdf
 
FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134
 
Filing Your Delaware Franchise Tax A Detailed Guide
Filing Your Delaware Franchise Tax A Detailed GuideFiling Your Delaware Franchise Tax A Detailed Guide
Filing Your Delaware Franchise Tax A Detailed Guide
 
Business Valuation Principles for Entrepreneurs
Business Valuation Principles for EntrepreneursBusiness Valuation Principles for Entrepreneurs
Business Valuation Principles for Entrepreneurs
 
Global Interconnection Group Joint Venture[960] (1).pdf
Global Interconnection Group Joint Venture[960] (1).pdfGlobal Interconnection Group Joint Venture[960] (1).pdf
Global Interconnection Group Joint Venture[960] (1).pdf
 
Search Disrupted Google’s Leaked Documents Rock the SEO World.pdf
Search Disrupted Google’s Leaked Documents Rock the SEO World.pdfSearch Disrupted Google’s Leaked Documents Rock the SEO World.pdf
Search Disrupted Google’s Leaked Documents Rock the SEO World.pdf
 
Putting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptxPutting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptx
 
BeMetals Presentation_May_22_2024 .pdf
BeMetals Presentation_May_22_2024   .pdfBeMetals Presentation_May_22_2024   .pdf
BeMetals Presentation_May_22_2024 .pdf
 
April 2024 Nostalgia Products Newsletter
April 2024 Nostalgia Products NewsletterApril 2024 Nostalgia Products Newsletter
April 2024 Nostalgia Products Newsletter
 
Cree_Rey_BrandIdentityKit.PDF_PersonalBd
Cree_Rey_BrandIdentityKit.PDF_PersonalBdCree_Rey_BrandIdentityKit.PDF_PersonalBd
Cree_Rey_BrandIdentityKit.PDF_PersonalBd
 
Introduction to Amazon company 111111111111
Introduction to Amazon company 111111111111Introduction to Amazon company 111111111111
Introduction to Amazon company 111111111111
 
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
 
India Orthopedic Devices Market: Unlocking Growth Secrets, Trends and Develop...
India Orthopedic Devices Market: Unlocking Growth Secrets, Trends and Develop...India Orthopedic Devices Market: Unlocking Growth Secrets, Trends and Develop...
India Orthopedic Devices Market: Unlocking Growth Secrets, Trends and Develop...
 
Set off and carry forward of losses and assessment of individuals.pptx
Set off and carry forward of losses and assessment of individuals.pptxSet off and carry forward of losses and assessment of individuals.pptx
Set off and carry forward of losses and assessment of individuals.pptx
 
What are the main advantages of using HR recruiter services.pdf
What are the main advantages of using HR recruiter services.pdfWhat are the main advantages of using HR recruiter services.pdf
What are the main advantages of using HR recruiter services.pdf
 

ISO20000-1 Auditors note 【My Continuous Learning】

  • 1. 1 Jerimi (Yuko) Soma Auditors Notes for ISO20000-1 : Hypothetical Enterprise XYZ Inc. Client Name XYZ Inc. Contact Person Ms. Ichiro Tanaka (Service Manager) +81 3 1111 2222 Audit Objectives To access the implementation status and its effectiveness of the audit criteria; in view to evaluate the organization, for their potential in the growing educational market in JAPAN and other areas. Audit scope Technical Scope: - Providing platforms and applications on clouds for virtual live courses, e-learning contents for their own educational institutions for 24365 continuously. Physical Location(s): - Headquarters in the JAPAN including their office, server rooms. People: - Executive Director, BRM, Service Manager, Internal Auditor and other all employees in JAPAN Audit Criteria XYZ service management system, ISO20000-1 and intended outcomes Audit Conclusion The audit findings are listed below: Major NC: 0 item Minor NC: 1 item OFI: 4 items ・Based on the results of this audit, XYZ is recommended for certification to the ISO 20000-1:2018 by Better Life Japan Certification Corporation Positive Findings ・Top management well prepared for the SMS audit and his explanation was clear and convincing enough to the auditors. Agreed Actions ・XYZ shall respond against 1 Minor nonconformity in the next surveillance visit.
  • 2. 2 Jerimi (Yuko) Soma ・They closely work together for the SMS cycle’s continuous improvement. ・The Organization Process for Managing IT services were very detailed and it adequately showed their resiliency to their business. ・This entity may respond against 4 opportunities for improvement in the next surveillance visit, but these are optional for XYZ and not mandatory. AUDIT FIDINGS Ref. Number Report ing Date NC Description Correction Root Cause Analysis Corrective Action Plans(s) Revie w of CAP by Team Lead Revie w Date Verific ation of CAP by Team Lead Verific ation Date Action Item Resp. Target Date Minor NC Ref. Number #0001 2019/ SEP/2 Finding: 2 Internal Audits have not been conducted as planned for Business relationship and agreement processes even once since the last audit. Requirement of Standard: (Clause 9.2.1.b) The organization shall conduct internal audits at planned intervals to provide information whether the SMS: b) is effectively implemented and maintained. Evidence: ・Interview with Ms. Marry Suzuki (BRM) Will be reviewed in next Cycle Will be reviewed in next Cycle Will be reviewed in next Cycle 2019/JUL /10 2019/J UL/10
  • 3. 3 Jerimi (Yuko) Soma ・XYZ Operation Manual v1.2 page 40 “Updated Internal Audit Program 20xx” OFI Ref. Number #0002 2019/ SEP/2 Finding: Internal Audit has not conducted as planned for Continual improvement and Supply and demand processes, (it is held only once each since last year) Requirement of Standard: (Clause 9.2.1.b) The organization shall conduct internal audits at planned intervals to provide information whether the SMS: b) is effectively implemented and maintained. Evidence: ・Interview with Ms. Amy Torii(BRM) ・Interview with Mr.IchiroTanaka(Service Manager) ・XYZ Operation Manual v1.2 page 40 “Updated Internal Audit Program 20xx” Will be reviewed in next Cycle, but correction is optional. Will be reviewed in next Cycle, but correction is optional. Will be reviewed in next Cycle, but correction is optional. OFI Ref. Number #0003 2019/ SEP/2 Finding: Internal Audit results were not documented as minutes for all process even though “Procedure for Internal Audit” said as follows. Conducting Audit: Will be reviewed in next Cycle, but correction is optional. Will be reviewed in next Cycle, but correction is optional. Will be reviewed in next Cycle, but correction is optional.
  • 4. 4 Jerimi (Yuko) Soma All audit findings are documented on the Audit Report. Requirement of Standard: (Clause 9.2.2 e) The organization shall: a) plan, establish, implement and maintain an audit programme(s), including the frequency, methods, responsibilities, planning requirements and reporting, which shall take into consideration: e) retain documented information as evidence of the implementation of the audit programme(s) and the audit results. Evidence: ・XYZ Operation Manual v1.2 page 38 “Procedure for Internal Audits” OFI Ref. Number #0004 2019/ SEP/2 Finding: ・“Critical: 4 hours” in SLA was not accurate. Anyone working on weekdays and after hours and there was no exception regarding after hours and weekends was found in those documents. Requirement of Standard: (Clause 8.3.3) The organization and the customer shall agree the services to be delivered. For each service delivered, the organization Will be reviewed in the next Cycle, but correction is optional. Will be reviewed in the next Cycle, but correction is optional. Will be reviewed in the next Cycle, but correction is optional.
  • 5. 5 Jerimi (Yuko) Soma includes service level targets, workload limits and exceptions. Evidence: ・XYZ Operation Manual v1.2 page 117 “Service Level Agreement (Extract)” ・Interview with Mr. Ichiro Tanaka(Service Manager) ・Interview with Ms. Marry Suzuki(BRM) OFI Ref. Number #0005 2019/ SEP/2 Finding: None of upper management except for the Executive director involved in Management review. Requirement of Standard: (Clause 5.1) Top management shall demonstrate leadership and commitment with respect to the SMS by promoting continual improvement of the SMS and the services Evidence: ・XYZ Operation Manual v1.2 page10 “Organization Chart” ・XYZ Operation Manual v1.2 page35 “Management review record Oct. 20xx” ・XYZ Operation Manual v1.2 page 36 “Minutes” Will be reviewed in next Cycle, but correction is optional. Will be reviewed in next Cycle, but correction is optional. Will be reviewed in next Cycle, but correction is optional.
  • 6. 6 Jerimi (Yuko) Soma Check List No . Clauses Items to check What to look for GAPs/Findings from Document Reviews #1 Clause 9.2.1.b The organization shall conduct internal audits at planned intervals to provide information whether the SMS: b) is effectively implemented and maintained. ・Do you have any reasons why Internal Audits have not conducted for Business relationship and agreement processes even once since last audit? ・If those are not conducted even once, do you think there are any risks for that? ・XYZ Operation Manual v1.2 page 40 “Updated Internal Audit Program 20xx” ・Interview with Ms. Marry Suzuki (BRM) ・2 Internal Audits have not conducted as planned for Business relationship and agreement processes even once since last audit. #2 Clause 9.2.1.b) The organization shall conduct internal audits at planned intervals to provide information whether the SMS: b) is effectively implemented and maintained. ・Do you have any reasons why Internal Audits have not conducted as planned for Continual improvement and Supply and demand processes? ・If those are not conducted as planned, do you think there are any risks by that? ・Interview with Ms. Marry Suzuki (BRM) ・Interview with Mr. Ichiro Tanaka(Service Manager) ・XYZ Operation Manual v1.2 page 40 “Updated Internal Audit Program 20xx” ・Internal Audit has not conducted as planned for Continual improvement and Supply and demand processes, (it is held only once each since last year) #3 Clause 9.2.2 e) The organization shall: a) plan, establish, implement and maintain an audit programme(s), including the frequency, methods, responsibilities, planning requirements and reporting, which shall take into consideration: e) retain documented information as evidence of the implementation ・Could you please show me minutes of Internal Audit results? “Procedure for Internal Audit” said as follows. Conducting Audit: All audit findings are documented on the Audit Report. ・Don’t you think “Updated Internal Audit Program” on page 40 is not enough to align your organization policies written in “Procedure for Internal Audit”? ・XYZ Operation Manual v1.2 page 38 “Procedure for Internal Audits” ・ Internal Audit results were not documented as minutes for all process even though “Procedure for Internal Audit” said as follows. Conducting Audit: All audit findings are documented on the Audit Report.
  • 7. 7 Jerimi (Yuko) Soma of the audit programme(s) and the audit results. ・Don’t you think there are any risks by that? #4 Clause 8.3.3 The organization and the customer shall agree the services to be delivered. For each service delivered, the organization include service level targets, workload limits and exceptions. ・Do Anyone work on weekdays and after hours for incident? ・Is “Critical: 4 hours” in SLA was in XYZ Operation Manual v1.2 page 117 accurate? ・Didn’t you try to add exception for after afterhours and weekends? ・Have you ever discussed about update this discrepancy about SLA for emergency with business units? ・If no one work for weekends, how did you maintain SLA for e-learning customers? ・Don’t you think there are any risks by that? ・XYZ Operation Manual v1.2 page 117 “Service Level Agreement (Extract)” ・Interview with Mr. Ichiro Tanaka (Service Manager) ・Interview with Ms. Marry Suzuki (BRM) ・“Critical: 4 hours” in SLA was not accurate. Anyone works on weekdays and after hours and there was no exception written regarding after those was found in that documents. #5 Clause 5.1 k) Top management shall demonstrate leadership and commitment with respect to the SMS by promoting continual improvement of the SMS and the services ・Could you please explain why those 4 people were chosen to attend Management Review after last audit? ・Don’t you think they are not enough for attending MR? ・When I refer your organization chart, I can see there are 2 Vice Provosts and 6 process owners. Don’t you think those business units require to take leadership for Service Management? ・XYZ Operation Manual v1.2 page10 “Organization Chart” ・XYZ Operation Manual v1.2 page35 “Management review record Oct. 20xx” ・XYZ Operation Manual v1.2 page 36 “Minutes” None of upper management expect for Executive director involved to Management review. of the documents