Dalam Kegiataan Training yang saya alami dalam waktu 5 Hari yang schedulenya Berikut:
Kegiataan Dilakukan Pada Tanggal 8 - 12 November 2021
==========================================================
Day 1
Day 1
Day 2
Day 3 dan Day 4
Day 5
Personal Sebagai Auditor
Resourcing Competency Halaman 26
Personal Character Sbgai auditor
( sesuai dengan ISO 19011 Cla 7 Competence and evaluation of auditors )
7.2 Determining auditor Competence
7.2.1 General
7.2.2 Personal behavior
a) ethical ( yaitu = Fair(adil) , truthful(jujur), sincere(tulus), honest(jujur),discreet(bijaksana)
= tell another departemen all the information seurity N/C's the last departement you audited = had- have a laugh about people getting non-conformities. lie or twist the facts to get
= someone you dont like into trouble
b) open-minded (yaitu = willing(rela) to consider alternative ideas or point of view;
c) diplomatic = tactful ( bijaksana) in dealing with individuals;
= if the auditee is worried about getting his/her document into trouble, but you find a major
= problem. be tactfull in dealing with this person it is not you im auditing, this is chance for
= improvement so we should all welcome it etc
d) observant = actively observing physical surrounding( sektarnya) and activities
e) percpective = aware(sadar) of and able to understand situations;
f) versatile(serbaguna multiporpose) = able to readliy adapt to different situations;
g) tenacios( gigih) = persistance and focus on achieving objectives;
= hasil explore lagi jngn trima
= perlu aktual lagi smpai ditrima klu ada evidance dibagian mana halamn brp point brp
= the auditor asks to see a particular sample, but the auditee provides a different one, the
= auditor accepst this and moves on
h) decisive ( menentukan ) = able to reach timely conclusion based on logical reasoning and analysis
= mampu memutuskan auditor perlu untuk berani memutuskan(bukan pokoknya
= harus clear memutuskan c / nc ( jngn tnya2 lagi / terus )
= the auditee keeps arguing and giving different axcuses and the questioning is going
= round and round, even thought(meskipun) theres is sufficient(cukup) objectives
=evidance to close the finding|
i) self-reliant(mandiri) = yaitu able to act and function independently while interacting effectively with = others;
j) able to act with fortitude( ketabahan) = yaitu able to responsibliity and ethically , even though(meskipun)
= these action may not always be popular and may sometimes result in disagreement = or confrontattion
k) open to improvment = yaitu wiling(rela) to learn from situasi
l) culturally sensitve = observent and respectful to the culture of the auditee;
= shaking a woman;s hand when this would not be appropriate, or continuing to audit
= when certain prayer times are normally adhered to . offering food/drink to the auditee
= when they are fasting
m) collaborative = yaitu effectively interacting with others, including audit team members and the auditee personal
=====================================================Personal Character Sbgai auditor
( sesuai dengan ISO 19011 Cla 7 Competence and evaluation of auditors )
7.2 Determining auditor Competence
7.2.1 General
7.2.2 Personal behavior
a) ethical ( yaitu = Fair(adil) , truthful(jujur), sincere(tulus), honest(jujur),discreet(bijaksana)
= tell another departemen all the information seurity N/C's the last departement you audited = had- have a laugh about people getting non-conformities. lie or twist the facts to get
= someone you dont like into trouble
b) open-minded (yaitu = willing(rela) to consider alternative ideas or point of view;
c) diplomatic = tactful ( bijaksana) in dealing with individuals;
= if the auditee is worried about getting his/her document into trouble, but you find a major
= problem. be tactfull in dealing with this person it is not you im auditing, this is chance for
= improvement so we should all welcome it etc
d) observant = actively observing physical surrounding( sektarnya) and activities
e) percpective = aware(sadar) of and able to understand situations;
f) versatile(serbaguna multiporpose) = able to readliy adapt to different situations;
g) tenacios( gigih) = persistance and focus on achieving objectives;
= hasil explore lagi jngn trima
= perlu aktual lagi smpai ditrima klu ada evidance dibagian mana halamn brp point brp
= the auditor asks to see a particular sample, but the auditee provides a different one, the
= auditor accepst this and moves on
h) decisive ( menentukan ) = able to reach timely conclusion based on logical reasoning and analysis
= mampu memutuskan auditor perlu untuk berani memutuskan(bukan pokoknya
= harus clear memutuskan c / nc ( jngn tnya2 lagi / terus )
= the auditee keeps arguing and giving different axcuses and the questioning is going
= round and round, even thought(meskipun) theres is sufficient(cukup) objectives
=evidance to close the finding|
i) self-reliant(mandiri) = yaitu able to act and function independently while interacting effectively with = others;
j) able to act with fortitude( ketabahan) = yaitu able to responsibliity and ethically , even though(meskipun)
= these action may not always be popular and may sometimes result in disagreement = or confrontattion
k) open to improvment = yaitu wiling(rela) to learn from situasi
l) culturally sensitve = observent and respectful to the culture of the auditee;
= shaking a woman;s hand when this would not be appropriate, or continuing to audit
= when certain prayer times are normally adhered to . offering food/drink to the auditee
= when they are fasting
m) collaborative = yaitu effectively interacting with others, including audit team members and the auditee personal
ISO 2000-1:2018 konsep
Ceklist
Klausal 4
Klausal 5
Klausal 7
Klausal 8
Klausal 9
Klausal 10
The Core elements of a management system and the interelationship betwwen context of the organization, management commitment, policy, planning, operation, performance, evaluation and continual improvment
Service Management =
-Princpile and conpcet of service management
-the rquirments of ISO /IEC 20000-1
-the relationship beetweern organization objective and the dleivery of services
- concept of organisational govertnance througg financial management and risk management
- typical issue and interested parties relevant to and SMS and services, and their typical requirments
- the influence of organizational process on service demand and the impact of changin those process
- variety of technilogies userd to deliver services
IRCA Course
Eligable To Register with IRCA(Register) annual fee - GBP 150 pa
You Have to become a member
1. Qualications plus
2. Experiance - Audit Logs ( Types of audit, How many days )
>Manfaat implementasi ISO :
- Meningkatkan Kredibilitas Perusahaan Serta Kepercayaan Pelanggan
- Meningkatkan Efektifitas pengelolaan biaya menuju penghematan biaya
- Meningkatkan Kinerja Karyawan
- Meningkatkan Image Perusahaan
- Meningkatkan Revenue Perusahaan
- Meningkatkan flexible and fast responses to market oppurtunities
- Alligment of process which will best achive desired result
- Meningkatkan Keuntungan melewati keunguntan kemampuan improved orgnanisasi
- Memahami dan memberikan motivasi people toward( terhadap) the organizational goals and objectives, as well as participation in continual improvment
- Confidence of interested parties in the security and effectivness of the organization, as demonstrated by the financial and social benefits from the organization's performance and reputation
- Ability to create value for both the organization and its suppliers through reduction of risks optimization of cost and resources, avability of information process facilities and ability to control and manage change
This course will help you :
- plan conduct and follow up auditing activites that add real value
- build stakeholder condidence by leading and managing the SMS audit process
- grasp the application of risk-based thinking , leadership and process management
- conduct a second-party SMS audit
- meet audit team leader training requirments for certification
First, Second and Third-Party Cerfitication audits
Ada 3 Domain auditor
1. First party = internal auditor Sesuai dengan ISO 27001:2013 Clausal
9 Performance Review
9.2 tentang internal auditor
2. Second Party = external auditor (customer to supplier) anak ke bapak
3. Third Party = diaudit ( independen audity ) oleh kantor lain
1. First party = internal auditor Sesuai dengan ISO 27001:2013 Clausal
9 Performance Review
9.2 tentang internal auditor
2. Second Party = external auditor (customer to supplier) anak ke bapak
3. Third Party = diaudit ( independen audity ) oleh kantor lain
Pertanyaanya perbedaanya apa dari first party, second party , third party
Approach =
Durasi =
Formality =
Objetives =
Approach =
Durasi =
Formality =
Objetives =
3party =
suppplier = goods/ services
vendor = goods / services
Service provider =
supplier = there is a aggrement - SLA/Purchsase Contract
Vendor = There is no contract
certified body /BSI/SGS/intertek / TUV / BVQI / LRQA
licensi to certifity organizations
contrack for certifications indepedent audit
1. mangmnt will submit of certifin rules - 17021
2. mgmt will follow C/B rules
Scope of certification
auditor / audit Time / Audit Durable
2nd party =
Customers expect quality delivery
customer wants = complete and comprehansive
delivery ONTIME
Assurance that they will get a qulity delivery
2nd party audit Done by customer / customer audit
internal employee of customer
MR G on Contract / KPMG / Any Consultant
Who is The auditor - does not matter
auditor is hired by customer
supply chain audits
1st party =
Management
To Do better & do more
Organization
Functions / Depts
Continual improvment
Areas of Improvment
internal Audit
Audit of internal management operations
Audit be done by anybody appointed
by management
internal staff / auditor on Contract MR.G / KPMG
inputs
1st party
-objectives, polices, process , procedure, organization documention
2nd party
contracty terms & conditions
3nd party
standrt iso 20001-1
Audit process, Generic to any management system audit, is shown above.
Also there are three main dimensions to auditing:
Assessment of documented managamanet system ( intent )
Assement of the defree of impllementation ( implementation )
Assesment of its effectivness ( Effectiveness )
Audit Main Dimensi =
1. Assesment Dokument = Assesment documented Management system ( INTENT)
2. Assesment of degree of implemntation ( IMPLEMENTATION ) = C or NC
3. Assesment of the ISMS effectivness ( EFFECTIVENESS ) =
1. Assesment Dokument = Assesment documented Management system ( INTENT)
2. Assesment of degree of implemntation ( IMPLEMENTATION ) = C or NC
3. Assesment of the ISMS effectivness ( EFFECTIVENESS ) =
Pertanyaan dasar dalam menguji dimensi
Dimensi Dokument
1. Apakah top management intend to implment and ISMS? if so how is this intent communicated ?
2. Conformance with documentation; as auditors we need to know that the organization has planned to meet the requirments
Dimensi Implementasi
1. Apakah impelentasi ISMS reflect the intent of top mangement ?
2. Conformance here is all about checking if activiies are as they are supposed, following process, procedures, policies, protokols etc
Dimensi Effectivnes
1. Apakah impelemntasi ini effective ?( i.e does it meet the parameters established by the intent )
2. Conformance here is in the effectivness of the management system - is it on target to deliver the organisasi internal and external informatino security requirments >
3. Continual improvments - as auditors we want to see that the system is healty and self healing; if there are problems they are address, and that there is a continual focus on how the system could be improved
Dimensi Dokument
1. Apakah top management intend to implment and ISMS? if so how is this intent communicated ?
2. Conformance with documentation; as auditors we need to know that the organization has planned to meet the requirments
Dimensi Implementasi
1. Apakah impelentasi ISMS reflect the intent of top mangement ?
2. Conformance here is all about checking if activiies are as they are supposed, following process, procedures, policies, protokols etc
Dimensi Effectivnes
1. Apakah impelemntasi ini effective ?( i.e does it meet the parameters established by the intent )
2. Conformance here is in the effectivness of the management system - is it on target to deliver the organisasi internal and external informatino security requirments >
3. Continual improvments - as auditors we want to see that the system is healty and self healing; if there are problems they are address, and that there is a continual focus on how the system could be improved
Main Area
Preparation - before the audit
Communcation - during the audit
Collection and verifying findings
Conclusions - from findings
Reporting - preparation and distribution
Follow up - check findings are closed
P.E.R.C =
Planing
Execute
Reporting
Close out/down findings
P.E.R.C =
Planing
Execute
Reporting
Close out/down findings
Audit Objectives, Scopes, And Criteria
Determine Objectives, Criteria and Scope
Competency
Audit Method
Yang Perbedaan point2 adalah =
Cost
Safety
Complexcity
Dokumen Review Audit
Stage 1
Audit Proses
Opening Meeting
- U/S the orgn
.... to look = jangan ditnyakana lagi
.... to look = jangan ditnyakana lagi
Communication
Closing Meeting
Purpose of SMS and benefits of improving service performance
ISO 20000 Series
Terminology
Relationship between PDCA and ISO 20000-1
Policy adalah
Compliance dan conformance
Role of the auditor SMS
in evaluating the organization capability
Dokumented information
Dokumen information
initiating Audit
Penjelasan klausal
Audit Plan
Ingat Mario
Management - Activites - Resource - inputs - output = MARIO
Management - Input - Akttivities - output - Resource = MIAOR
Case Study
SM Process
Case Study For Termonology
Study
BRM ( Bisnis Relationship Management ) escalation proses
incident Management
Nonconformity
Corrective Action
==================================================================
Case Study from Service avability
==========================================
Closing Meeting
Specimen Exam
=======================================================
4.1 =
4.2
4.3
===========================================
2.1 b)auditor will raise NC
auditor will not bring details
2.2 a)
thank you very much to this is gift sir
but soryy i cant take it because, we have the audit conduct should be consider to impact in object impartiality
don't worry about this audit
2.3
look an service management
audit compentency
from consultancy
from local training
they are indenpent tidak ada kepentingan
to be understanding the bisnis
to be understanding the standart
no conflict interest
they have it knowledge
high level - indenpendet - competency ( service management - service management standrt - it knowledge - bisnis knowledge - bisnis avability knowledge )
2.4
Try to find out the respon respon management why in the audit plan delete this departement
we can audit for improvment
learning SMS by the team
concern for improve cant skip this area
we try to ask corective action plany
3.1
They reason that they are not requirment
they dont maintan the record
they dont capacity management
they dont comparing capacity management and demand management
3.2
All done by auditee
1. respond 1. React and deal with the consequence
2. Reactify and correct
2. cause analysis 3. Determined 3.1 Actions to prevent ( RE-occurance )
3.2 Actions to Prevent
Occurance elsewhere
Potential occurance
3. Take action / implmenet the actions in 3.1 & 3.2
4. Review the actions taken for effectivness
5. Record the actions taken
1. Auditor Reports NC
2. Audtee Actions to be taken
3. Auditee prepare corr action plan & Sends to auditor
4. auditor will verify CAPplan to see it address the NC reported
auditor will confirm
5. Auditee will take actions
6. Auditee will inform auditor that actions has been complated
7. auditor will close out the NC
3.3
from klausal 5 kepemimpinan
dari klausal ini memabuat pertanyaan
No comments:
Post a Comment