MySEF is a MS ISO/IEC17025 accredited laboratory since 2010. Thus, MySEF goes through frequent audits by the Department of Standards Malaysia and the yearly internal audits. On top of that, as one of the departments under CyberSecurity Malaysia which is MS ISO/IEC 27001 certified, MySEF also goes through internal and external MS ISO/IEC 27001 audits.
In order to help MySEF staff prepare for the audits, an audit preparation checklist has been prepared to be used when preparing for the audits, be it MS ISO/IEC 17025 audits and MS ISO/IEC 27001 audits internal or external.
| Person in charge: ITTS Unit | |||||
| No. | Item to check | In order? Yes (/) | In order? No (X) | Person in charge | Remarks |
| 1. | Review access by HOD (1x a year). Ensure access is given/revoked for new staff/trainee and User Access Matrix/Access Control List /Audit Trails is updated accordingly: | ||||
| File Server Access | ITTS | ||||
| Door Access | ITTS | ||||
| MyQuest System Access | Syikin | ||||
| Temperature Monitoring System | ITTS | ||||
| MySEF VPN | ITTS | ||||
| 2. | Ready all systems to show if requested by auditor. | ITTS | |||
| 3. | All related documents’ (procedures, guidelines etc) contents are current and we practise what is documented: | ||||
| MySEF Test Lab Safety Procedure | ITTS | ||||
| MySEF Infrastructure Procedure | ITTS | ||||
| MySEF Test Lab Guideline for Evaluation and Testing | ITTS | ||||
| MySEF Fileserver Access Control Procedure | ITTS | ||||
| MySEF Backup & Restoration Procedure | ITTS | ||||
| MySEF Change Management Guideline | ITTS, Quality | ||||
| 4. | MySEF Test Lab Access | ||||
| Actual access and forms (previous projs that did not use MyQuest and also projects that are not registered in MyQuest) are in order. Please ensure access for completed projects and for those not involved anymore in projects are revoked. | ITTS | ||||
| 5. | Monthly Report (until <current date>) | ITTS | |||
| 6. | Asset Register – all assets and info in system are in order. All equipment are labelled accordingly. | ITTS | |||
| 7. | Ready records for System Maintenance & Validation for the following systems (once a year): | ||||
| File Server | ITTS | ||||
| MyQuest | ITTS | ||||
| 8. | Door access system | ITTS | |||
| 9. | Monitor backup notification email and ensure backups are running and ready the record: | ||||
| Fileserver | ITTS | ||||
| MyQuest | ITTS | ||||
| 10. | Info: Do not mention anything about Synology usage because the server is not maintained properly yet (no backup etc). | ITTS | |||
| 11. | Adherence of systems to CSM password policy. Refer actions in filled-in CSM Password Compliance Form for MySEF. | ITTS | |||
| 12. | UPS Testing (1x a year) | ITTS | |||
| 13. | Visitor log book – ensure time in, time out and other details are recorded. | ITTS | |||
| 14. | Store cabinet & lab keys (in designated Key Boxes (Quality & Lab Keys) at Common Room and ensure both Key Boxes are locked at all times. | ITTS, Quality | |||
| 15. | Ensure all labs and Server Room are neat and in order. | ITTS | |||
| 16 | Ensure listing in the Asset Management System updated as per current implementation | ITTS | |||
| 17 | Record proposed and approval for any changes in the relevant records for changes on (refer MySEF Change Management Guideline) : a. MySEF network segment b. Access control for MySEF Fileserver c. Configuration for any network and system devices d. New technology adoption such as IoT, Cloud e. Website and systems. Note: The guideline will be updated to include changes for website and systems.This guideline was created to align with MySEF processes, rather than following CSM SOP for Change Request Management which is more suitable for STS operations. | ITTS | |||
| Person in charge: Operation & Project Management Unit/Research Unit(if applicable) | |||||
| No. | Item to check | In order? Yes (/) | In order? No (X) | Person in charge | Remarks |
| 1. | Prepare and ensure all projects are in order (especially those that will be audited). | LE | |||
| 2. | Ensure equipment & TOE in test lab used for current projs and closed projs but still have TOE available, are labelled (using proj label) accordingly. | LE | |||
| 3. | For projects that are sharing the same lab, please ensure there is separation area and are labelled so they are distinguishable, and implement other controls if necessary. | LE | |||
| 4. | Ensure evaluation records (e.g EPP, schedule, agreement, quotation, workbook, TPR, ETR, ECR, Item Entry/Exit etc) are in order and uploaded in MyQuest. | LE | |||
| 5. | Ensure CRF & Customer Feedback are maintained & uploaded in MyQuest. | PME (Athirah) | |||
| 6. | Ensure pitching evaluation, pre-project and ongoing project risk assessment, agreement are done and stored in designated folders in FS/Synology. | Hisyam | |||
| 7. | Update project list in Control Register, ensure that the assigned evaluator and lab are updated accordingly. Put justification if sharing lab. | Hisyam | |||
| 8. | Please ensure that team members have acknowledged NCOI in MyQuest. | Hisyam | |||
| 9. | Ensure test lab access is given (instruction by Hisyam via MyQuest/outside MyQuest and access given by ITTS) | Hisyam & ITTS | |||
| 10. | Ensure test lab access is revoked for completed projects (instruction by Hisyam via MyQuest/outside MyQuest and revoked by ITTS) | Hisyam & ITTS | |||
| 11. | Ensure procurement folder in FS is in order. Inclusive of procurement matters in Cybernet. | Atikah | |||
| 12. | Preparation for Witnessing of Test Note: Applicable only for ISO/IEC 17025 audits | SE & RL | |||
| Person in charge: Quality Unit | |||||
| No. | Item to check | In order? Yes (/) | In order? No (X) | Person in charge | Remarks |
| 1. | Ensure all documents’ contents are current and we practise what is documented | All | |||
| 2. | Ensure all documents are maintained accordingly (including external reference docs) | Syikin | |||
| 3. | Ensure all records are maintained accordingly | Sheera | |||
| 4. | Check any pending actions from CompSuite | Syikin | |||
| 5. | Ready records for Information Security Objective, Internal/External Issues, Interested parties Note: Applicable only for ISMS audits | Sheera | |||
| 6. | Ready records for MySEF BCM activities | Syikin | |||
| 7. | Perform ISMS Pre-Audit Checklist Exercise Note: Applicable only for ISMS audits | Sheera | |||
| 8. | Check Issues from MRM | Kak Nina | |||
| 9. | Perform effectiveness for CA forms in MyQuest | Kak Nina | |||
| 10. | Update Control Register | Kak Nina | |||
| 11. | Check status of pending CAs | Kak Nina | |||
| 12. | Follow up with ISMAD for closure signature of CPA from ISMS audit | Syikin | |||
| 13. | Ensure User Access Matrix for MyQuest is in order | Syikin | |||
| 14. | Update improvement register | Syikin | |||
| 15. | Ensure New and Exit Checklist Form is filled-in for new/resigned staff/trainee. | Syikin | |||
| 16. | Update training plan | Syikin | |||
| 17. | Ensure all JD are updated accordingly | Syikin | |||
| 18. | Before audit, check all test labs and Server Room. Also to check all assets are labelled | Sheera | |||
| 19. | Before audit, perform quality checking for all ongoing projects and completed project, test labs and server room. | Sheera | |||
| 20. | Ask HoUs for updated Competency Register (if any) | Sheera | |||
| 21. | Ensure Test Tool Register is maintained and updated accordingly. | Sheera | |||
| 22. | Check Approved Signatory Competency Register Note: Applicable only for ISO/IEC 17025 audits | Kak Nina | |||
| 23. | Ensure ILC records and planning are available Note: Applicable only for ISO/IEC 17025 audits | Kak Nina | |||
| 24. | Liaise with Standards Malaysia (for ISO/IEC 17025 external assessment): a. Arrange assessment date b. Prepare MySEF copy of scope of accreditation c. Prepare ILC planning for 3 years (for reassessment) At the end of audit: d. Upload signed scope of accreditation e. Upload signed DO f. Upload attendance list Note: Applicable only for ISO/IEC 17025 audits | Kak Nina | |||
Prepared by:
Zarina Musa
MySEF Quality Manager