May 15, 2020
Since March, we have shifted our onsite internal ISO audits to a virtual platform. We’ve successfully performed several of them and will continue to do so for the foreseeable future. The feedback from our clients and our internal auditor team has been very positive. We’d like to share some of our insights.
- Before the audit, perform a technology check between the audit team and client audit POC. Share screens, transfer presenters, etc.
- Use client’s technology so meetings with internal staff being audited can be scheduled.
- Be sure client adds audit team to invites.
- Recommend one continuous meeting for each day.
- Client can invite others to the meeting at scheduled times.
- When a client creates a separate invite for each meeting, you must leave one meeting and join another. While it can be done, it frequently becomes a timing issue.
- Audit durations are not easier when conducted virtually.
- We’ve had virtual audits from 1 – 4 days in duration. It is not easier to be virtual than onsite.
- Make the duration longer. A 1-day audit can be two half days. Break up with a day between for two or more days.
- We found sitting in a stationary position for eight hours to be too long. Ample time is necessary for breaks and lunch (“chill time”).
- When a visual audit is not possible, be sure to audit the supporting requirements.
- For physical security audits, review camera feeds or access log files.
- Ensure the audit report appropriately states the requirements unable to be audited.
- Due to varying bandwidths, we recommend using the video camera only at specific times – not throughout the meeting. This is a significant drag on technology stability.
- Ensure your mute button is activated. Various conferencing programs seem to react differently to external headsets, speakers, microphones, etc. Therefore, if you are muted on your device, you may not be muted on the actual conference. In our experience, WebEx is one of the larger programs not accepting the external device mute functions.