In an April 16th blog post we introduced the use of E-audits or Remote auditing for internal audits. As social distancing becomes the norm for the foreseeable future, the use of remote audits will expand to include registration audits and customer audits. As the use of remote audits increases, the practices associated with these audits must evolve to be more effective, less clumsy and provide a safer environment for all involved.
Based on recent experiences with remote audits as well as feedback received from clients, there are a number of lessons and suggestions to be considered when hosting remote audits. These improvements have to do with security, record sharing, technology and the ability for the auditor to view processes as they occur.
Remote review of documents and records creates a situation where file sharing must occur between the client organization and the auditor. There are several options for file sharing listed below which progress from the most secure to the least secure;
- Records stored at client site, providing access to auditor in your secure site
- Records stored at a cloud site (such as Dropbox) managed and secured by client
- Sending records to auditor in an encrypted format, the auditor would manage the files and delete them at conclusion of the audit
- Auditor establishes a secure cloud site (such as OneDrive) and records are shared at this site
These are the most common and straightforward practices we are aware of for sharing documents that do not require a great deal of expense.
Both Dropbox and OneDrive have good security in their basic offering. However, there are increased security options for these products by using Dropbox for Business, and SharePoint in place of OneDrive.
When it comes to the logistics of the audit, these additional steps that should be taken prior to the audit:
- Pre-agreement and approval between client and audit agency for the file sharing solution from above
- A signed NDA
- Language in the contract which describes the policies and actions such as deleting the files when audit is completed
- The audit will require some method of streaming, that is, using a device such as an iPhone or Notebook that will be used for the remote auditor to view the process and ask questions of the auditee.
- Establish a plan for streaming the process. Define who will handle the device and determine if the device can be handed off from one individual to another.
- Potentially require use of gloves when handling the device
- Test the ability to effectively stream both audio and video from within the plant taking into consideration possible factory noise, strength of the wireless network or cellular signal strength, etc.
- Review the area to be streamed and ensure there are no other security sensitive products or processes that might be inadvertently captured in the streaming
- Establish the in-house individuals who will support the audit
We are all in this together; if any of our clients or partners have successfully implemented changes regarding these concepts and are willing to share with the WNY manufacturing community, we are asking you to submit them to us and we can share these best practices with all the manufacturers in our community. Descriptions, photos, examples, etc. would be beneficial and we can give you credit for any submissions that would be published.
Please submit any ideas to: firstname.lastname@example.org
Read more of Insyte’s #ReopenWNY blog series:
Reopen WNY: Getting Started Within New Guidelines – Recently we received the long awaited announcement that manufacturers within WNY are now allowed to reopen. Along with this good news, there are some required constraints to protect against the spread of COVID-19.
Reopen WNY: Covid-19 Visual Controls – As your employees start coming back and settling into their existing or new jobs, the time is right to think about enhancing your visual controls.
Reopen WNY: The New Office Environment – With an estimated 60+% of employed Americans working from home during the pandemic, the latest wave of change surrounds getting these people safely back to the office.
Reopen WNY: Touchless Visitor Sign In – If you are considering a visitor management system, this blog highlights those that offer touchless options & are compliant with NYS COVID-19 guidelines.
Reopen WNY: Workplace Activity – As manufacturers work to reopen their facilities and begin production, New York state has issued the Reopen NY Master Guidance for Manufacturing Activities.
Reopen WNY: Managing Cyber Risks – Manufacturers are often seen by threat entities as a pathway into larger industries and government agencies. With high risk, but limited resources and budgets, manufacturers need actionable, cost-effective guidance and assistance to manage their cybersecurity risks.