| || |
In my procedures manual I have a short procedure on Risk Management and I went thru an audit, ant the auditor stated that I need a more detailed procedure. I have searched the internet and all I find is for Medical. I am in the manufacturing of downhole tools. Could some one please help me with this.
You'll want your auditor to tell you that, especially if your company is paying him/her.
Some things you want to consider..
* What is your release process? How does code go from dev, to testing, to release? Which groups of people are involved with each step?
* What is your change control process? How do you track what is done, and in what stage is the work in, and when it gets deployed? Who approves the changes?
* What is your testing, review and certification process? What check lists of things you do every release? Security? Compliance? Etc...
* What is your recovery procedures? Database recovery? Code rollback? etc...
* How are things documented? Do you use tracking to track who did what and when for every step of the way?