Back

Establish and maintain an overall Quality Management standard.


CONTROL ID
01006
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Establish and maintain a Quality Management framework., CC ID: 07196

This Control has the following implementation support Control(s):
  • Document the measurements used by Quality Assurance and Quality Control testing., CC ID: 07200


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • App 2-1 Item Number VI.3.2(1): Performance results must be analyzed and evaluated against the quality management plan at the completion of each phase to verify the operations are performed as planned and the objectives were achieved. The analysis and evaluation results must be approved by the projec… (App 2-1 Item Number VI.3.2(1), App 2-1 Item Number VI.3.2(2), Appendix 1 Correspondence of the System Management Standards - Supplementary Edition to other standards)
  • The organization, as part of its quality mangangent program, should provide written documentation of objectives and approaches utilized in the quality management activities. (CORE- 21(a), URAC Health Utilization Management Standards, Version 6)
  • Establish and maintain a QMS that provides a standard, formal and continuous approach regarding quality management that is aligned with business requirements. The QMS should identify quality requirements and criteria; key IT processes and their sequence and interaction; and the policies, criteria an… (PO8.1 Quality Management System, CobiT, Version 4.1)
  • Maintain and regularly communicate an overall quality plan that promotes continuous improvement. (PO8.5 Continuous Improvement, CobiT, Version 4.1)
  • The high-level working group, committee, or equivalent body should support the chief information security officer (or equivalent) in establishing the organization's overall approach to information security by promoting continuous improvement in information security throughout the organization. (SG.01.02.06b, The Standard of Good Practice for Information Security)
  • Quality Assurance of the system under development should be performed from the beginning, and throughout each stage, of the development process. (CF.17.03.03, The Standard of Good Practice for Information Security)
  • Quality Assurance of the system under development should be performed from the beginning, and throughout each stage, of the development process. (CF.17.03.03, The Standard of Good Practice for Information Security, 2013)
  • The high-level working group, committee, or equivalent body should support the chief information security officer (or equivalent) in establishing the organization's overall approach to information security by promoting continuous improvement in information security throughout the organization. (SG.01.02.06c, The Standard of Good Practice for Information Security, 2013)
  • The organization shall establish and maintain a quality manual that includes the procedures, or a reference to them, for the quality management system; the scope, including details and justification for exclusions and/or non-applications; and a description of the process interactions. The manual sha… (§ 4.2.2, ISO 13485:2003 Medical devices -- Quality management systems -- Requirements for regulatory purposes, 2003)
  • Top management shall ensure the quality management system planning is carried out and the quality management system integrity is maintained when changes are planned and implemented. (§ 5.4.2, ISO 13485:2003 Medical devices -- Quality management systems -- Requirements for regulatory purposes, 2003)
  • The organization shall develop a quality plan for the project. (§ 6.3.1.3(c)(2), ISO 15288-2008 Systems and software engineering - System life cycle processes, R 2008)
  • For software systems assigned to Class A, Class B, and Class C software safety classes, the medical device manufacturer shall reference or include the following verification information in the software development plan: which deliverables require verification; for each lifecycle activity, the requir… (§ 5.1.6, ISO 62304 - 2006 Medical device software - Software life cycle processes, 2006)
  • ensuring that the quality policy and quality objectives are established for the quality management system and are compatible with the context and strategic direction of the organization; (5.1.1 ¶ 1(b), ISO 9001 Quality Management systems - Requirements, Fifth edition 2015-09-15)
  • determine and apply the criteria and methods (including monitoring, measurements, and related performance indicators) needed to ensure the effective operation and control of these processes; (4.4.1 ¶ 2(c), ISO 9001 Quality Management systems - Requirements, Fifth edition 2015-09-15)
  • The organization shall establish quality objectives at relevant functions, levels and processes needed for the quality management system. (6.2.1 ¶ 1, ISO 9001 Quality Management systems - Requirements, Fifth edition 2015-09-15)
  • A medical device manufacturer shall establish a quality plan defining the quality resources, practices, and activities for the devices it designs and manufactures. They shall establish how the quality requirements will be met. (§ 820.20(d), 21 CFR Part 820, Subchapter H - Medical Devices, Part 820 Quality System Regulation)
  • The quality assurance procedures should be applied to internal and external programs. (Pg 9, Pg 10, FFIEC IT Examination Handbook - Development and Acquisition)
  • Bank management should establish procedures to ensure that quality assurance efforts take place and that the results are incorporated into future planning in order to manage and limit excessive risk taking. These procedures may include, for example, internal performance measures, focus groups and cu… (¶ 44, Technology Risk Management Guide for Bank Examiners - OCC Bulletin 98-3)