Back

Assess customer satisfaction.


CONTROL ID
00652
CONTROL TYPE
Testing
CLASSIFICATION
Detective

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain logging and monitoring operations., CC ID: 00637

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • The organization should implement a mechanism to collect or obtain information about consumer satisfaction with services provided by the organization. (CORE - 39, URAC Health Utilization Management Standards, Version 6)
  • Establish a service desk function, which is the user interface with IT, to register, communicate, dispatch and analyse all calls, reported incidents, service requests and information demands. There should be monitoring and escalation procedures based on agreed-upon service levels relative to the app… (DS8.1 Service Desk, CobiT, Version 4.1)
  • The organization should monitor the medical network for performance feedback and operational feedback, such as high error rates, user feedback, speed problems, and malicious software attacks. (§ 4.6.1 ¶ 2(b), Application of risk management for IT-networks incorporating medical devices Part 1: Roles, responsibilities and activities, Edition 1.0 2010-10)
  • § 5.2: Top management shall ensure customer requirements are determined and they have been met. § 8.2.1: The organization shall determine methods to obtain and use information relating to whether the organization has met the customer requirements as a measurement of the quality management system p… (§ 5.2, § 8.2.1, ISO 13485:2003 Medical devices -- Quality management systems -- Requirements for regulatory purposes, 2003)
  • The organization shall assess customer satisfaction. (§ 6.2.5.3(b)(1), ISO 15288-2008 Systems and software engineering - System life cycle processes, R 2008)
  • The organization shall continuously or routinely assess customer satisfaction. (§ 6.4.9.3(e)(1), ISO 15288-2008 Systems and software engineering - System life cycle processes, R 2008)
  • The service provider shall review service performance with the customer at predetermined time periods. (§ 7.1 ¶ 4, ISO 20000-1, Information Technology - Service Management - Part 1: Service Management System Requirements, Second Edition)
  • The service provider shall measure customer satisfaction based on a representative sample of customers and users at predefined time periods. (§ 7.1 ¶ 7, ISO 20000-1, Information Technology - Service Management - Part 1: Service Management System Requirements, Second Edition)
  • the focus on enhancing customer satisfaction is maintained. (5.1.2 ¶ 1(c), ISO 9001 Quality Management systems - Requirements, Fifth edition 2015-09-15)
  • the degree of customer satisfaction; (9.1.3 ¶ 2(b), ISO 9001 Quality Management systems - Requirements, Fifth edition 2015-09-15)
  • customer satisfaction and feedback from relevant interested parties; (9.3.2 ¶ 1(c)(1), ISO 9001 Quality Management systems - Requirements, Fifth edition 2015-09-15)
  • At planned intervals, the organization shall measure satisfaction with the services based on a representative sample of customers. The results shall be analysed, reviewed to identify opportunities for improvement and reported. (§ 8.3.2 ¶ 4, ISO/IEC 20000-1:2018, Information technology — Service management —Part 1: Service management system requirements, Third Edition)
  • feedback from customers and other interested parties; (§ 9.3 ¶ 2(e), ISO/IEC 20000-1:2018, Information technology — Service management —Part 1: Service management system requirements, Third Edition)
  • (Pg 69, COSO Enterprise Risk Management (ERM) Integrated Framework (2004))
  • (Obj 1.5, Obj 4.3, FFIEC IT Examination Handbook - E-Banking, August 2003)
  • Determine the quality of customer service and support provided to customer institutions by: ▪ Reviewing management reports used to monitor customer service or reported problems, ▪ Reviewing complaint files and methods used to handle complaints, ▪ Evaluating the extent of user group activity an… (Exam Obj 7.4, FFIEC IT Examination Handbook - Management)
  • Management should review the metrics to assess customer satisfaction. (Pg 39, FFIEC IT Examination Handbook - Operations, July 2004)
  • Gather feedback on customer satisfaction and internal service performance to foster continual improvement. (T0377, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Gather feedback on customer satisfaction and internal service performance to foster continual improvement. (T0377, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)
  • The organization should measure its information technology performance. The measurements should measure how well the information technology supports the organization. (§ III (Clinger-Cohen Act of 1996), OMB Circular A-123, Management's Responsibility for Internal Control)
  • Bank management develop and maintain a plan to ensure that key employees and vendors have the expertise and skills to perform necessary functions and that they are properly trained. Management should allocate sufficient resources to hire and train employees and to ensure that adequate back-up exists… (¶ 36, Technology Risk Management Guide for Bank Examiners - OCC Bulletin 98-3)