Establish, implement, and maintain a service delivery and production process Quality Management program.
CONTROL ID 07194
CONTROL TYPE Business Processes
CLASSIFICATION Detective
SUPPORTING AND SUPPORTED CONTROLS
This Control directly supports the implied Control(s):
Establish, implement, and maintain production process control procedures., CC ID: 06209
This Control has the following implementation support Control(s):
Include consumer safety quality improvement projects in the service delivery and production process Quality Management program., CC ID: 07195
Assign interested personnel and affected parties to service delivery and production process quality improvement projects, as necessary., CC ID: 07197
SELECTED AUTHORITY DOCUMENTS COMPLIED WITH
The organization should ensure products are delivered in accordance with the delivery procedures in associated documentation. (Control: 0285, Australian Government Information Security Manual: Controls)
The organization must contact the Defence Signals Directorate and comply with the product specific delivery procedures, if it is procuring high assurance products and High Grade Cryptographic Equipment. (Control: 0286, Australian Government Information Security Manual: Controls)
The organization must maintain a quality management program that promotes objective and systematic measurement,monitoring and evaluation of services and implements quality improvement activities based upon the findings. (CORE - 17, URAC Health Utilization Management Standards, Version 6)
At any given time, the organization must maintain no less than two quality improvement projects that address opportunities for error reduction or performance improvement related to the services covered by the accreditation. (CORE - 22, URAC Health Utilization Management Standards, Version 6)
the products and services of the organization. (4.3 ¶ 2(c), ISO 9001 Quality Management systems - Requirements, Fifth edition 2015-09-15)
improving products and services to meet requirements as well as to address future needs and expectations; (10.1 ¶ 2(a), ISO 9001 Quality Management systems - Requirements, Fifth edition 2015-09-15)
process performance and conformity of products and services; (9.3.2 ¶ 1(c)(3), ISO 9001 Quality Management systems - Requirements, Fifth edition 2015-09-15)
the validation, and periodic revalidation, of the ability to achieve planned results of the processes for production and service provision, where the resulting output cannot be verified by subsequent monitoring or measurement; (8.5.1 ¶ 2(f), ISO 9001 Quality Management systems - Requirements, Fifth edition 2015-09-15)
the implementation of release, delivery and post-delivery activities. (8.5.1 ¶ 2(h), ISO 9001 Quality Management systems - Requirements, Fifth edition 2015-09-15)
be relevant to conformity of products and services and to enhancement of customer satisfaction; (6.2.1 ¶ 2(d), ISO 9001 Quality Management systems - Requirements, Fifth edition 2015-09-15)
the methods for monitoring, measurement, analysis and evaluation, as applicable, to ensure valid results; (Section 9.1 ¶ 1(b), ISO/IEC 19770-1, Information technology â IT asset management â Part 1: IT asset management systems â Requirements, Third Edition, 2017-12)
adherence to and suitability of the service management policy and other policies required by this document; (§ 9.3 ¶ 2(f), ISO/IEC 20000-1:2018, Information technology â Service management âPart 1: Service management system requirements, Third Edition)
performance of the services; (§ 9.3 ¶ 2(h), ISO/IEC 20000-1:2018, Information technology â Service management âPart 1: Service management system requirements, Third Edition)
the methods for monitoring, measurement, analysis and evaluation, as applicable, to ensure valid results; (§ 9.1 ¶ 1(b), ISO/IEC 20000-1:2018, Information technology â Service management âPart 1: Service management system requirements, Third Edition)
when the results from monitoring and measurement shall be analysed and evaluated. (§ 9.1 ¶ 1(d), ISO/IEC 20000-1:2018, Information technology â Service management âPart 1: Service management system requirements, Third Edition)
The organization shall evaluate the SMS performance against the service management objectives and evaluate the effectiveness of the SMS. The organization shall evaluate the effectiveness of the services against the service requirements. (§ 9.1 ¶ 3, ISO/IEC 20000-1:2018, Information technology â Service management âPart 1: Service management system requirements, Third Edition)
Where the root cause has been identified, but the problem has not been permanently resolved, the organization shall determine actions to reduce or eliminate the impact of the problem on the services. Known errors shall be recorded. Up-to-date information on known errors and problem resolutions shall… (§ 8.6.3 ¶ 4, ISO/IEC 20000-1:2018, Information technology â Service management âPart 1: Service management system requirements, Third Edition)
The release shall be deployed into the live environment so that the integrity of the services and service components is maintained. (§ 8.5.3 ¶ 5, ISO/IEC 20000-1:2018, Information technology â Service management âPart 1: Service management system requirements, Third Edition)
The new or changed services shall be built and tested to verify that they meet the service requirements, conform to the documented design and meet the agreed service acceptance criteria. If the service acceptance criteria are not met, the organization and interested parties shall make a decision on … (§ 8.5.2.3 ¶ 1, ISO/IEC 20000-1:2018, Information technology â Service management âPart 1: Service management system requirements, Third Edition)
how the effectiveness of the SMS and the services will be measured, audited, reported and improved. (§ 6.3 ¶ 2(h), ISO/IEC 20000-1:2018, Information technology â Service management âPart 1: Service management system requirements, Third Edition)
Procedures for expedited re-credit. (App A Tier 2 Objectives and Procedures M.2 Bullet 3, FFIEC IT Examination Handbook - Retail Payment Systems, April 2016)
