Content library
Process management and monitoring
Process documentation and owner assignment

Other tasks from the same security theme

Task name
Priority
Status
Theme
Policy
Other requirements
Process documentation and owner assignment
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Quality and processes
Process management and monitoring
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Process documentation and owner assignment
1. Task description

Organisation must maintain a listing of main processes related to QMS, delivering it's products / services and maintaining its operations. Process owners are designated for each process and they are responsible for completing the related documentation and possible other quality actions directly related to the process.

Process documentation must include at least:

  • Process purpose
  • Link to a more detailed drawing / description of process sequences
  • Required inputs and expected outputs
  • Connected resources (e.g. data systems, data stores and sets, units, sites, partners and other assets)
  • Metrics used to monitor the operating and efficiency of the process
  • Other major actions taken related to the process (e.g. analyzed risks, planned / executed improvements or changes)
Defining process monitoring and related metrics
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Quality and processes
Process management and monitoring
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Defining process monitoring and related metrics
1. Task description

The organization has determined criteria and methods (e.g. monitoring actions, measurements or other related process metrics) needed to ensure the effective operation and control of its main processes.

These methods and criteria are being actively applied to have condifence that processes are being carried out as planned. Organization regularly documents the carried out monitoring / metering actions to have documented information about process monitoring.

Documentation and treatment of non-conforming outputs from processes
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Quality and processes
Process management and monitoring
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Documentation and treatment of non-conforming outputs from processes
1. Task description

The organization has defined the actions to identify and control outputs that do not conform to their requirements to prevent their unintended use or delivery. The organization takes appropriate actions based on the nature of the non-conformity and its effect on the conformity of products / services.

All non-conforming outputs are treated in one or more of the following ways:

  • correction
  • segregation, containment, return or suspension of provision of products and services
  • informing the customer
  • obtaining authorization for acceptance under concession

Conformity to the requirements shall be verified when nonconforming outputs are corrected.

The organization maintains documentation about non-conforming outputs, actions taken, concessions obtained and the authority deciding the action in respect of the non-conformity.

Identification and evaluation criteria of externally provided functions
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Quality and processes
Process management and monitoring
2
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Identification and evaluation criteria of externally provided functions
1. Task description

The organization documents relevant externally provided processes, products and services similarly as others in the quality management system. The organization needs to similarly ensure these processes conform to requirements.

Externally provided processes, products and services are relevant when:

  • a whole process (or part of a process) is provided by an external provider as a result of a decision by the organization
  • a product / service from an external provider is intended for incorporation into the organization’s own products and services
  • a product / service is provided directly to customers by external providers

The organization has determined the general criteria for the evaluation, selection, monitoring of performance, and re-evaluation of external providers, based on their ability to provide processes or products and services in accordance with requirements.

The organization documents these externally provided processes, products and services in the quality management system and logs any evaluation activities and necessary actions arising in the documentation cards.

Process evaluations and change management
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Quality and processes
Process management and monitoring
3
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Process evaluations and change management
1. Task description

The organization needs to evaluate the suitability of its processes continually to make sure they achieve their intented results. When any significant changes to processes are deemed necessary, they are documented in the quality management system.

In systematic quality work, all significant changes to processes are implemented in a controlled manner. The impact of changes is first assessed, their ownership is assigned and the execution is monitored.

Process sequences and related procedures
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Quality and processes
Process management and monitoring
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Process sequences and related procedures
1. Task description

The organization needs to document process sequences for each process related to the quality management system, which illustrates the sequential flow of activities within a process.

Sequences should display the interactions of different processes and they should be detailed enough, so that the organization can use them for monitoring and having confidence that the processes are being carried out as planned.

Requirements and related communication to external providers
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Quality and processes
Process management and monitoring
2
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Requirements and related communication to external providers
1. Task description

The organization has defined how it clearly communicates quality requirements to relevant external providers.

Controls for externally provided functions
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Quality and processes
Process management and monitoring
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Controls for externally provided functions
1. Task description

The organization ensures that externally provided processes, products and services do not negatively affect the ability to deliver conforming products and services to its customers.

To enable this, the organization documents in its quality management system for each externally provided process, product or service:

  • controls applied to this external provider
  • controls applied to the outputs of this external provider
  • verification necessary to ensure that the externally provider (and outputs) meet requirements

The controls should be proportionate to the potential impact of the related activities on organization's quality and take into account the effectiveness of the controls applied by the external provider themselves.

Fitness for purpose of the monitoring and measurement resources
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Quality and processes
Process management and monitoring
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Fitness for purpose of the monitoring and measurement resources
1. Task description

When organization uses monitoring and measurement resources to verify product / service conformity, the organization has determined:

  • what are the needed monitoring and measurement resources
  • how it provides them
  • how it ensures valid and reliable results

The organization shall ensure that monitoring and measurement resources provided:

  • are suitable for the specific type of monitoring and measurement activities being undertaken
  • are maintained to ensure their continuing fitness for their purpose

The organization has documented relevant monitoring and measurement resources in the quality management system and shall document all relevant evidence when verifying their fitness for purpose is on the related documentation cards in the QMS.

Ensuring suitable environment for operating processes
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Quality and processes
Process management and monitoring
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Ensuring suitable environment for operating processes
1. Task description

The organization has determined suitable operating environments for its processes, to be able to produce and deliver its products and services conforming to their quality and other requirements. The organization has also defined how it provides and maintains such an environment.

A suitable environment significantly depends on the type of products and services delivered. Usually it can involve a combination of human and physical factors, such as:

  • social factors (e.g. non-discriminatory, calm, non-confrontational)
  • psychological factors (e.g. stress-reducing, burnout prevention, emotionally protective)
  • physical factors (e.g. temperature, heat, humidity, light, airflow, hygiene, noise)

Universal cyber compliance language model: Comply with confidence and least effort

In Cyberday, all frameworks’ requirements are mapped into universal tasks, so you achieve multi-framework compliance effortlessly.

Security frameworks tend to share the common core. All frameworks cover basic topics like risk management, backup, malware, personnel awareness or access management in their respective sections.
Cyberday’s universal cyber security language technology creates you a single security plan and ensures you implement the common parts of frameworks just once. You focus on implementing your plan, we automate the compliance part - for current and upcoming frameworks.
Start your free trial
Get to know Cyberday
Start your free trial
Cyberday is your all-in-one solution for building a secure and compliant organization. Whether you're setting up a cyber security plan, evaluating policies, implementing tasks, or generating automated reports, Cyberday simplifies the entire process.
With AI-driven insights and a user-friendly interface, it's easier than ever to stay ahead of compliance requirements and focus on continuous improvement.
Clear framework compliance plans
Activate relevant frameworks and turn them into actionable policies tailored to your needs.
Credible reports to proof your compliance
Use guided tasks to ensure secure implementations and create professional reports with just a few clicks.
AI-powered improvement suggestions
Focus on the most impactful improvements in your compliance with help from Cyberday AI.
No items found.