IJCA - Volume 2 - Flipbook - Page 43
2023 | Volume 2, Issue 1
43
Risk 3: Slow reaction time from IT development team
Mitigation Plan
Contingency Plan
Set standards of service for IT development requests
Hire external contractor for IT development
Frequent meetings with IT, following up on their tasks
Prepare a continuity plan utilizing alternate resource
Evaluation of IT as external supplier
Ensure that the work-around tools and process are available and staff
have been trained to deploy them when IT tools are delayed or lacking
Hire a full-time IT person
IT team needs to have a contractor who can provide support in their
absence
Cross train existing employees with an aptitude for IT or hire more ITsavvy contractors
Risk 4: Assessors cannot access appropriate resources/IT systems when needed
Mitigation Plan
Contingency Plan
Issue a “portal map” or “troubleshooting” guide
Use paper copies of documentation/resources
Training on the IT system to be made mandatory for each
assessor either during inception or on an ongoing basis
Ensure that alternative options (back to paper, spreadsheets, etc.) can
be quickly enabled if portal system goes down, etc.)
Introduce help center for end users
Continue utilization of existing assessment processes using Google
Docs and Dropbox, and limit access to company resources/IT systems
to accreditation program manager
Upload and provide access to assessors to rules, policies,
procedures, and previous assessments documentation
Formally evaluate the need for assessors in each
program to have access to the IT system resources
Assign specific staff who can help assessors
Make use of IT OneDrive
Risk 5: Fraudulent behavior: CABs issuing false reports/certificates, incorrect use of logo
Mitigation Plan
Contingency Plan
Educate clients with interactive resources
Suspend suspicious CABs until further notice
Continually review possible mechanisms to help prevent
fraudulent behavior
If identified during assessment, lead assessor to inform client about
required actions. Include it in his/her report to IAS
Lead assessors and IAS staff should be trained on how
to handle such cases
IAS program manager try to resolve the issue with client and inform
IAS top management
Make fraudulent accreditation claims public on
IAS website, train assessors on logo requirements,
and make sure correct usage is checked with every
assessment
Suspend, investigate and cancel, if needed
Unannounced assessments
Take legal action if needed per IAS top management decision
Increase frequency of visits on CABs identified as “bad
actors”
Conduct ongoing surveillance activities (not just
surveillance assessment) as specified in 17021-1