You are on page 1of 7

Management System Certification

Audit Summary Report


Organization:
Address:
Standard(s):
Representative:
Site(s) audited:
EAC Code:

Effective No.of
Personnel:
Lead auditor:

Balai IPTEKnet - BADAN PENGKAJIAN DAN PENERAPAN TEKNOLOGI


Gedung Pusat Rekayasa Teknologi Informasi dan Komunikasi
(Gd. Teknologi 3/254) Lt. 3, Puspiptek Tangerang Selatan 15314
ISO 9001: 2008
Accreditation Body(s): UKAS
Mr Joko Syahrianto (cell phone: 081213860104)
As per address above
Date(s) of audit(s):
2,3 December 2014
33
NACE Code:
72.10
Technical
QM 33.1
72.20
Area code:
72.40
44 Persons
No. of Shifts:
Non shift
Erdiek Ardhianto

Additional team
member(s):

Joko Sumpono

Additional
Attendees and
Roles
This report is confidential and distribution is limited to the audit team, audit attendees client
representative and the SGS office.

1. Audit objectives
The objectives of this audit were:

to confirm that the management system conforms with all the requirements of the audit standard;

to confirm that the organization has effectively implemented the planned management system;

to confirm that the management system is capable of achieving the organizations policy objectives.

2. Scope of certification
Internet Service Provider, Software Development and Cloud Computing Provider

Has this scope been amended as a result of this audit? Add scope cloud
computing provider that not inform in CDS

Yes

No

This is a multi-site audit and an Appendix listing all relevant sites and/or remote
locations has been established (attached) and agreed with the client

Yes

No

3. Current audit findings and conclusions


The audit team conducted a process-based audit focusing on significant aspects/risks/objectives required
by the standard(s). The audit methods used were interviews, observation of activities and review of
documentation and records.
The structure of the audit was in accordance with the audit plan and audit planning matrix included as
annexes to this summary report.
The audit team concludes that the organization
has
has not established and maintained its
management system in line with the requirements of the standard and demonstrated the ability of the
system to systematically achieve agreed requirements for products or services within the scope and the
organizations policy and objectives.

Job n: ID/JKT 0779


CONFIDENTIAL

Report date:
Document:

3 December 2014
GS0304

Visit Type: S2R


Issue n: 15

Visit n:
Page n:

1
1 of 7

Number of nonconformities identified:

Major

Minors

Therefore the audit team recommends that, based on the results of this audit and the systems
demonstrated state of development and maturity, management system certification be:
Granted /

Continued /

Withheld /

Suspended until satisfactory corrective action is completed.

4. Previous Audit Results


The results of the last audit of this system have been reviewed, in particular to assure appropriate correction
and corrective action has been implemented to address any nonconformity identified. This review has
concluded that:
Any nonconformity identified during previous audits has been corrected and the corrective action
continues to be effective. (Refer to Section 6 for details)
The management system has not adequately addressed nonconformity identified during previous audit
activities and the specific issue has been re-defined in the nonconformity section of this report.

5. Audit Findings
The audit team conducted a process-based audit focusing on significant aspects/risks/objectives. The audit
methods used were interviews, observation of activities and review of documentation and records.
The management system documentation demonstrated conformity with the requirements
of the audit standard and provided sufficient structure to support implementation and
maintenance of the management system.
The organization has demonstrated effective implementation and maintenance /
improvement of its management system and is capable of achieving its policy objectives.

Yes

No

Yes

No

The organization has demonstrated the establishment and tracking of appropriate key
performance objectives and targets and monitored progress towards their achievement.

Yes

No

The internal audit program has been fully implemented and demonstrates effectiveness
as a tool for maintaining and improving the management system.

Yes

No

The management review process demonstrated capability to ensure the continuing


suitability, adequacy and effectiveness of the management system.

Yes

No

Throughout the audit process, the management system demonstrated overall


conformance with the requirements of the audit standard.

Yes

No

Yes

No

Certification claims are accurate and in accordance with SGS guidance and the
organization is effectively controlling the use of certification documents and
marks.

N/A

6. Significant Audit Trails Followed


o

7. Nonconformities

Job n: ID/JKT 0779


CONFIDENTIAL

Report date:
Document:

3 December 2014
GS0304

Visit Type: S2R


Issue n: 15

Visit n:
Page n:

1
2 of 7

CAR No: 1 of 7
Area / Department / Process:

Category:
Major
Internal Audit

Document Ref.:

diagram proses usaha Iptek


net -02
date 1 October 2014

Issue/Rev. Status:

Minor

Standard Ref.:

Clause 8.2.2

CAR Close out date:

Next Visit

Details of Non-Conformity:
Observed internal audit has conduct for seksi jaringan dan informasi on 19 November 2014 which
is not covered related process on seksi Jaringan dan informasi , e.g.: Data center, infra
maintenance; Actualy internal audit only conduct for Product development

CAR No: 2 of 7
Area / Department / Process:

Category:
Major
Minor
Seksi Jaringan dan informasi

Document Ref.:

Quality manual no.IPTEKnet01

Standard Ref.:

Clause 8.2.3 , 8.4

Issue/Rev. Status:

1 October 2014
date 25 July 2014

CAR Close out date:

Next Visit

Details of Non-Conformity:
Monitoring target performance not effective as following :
- Up time system and network 95%--> actual not measured clearly exceptV
- Technical Problem network < 5%--> actual not measured clearly except Von August
- Realization visit customer 1 time/year% --> actual not measured clearly except Von October
- Activation 1 days actualV on august 2014
- Aplication development target 3 days not monitored yet
- Handling application problem/Problem aplikasi < 20%--> not monitored yet

CAR No: 3 of 7
Job n: ID/JKT 0779
CONFIDENTIAL

Category:
Report date:
Document:

Major
3 December 2014
GS0304

Minor
Visit Type: S2R
Issue n: 15

Visit n:
Page n:

1
3 of 7

Area / Department / Process:

Seksi Jaringan

Document Ref.:

Quality manual no.IPTEKnet01


Formulir aktivasi web hosting
dan collocation/KF-002-002 no
pendaftaran 200.90.27
1 October 2014
date 25 July 2014

Issue/Rev. Status:

Standard Ref.:

Clause 8.2.4

CAR Close out date:

Next Visit

Details of Non-Conformity:
1. Verification of job activation on document Formulir aktivasi web hosting dan collocation/KF-002-002
no pendaftaran 200.90.27 date 25 July 2014 not effective since due to some information was not
completed yet, such as : OS confirmation, IP address/Konfigurasi, web hosting/Colocation (Folder
,domain and server ) and Testing activation method .
2. Verification for pemutusan layanan/kontrak as Berita acara pemutusan BAP/IPTEKNET/II/2014
dated 28 February 2014- Customer Chiyoda -No. Pendaftaran no 90.19/IPTEKNET/IX/2013 date
28 February 2014 not effective, since there is no evidence recorded related with realization of
Berita acara pemutusan BAP/IPTEKNET/II/2014 dated 28 February 2014-No. Pendaftaran no
90.19/IPTEKNET/IX/2013 date 28 February 2014, e.g.: Visual report

CAR No: 4 of 7
Area / Department / Process:

Category:
Major
Minor
Seksi Jaringan-Data Center

Document Ref.:

Quality manual no.IPTEKnet01


1 October 2014

Issue/Rev. Status:

Standard Ref.:

Clause 7.1, 7.6

CAR Close out date:

Next Visit

Details of Non-Conformity:
Planning of service realization was not effective determined to enhance customer satisfaction , such as
During audit on server room-Serpong found Temperature /Humidity has been monitored by
thermometer , however requirement and monitoring method was not determined yet; More over
verification method for thermometerserver room not clearly determined .
Not determined periodical control for Fire extinguisher FM 200 AA618-127, AA609-757 and
AA618-113

Job n: ID/JKT 0779


CONFIDENTIAL

Report date:
Document:

3 December 2014
GS0304

Visit Type: S2R


Issue n: 15

Visit n:
Page n:

1
4 of 7

CAR No: 5 of 7
Area / Department / Process:

Category:
Major
Bagian Tata Usaha

Document Ref.:

Procedure of Permohonan
Pembelian Barang Hingga
Tiga Juta Rupiah
. Kode : KP -014 dated 1
October 2014

Issue/Rev. Status:

Minor

Standard Ref.:

7.4.1

CAR Close out date:

Next Visit

Details of Non-Conformity:
Lack of evidence that providing of material or product has performed based on procedure of Permohonan
Pembelian Barang Hingga Tiga Juta Rupiah. Kode : KP -014 dated 1 October 2014 such as permintaan
pembeliaan sheet for Providing printer HP laser Jet 1120 S/N VNF6y79595 can not shows
Centro printer ITC BSD as printer provider has not listed in Supplier list ( Daftar Supplier 2014 )

CAR No: 6 of 7
Area / Department / Process:

Category:
Major
Bagian Tata Usaha

Document Ref.:

Procedure of Permohonan
Pembelian Barang Hingga
Tiga Juta Rupiah
Kode : KP -014 dated 1
October 2014

Issue/Rev. Status:

Minor

Standard Ref.:

7.4.3

CAR Close out date:

Next Visit

Details of Non-Conformity:
Lack of evidence that verification of purchased product has performed as required by standard as show
finding below:

Relevant of procedure has not defined about process of verification of purchased product
Acceptance criteria for verifying purchased product has not established
There is product has been received however it has not verified yet i.e Printer Laser receving dated
2/12/14

Job n: ID/JKT 0779


CONFIDENTIAL

Report date:
Document:

3 December 2014
GS0304

Visit Type: S2R


Issue n: 15

Visit n:
Page n:

1
5 of 7

CAR No: 7 of 7
Area / Department / Process:

Category:
Major
Bagian Tata Usaha

Document Ref.:

procedure of penanganan
sumber daya manusia
No. Kode KP-16

Issue/Rev. Status:

Minor

Standard Ref.:

6.2.2

CAR Close out date:

Next Visit

Details of Non-Conformity:
Lack of evidence that Training program has performed according to procedure of penanganan sumber daya
manusia No Kode KP-16 as shows Training result has not always recorded in laporan hasil pelatihan sheet
as required by procedure such as Pelatihan keamanan system informasi which conducted on 16 27 June
2014 has not recorded by trainee ( Ms. Intan P )

Client Proposed Action to Address Minor Non-Conformances Raised at this Audit:


All Corrective action proposed has been confirmed during audit
Nonconformities detailed here shall be addressed through the organizations corrective action process, in
accordance with the relevant corrective action requirements of the audit standard and shall include actions to
analyse the cause of the nonconformity and prevent recurrence, and complete records maintained.
Corrective actions to address identified major nonconformities shall be carried out immediately including
a cause anlaysis, and SGS notified of the actions taken within 30 days. An SGS auditor will perform a
follow up visit within 90 days to confirm the actions taken, evaluate their effectiveness, and determine
whether certification can be granted or continued.
Corrective actions to address identified major nonconformities shall be carried out immediately including
a cause anlaysis, and records with supporting evidence sent to the SGS auditor for close-out within
90 days.
Corrective Actions to address identified minor non conformities including a cause anlaysis, shall be
documented on a action plan and sent by the client to the auditor within 90 days for review. If the actions
are deemed to be satisfactory they will be followed up at the next scheduled visit.
Corrective Actions to address identified minor non-conformities including a cause anlaysis,have
been detailed on an action plan and the intended action reviewed by the Auditor, deemed to be
satisfactory and will be followed up at the next scheduled visit.
Appropriate cause analysis and immediate corrective and preventative action taken in response to
each non-conformance as required.
Note:- Initial, Re-certification and Extension audits recommendation for certification cannot be made unless check box 4 is completed. For
re-certification audits the time scales indicated may need to be reduced in order to ensure re-certification prior to expiry of current
certification.
Note: At the next scheduled audit visit, the SGS audit team will follow up on all identified nonconformities to confirm the effectiveness of the
corrective actions taken.

8. General Observations & Opportunities for Improvement


Seksi Jaringan
- Although Password protection has controlled as mentioned procedure KP-010 and recorded on
Formulir daftar password .; Care should be taken to review and improve Periodical control for password
.
Job n: ID/JKT 0779
CONFIDENTIAL

Report date:
Document:

3 December 2014
GS0304

Visit Type: S2R


Issue n: 15

Visit n:
Page n:

1
6 of 7

Information on admin log server room entry/exit control record should be improve with visitor
identification traceability , e.g.: instiution/company name and ID pass no ( actually only record as name
and date of entry/exit
Tata Usaha
It can be considered to further improve the identification system for measuring devices to reflect the
calibration status, e.g.: Weight Balance and Thermometer on control panel
Suggestion should be given to ensure that review contract has signed by related to section such as TU
and layanan jasa
Suggestion should be give to segregate supplier selected by through bidding or No bidding
Strongly recommendation to determine clearly about standard of competency based on Training,
Experience and skill

Job n: ID/JKT 0779


CONFIDENTIAL

Report date:
Document:

3 December 2014
GS0304

Visit Type: S2R


Issue n: 15

Visit n:
Page n:

1
7 of 7