Here are the frequently asked questions from the Total Quality Management process asked and answered:


1. Why isn’t the training department involved in the audit?

  • The training department isn’t involved in this year’s internal audit because it is a fairly new department that was established only this year and it wasn’t part of the scope of the ISO 9001:2015 QMS and ISO 27001:2013 ISMS as stated in the audit plan.


2. What about the sales?

  • The sales department is not part of the audit for they are also not part of the inclusion of the QMS and ISMS. The clause specifically states that the inclusions are: Provisions of IT helpdesk, BOS -Back Office Data Entry Services (Airfreight, FAK Imports, FCL Imports and Land Transport), Digital Marketing and Web Development, including the protection of Information for House of IT in accordance with the Statement of Applicability version 2.5 dated March 26, 2021.


3, How do you pick the people to ask questions from the audit?

  • The auditors pick people to ask through the decision of the department heads and team leaders. These people picked by the upper bodies are the people usually responsible for the different processes of each department. Apart from the prior people chosen by the department heads and team leaders, the auditors also pick people for verification of the processes through random sampling. The people who will participate the random sampling may be composed of 1-5 people at max. The auditors expect these people they have picked for random sampling to answer the questions they have prepared for the audit.


4. Who creates the questions?

  • The senior auditor with his auditors are the ones who creates the questions for the audit. Their criteria in creating the questions is that if it fits the ISO Standards required.


5. Has the department experienced conducting an external audit?

  • The TQM department has not experienced conducting an external audit because by the name itself, external, meaning the people who will conduct the audit are from other governing bodies.


6. Who creates the audit plan?

  • The TQM department creates the audit plan through the leadership of the TQM manager.


7. What is the main difference of the ISO 9001 and ISO 27001?

  • ISO 9001: ISO 9001 is defined as the international standard that specifies requirements for a quality management system (QMS). Organizations use the standard to demonstrate the ability to consistently provide products and services that meet customer and regulatory requirements.
  • ISO 9001 is defined as the international standard that specifies requirements for a quality management system (QMS). Organizations use the standard to demonstrate the ability to consistently provide products and services that meet customer and regulatory requirements. It is the most popular standard in the ISO 9000 series and the only standard in the series to which organizations can certify. ISO 9001 was first published in 1987 by the International Organization for Standardization (ISO), an international agency composed of the national standards bodies of more than 160 countries.
  • ISO 27001: ISO/IEC 27001 is an international standard on how to manage information security. The standard was originally published jointly by the International Organization for Standardization and the International Electrotechnical Commission in 2005 and then revised in 2013. ISO 27001 (formally known as ISO/IEC 27001:2005) is a specification for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organization's information risk management processes. Everyone realizes that getting the 9001 or 27001 certification for an IT company is the task that costs of certain efforts and time. There may be a huge difference between how things are done and how they should be done according to the 9001 and 27001 standards. The habitual way of how everything is done may be changed, the audit is required. In case of ISO 27001 the IT company needs to work on the methodology for identification of information security risks, and so on.


8. Who determines the QMS and ISMS of the company?

  • The people who takes pride in determining the QMS and ISMS are the Top Management together with all managers of every department of the company.


9. What are Minor NCs and Major NCs? Example of each.

  • Minor NCs are findings from the audit that are easily avoidable and can be easily solved. One example of a minor NC is when a person from the random sampling cannot answer the question being asked. A Major NC however is of extreme breach and needs further assessment and time to solve. One concrete example is of a Major NC is a lacking process from the process flow of a certain department.