Share via

Bench audit.

Emanuel Tavano 0 Reputation points
2023-10-02T21:22:03.1733333+00:00

Hi I need to ask a few questions for my supplier audit of Microsoft. This is for a pharmaceutical company we are subcontractors for.

  1. Have you (Microsoft) been audited by any regulated company within the last two years?

☐ yes ☐ no

  1. Which of your sites provide services to Capgemini? (I work for Capgemini and need to conduct this audit)
  2. Are any aspects of the services outsourced to 3rd parties? (Subcontracting)

☐ yes ☐ no

  1. Do you have implemented a Management System comply with any International Industry Standards?

i. ISO 9001 Quality Management?

☐ yes, certified

☐ yes, not certified

☐ no

ii. ISO 27001 Information Security Management?

☐ yes, certified

☐ yes, not certified

☐ no

iii. ISO 22301 Business Continuity Management?

☐ yes, certified

☐ yes, not certified

☐ no

iv. ISO 20000-1 IT Service Management

☐ yes, certified

☐ yes, not certified

☐ no

v. Others … ISO (27017, 27034)

☐ yes, certified

☐ yes, not certified

☐ no

  1. Are all activities, relevant for contracted service provision for Capgemini, determined in formal process descriptions and published to personnel concerned?

☐ yes ☐ no

  1. How do you inform customers about changes with impact to contracted services?
  2. Do you perform internal audits to confirm the adherence of contractual obligations?

☐ yes ☐ no

  1. How do you ensure that the whole service supply chain (including part provided by 3rd parties) comply with contracted obligations?

a. Do you ensure compliance by process controls established and controlled?

☐ yes ☐ no

b. Do you ensure compliance by internal and supplier audits?

☐ yes ☐ no

c. Do you ensure compliance by Key Performance Indicators established - which are monitored and reported?

☐ yes ☐ no

  1. Do you have a formal Business Continuity Plan (BCP) in place?

☐ yes ☐ no

  1. Do you perform regular BCP drill exercises (simulation of potential disaster or disruption that could affect contracted services)?

☐ yes ☐ no

  1. Are your suppliers (if relevant) involved in the BCP exercise?

☐ yes ☐ no ☐ N/A

Not Monitored
Not Monitored
Tag not monitored by Microsoft.
43,340 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2023-10-02T21:22:03.1766667+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    I'm sorry, but I cannot answer your question as it is not related to the context provided. The context describes Microsoft's compliance with external regulations and certifications, as well as information about audits and security measures for specific Microsoft services. It does not provide information about Microsoft's suppliers or subcontractors, nor does it address the specific questions you have asked. If you have further questions related to Microsoft's compliance or security measures, I would be happy to try and help answer those.

    References:

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.