Conformance review CORE

(modified)

The independent assessment of the conformity of activities, processes, deliverables, products or services to agreed specifications.

Guidance notes

Specifications may be the criteria of specified standards, required practices, or other documented requirements. Conformance reviews can be applied in a number of areas such as - but not limited to - asset management, network security tools, firewalls and internet security, sustainability, real-time systems, application design and specific certifications.

Conformance review: Level 6

(modified)

Specifies organisational procedures for internal or third-party conformance reviews. Develops plans for review of management systems, including the review of implementation and use of standards and the effectiveness of operational and process controls. May manage the review, conduct the review or manage third party reviewers. Identifies areas of risk and specifies interrogation programs. Recommends improvements in processes and control procedures. Authorises the issue of formal reports to management on the extent of compliance of systems with standards, regulations and/or legislation.

Conformance review: Level 5

(modified)

Evaluates and independently appraises the internal control of processes, based on investigative evidence and assessments undertaken by self or team. Plans formal conformance reviews. Ensures that independent appraisals follow agreed procedure and advises others on the review process. Provides advice to management on ways of improving the effectiveness and efficiency of their control mechanisms. Identifies and evaluates associated risks and how they can be reduced.

Conformance review: Level 4

(modified)

Performs formal conformance reviews including data collection, analysis and related activities. Collects, collates and examines records as part of specified testing strategies for evidence of compliance with management directives, or the identification of abnormal occurrences. Analyses evidence collated and drafts part or all of formal reports commenting on the conformance found to exist in the reviewed part of an information systems environment.

Conformance review: Level 3

(modified)

Collects and collates evidence as part of a formally conducted and planned conformance review. Examines records as part of specified testing strategies for evidence of compliance with management directives, or the identification of abnormal occurrences.