Cisco Global Commerce Audit Preparation Document, v4.0



Similar documents
INTEGRATED MANAGEMENT SYSTEM MANUAL IMS. Based on ISO 9001:2008 and ISO 14001:2004 Standards

Software Quality Subcontractor Survey Questionnaire INSTRUCTIONS FOR PURCHASE ORDER ATTACHMENT Q-201

REQUIREMENTS FOR CERTIFICATION BODIES TO DETERMINE COMPLIANCE OF APPLICANT ORGANIZATIONS TO THE MAGEN TZEDEK SERVICE MARK STANDARD

Quality Management System Manual

PDS (The Planetary Data System) Information Technology Security Plan for The Planetary Data System: [Node Name]

Final. National Health Care Billing Audit Guidelines. as amended by. The American Association of Medical Audit Specialists (AAMAS)

ThinkPlus Warranty Services Agreement

Implementation Consulting

VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium

CP14 ISSUE 5 DATED 1 st OCTOBER 2015 BINDT Audit Procedure Conformity Assessment and Certification/Verification of Management Systems

MEDFORD FABRICATION CSC, INC. Quality System Manual. Date of issue: 03/25/2010 Revision : F

WHITE PAPER Third-Party Risk Management Lifecycle Guide

CATSA Screening Contractor Management System Standard (2015)

EUROPASS DIPLOMA SUPPLEMENT

Infrastructure Technical Support Services. Request for Proposal

Project Management Guidelines

REQUEST FOR PROPOSAL OF EMERGENCY MEDICAL TRANSPORTATION BILLING SERVICES. Union County Emergency Medical Services

TENDER SPECIFICATIONS

IT SERVICE MANAGEMENT POLICY MANUAL

CITY UNIVERSITY OF HONG KONG

REQUEST FOR INFORMATION. Shipping, Transportation and/or Consolidation Companies. Puerto Rico Exports Program. Request for Information No.

Uncontrolled Document

Validation Audit Process Definition and Criteria

REQUEST FOR EXPRESSIONS OF INTEREST 4887 EOI NETWORK BACKUP/ ARCHIVING

I S O I E C I N F O R M A T I O N S E C U R I T Y A U D I T T O O L

SHARED ASSESSMENTS PROGRAM STANDARD INFORMATION GATHERING (SIG) QUESTIONNAIRE 2014 MAPPING TO OCC GUIDANCE ( ) ON THIRD PARTY RELATIONSHIPS

Risk Management of Outsourced Technology Services. November 28, 2000

Committed to Environment, Health, & Safety

Vendor Management. Outsourcing Technology Services

Management of Cloud Computing Contracts and Environment

Translation Service Provider according to ISO 17100

Papua New Guinea LNG Project Environmental and Social Management Plan Appendix 21: Procurement and Supply Management Plan PGGP-EH-SPENV

Issue No. 02 BOBS May, 2008 Effective Date: UNCONTROLLED WHEN DOWNLOADED/PRINTED

Business Management System Manual. Context, Scope and Responsibilities

Abu Dhabi EHSMS Regulatory Framework (AD EHSMS RF)

TABLE OF CONTENTS. Prefacej... 1

Certification Procedure of RSPO Supply Chain Audit

RTP s NUCLEAR QUALITY ASSURANCE PROGRAM

White Paper on Financial Institution Vendor Management

Request for Proposal. Contract Management Software

CQR-1 CONTRACTOR QUALITY REQUIREMENTS for CONSTRUCTION SERVICES

Outsourcing Technology Services A Management Decision

Application for CISM Certification

14620 Henry Road Houston, Texas PH: FX: WEB: QUALITY MANUAL

Title: Rio Tinto management system

TO: Chief Executive Officers of National Banks, Federal Branches and Data-Processing Centers, Department and Division Heads, and Examining Personnel

How To Inspect A Blood Bank

SUPPLIER GUIDEBOOK. Rev 1.1

Network Certification Body

GUIDANCE FOR MANAGING THIRD-PARTY RISK

Green Globe Certification Policy V1.6

3 Terms and definitions 3.5 client organization whose management system is being audited for certification purposes

Specialties Manufacturing. Talladega Castings & Machine Co., Inc. ISO 9001:2008. Quality Manual

UL Qualified Firestop Contractor Program Requirements April 2012

ISO :2005 Requirements Summary

Vendor Management Compliance Top 10 Things Regulators Expect

North American Electric Reliability Corporation. Compliance Monitoring and Enforcement Program. December 19, 2008

GUIDE TO IMPLEMENTING A REGULATORY FOOD SAFETY AUDITOR SYSTEM

California Dept. of Technology AT&T CALNET 3. Service Level Agreements (SLA) 7.3 Network Based Managed Security

Construction Management Services Delmar School District RFP No. DSD16001-CONSTR_MAN

CITY OF DALLAS. Request for Competitive Sealed Proposal (RFCSP) BUZ1524. For. SCADA Repair, Parts and Support

TENDER NUMBER: ITT/SACU/015/2015/O Information and Communication Technology (ICT) Audit IT Effectiveness Review

Certified Florida Community Service Provider (CFCSP)

Certification Manual. Fair Trade USA V2.0 English Version. SCS Global Services Manual

Tender Dossier. Vehicles, Tracking and Equipment

Third Party Approval & Risk Management

OUTSOURCING POLICY

Consultant s Services Small Assignments, Lump-Sum Payments

ISO 9001:2000 AUDIT CHECKLIST

R000. Revision Summary Revision Number Date Description of Revisions R000 Feb. 18, 2011 Initial issue of the document.

Company Quality Manual Document No. QM Rev 0. 0 John Rickey Initial Release. Controlled Copy Stamp. authorized signature

FINAL DOCUMENT. Guidelines for Regulatory Auditing of Quality Management Systems of Medical Device Manufacturers Part 1: General Requirements

Micro Plastics, Inc. Quality Manual

Surgi Manufacturing Quality Manual

Managing Risk in the Global Supply Chain

SHE Standards. Safety, Health and Environmental Protection Standards

Solicitation Emergency Disaster Cleanup Services. Bid designation: Public. Lehi City

Quality Assurance Manual for Low Level Radioactive. Waste Disposal Facility

AUSTIN INDEPENDENT SCHOOL DISTRICT INTERNAL AUDIT DEPARTMENT CONSTRUCTION AUDIT PROGRAM

ISO 9001 (2000) QUALITY MANAGEMENT SYSTEM ASSESSMENT REPORT SUPPLIER/ SUBCONTRACTOR

ISO 9001:2008 Internal Audit Guidance

RSPO Supply Chain Certification Systems

Managing Outsourcing Arrangements

Office 365 Data Processing Agreement with Model Clauses

Third Party Risk Management 12 April 2012

TELEFÓNICA UK LTD. Introduction to Security Policy

International Peace Support Training Centre Westwood Park P O Box Karen, Kenya

CORPORATE QUALITY MANUAL

PRIVACY POLICIES AND FORMS FOR BUSINESS ASSOCIATES

Supplier quality guideline. VOSS Automotive Group Issue Rev00

CHECKLIST ISO/IEC 17021:2011 Conformity Assessment Requirements for Bodies Providing Audit and Certification of Management Systems

UNITED STATES DEPARTMENT OF EDUCATION OFFICE OF INSPECTOR GENERAL. September 24, 2010

Compliance Management Systems

Summary of Requirements for ISO 14001:2004 February 24, 2005

Credit Union Liability with Third-Party Processors

Transcription:

Cisco Global Commerce Audit Preparation Document, v4.0 Table of Contents Introduction... 2 1 Audit Process and Methodology 1.1 Audit Scheduling... 3 1.2 Role of Audit Participants... 3 1.3 Audit Findings and Follow Up... 3 2 Prequalification Requirements... 5 3 General Requirements 3.1 Objectives... 5 3.2 Contracting... 5 3.3 Procurement... 6 3.4 Security... 6 3.5 Business Continuity... 6 4 Required Capabilities 4.1 Global Order Management... 7 4.2 Global Invoicing... 7 4.3 Global Agreements... 7 4.4 Global Logistics... 8 Appendix 1: Sample Agenda... 9 Version 4.0, 8/31/09 Cisco Global Commerce Audit Preparation Document 1

Introduction This document defines the criteria required to achieve the Global Commerce Specialization within the Cisco Worldwide Channel Partner Program and provides guidelines for auditing to these requirements. The criteria may be updated at the discretion of Cisco. Version 4.0, 8/31/09 Cisco Global Commerce Audit Preparation Document 2

1 Audit Process and Methodology 1.1 Audit Scheduling As a general guideline, an on-site audit will not be scheduled until the partner has submitted a complete application and the Cisco Partner Program Manager has verified that pre-audit requirements have been met. Please contact your Program Manager for an application and to schedule your Global Commerce audit. A representative from a Cisco third-party audit agency will schedule the on-site audit and will request additional documentation or information prior to or during the audit. Typically, the on-site audit will take place within three working days of Cisco s validation of the partner s pre-qualification requirements. The audit must take place at the partner s global commerce/logistics center, if this exists, or at the location where the majority of global customer opportunities are negotiated and managed. 1.2 Role of Audit Participants Role of the Partner Prior to the audit, the partner is expected to review all of the program requirements, submit a complete online application with the requested pre-audit documents and provide any additionally required documents on the day of the audit. During the audit, the partner will present a 15-minute general partner overview of the company covering: A business model, service and support model, and organizational overview If applicable, the business model overview should include provision of any partner added value services, built around Cisco products, such as managed network services, installation support services, and basic and advanced consulting services Partner should discuss the business and support relationship with Cisco. Suggested participants for this period of the audit would be the person responsible for managing the support relationship with Cisco, and the main contact for Cisco certifications and specializations. Role of the Auditor Cisco uses an independent third-party audit agency to conduct audits. The auditor manages the on-site audit process. The auditor will review supplied documentation prior to the audit, verify whether the partner complies with all of the program requirements, and compile the audit report describing the extent of compliance with each requirement. The auditor will then submit the report and supporting documents to the Cisco Partner Program Manager who will determine whether or not the partner meets these requirements. All information or documentation provided to the auditor is considered confidential information as defined in an NDA signed by Cisco s third-party auditors, and will be treated accordingly by both Cisco and the auditor. Role of the Cisco Partner Program Manager (PM) The Cisco Partner Program Manager (PM) is responsible for maintaining program integrity, and as such, the decision to award or revoke program certification or specialization rests with the PM. All grace periods described within the policy document are at the discretion of the PM. 1.3 Audit Findings and Follow-Up Version 4.0, 8/31/09 Cisco Global Commerce Audit Preparation Document 3

At the audit closing session, the auditor will present a brief synopsis of the partner s audit opportunities for improvement and, in particular, will highlight any open action items. For open action items, the partner will be given an opportunity to provide written evidence of closure to the auditor within five business days after completion of the audit. If unable to close out open action items within five business days, the partner should provide a corrective action plan to the Cisco Partner Program Manager. The action plan must be fully implemented within an agreed upon time period, not to exceed the stated get-well period. At the end of the agreed time period, a visit by the auditor may be required in order to verify closure of an action item. The final decision to award certification or specialization will not be made until the corrective action plan is satisfactorily completed. During and after the audit, the auditor cannot make commitments regarding the qualification decision. The Partner Program Manager will review the audit report and communicate results back to the partner within 20 business days. Results will be emailed back to the primary contact within the partner organization. It is possible that the findings of the audit are such that qualification or requalification for the program cannot be achieved within the stated get-well period. In this case, the Partner Program Manager may deny qualification. If a partner fails to deliver an action plan within the agreed timeframe, the partner may also be denied qualification for the program. Version 4.0, 8/31/09 Cisco Global Commerce Audit Preparation Document 4

2 Prequalification Requirements 2.1 Agreements/Contracts Partner must have a valid Global Systems Integrator Agreement with Cisco; this agreement will be validated by Cisco 2.2 Certification Partner must have current Gold certification in at least one country in each Cisco theater, plus one current Silver certification in each Cisco theater 2.3 Geographical Coverage Partner must have a legal presence and an Indirect Channel Partner Agreement (ICPA) in at least 20 countries, with a minimum of four in each Cisco theater 3 General Requirements 3.1 Objectives Requirement 3.1.1 Partner must have measurable objectives to support the critical success factors for global customer engagements. 3.1.2 Partner must conduct periodic reviews of performance to objectives; records of reviews must be maintained. 3.1.3 Partner must take appropriate action to improve performance when objectives are not being met. Records of actions taken must be maintained. 3.1.4 Objectives must be reviewed and revised as necessary to ensure they remain appropriate to the critical success factors for global customer engagements. This must include objectives related to Service Level Agreements (SLAs) and to key business processes specific to global commerce activities. Partner must provide evidence, e.g. meeting minutes or other records of period reviews of performance to objectives. Partner must provide evidence of action items (e.g., corrective actions, continual improvement) taken when objectives are not met. Partner must provide evidence of periodic review and evaluation of objectives, including revision of targets and objectives when necessary. 3.2 Contracting Partner may subcontract logistics services in those countries where they do not have a legal presence provided that the following requirements are met: Requirement 3.2.1 Partner must have defined criteria for selection and Criteria must include review of contractor s import license and rebate license. evaluation of the contracted party in determining suitability to provide such services. 3.2.2 Services provided must be documented in a contract Partner must provide details (e.g., in signed contracts) of subcontracted services. between the partner and the contracted company, including a Service Level Agreement. Records of contract approval must be maintained. 3.2.3 Periodic evaluations of contracted parties must be Partner must provide records of period subcontractor evaluation; evaluations must include review Version 4.0, 8/31/09 Cisco Global Commerce Audit Preparation Document 5

conducted to ensure that contracted requirements, including service levels are being met. Records of evaluations must be maintained. 3.2.4 Partner must maintain a documented process for notifying contracted parties when requirements are not met, and for ensuring that appropriate corrective action is taken by the contracted party to prevent the recurrence of the problem. Records of such actions must be maintained. 3.3 Procurement Requirement 3.3.1 Partner must demonstrate support for both centralized and decentralized procurement models. of performance to service levels. Partner must explain or describe how contracted parties are notified when nonconformances are identified; this process must include initiation of corrective action to prevent recurrence. Partner must be able to provide the services outlined in the Required Capabilities section for global engagements where customer s procurement model is centralized, decentralized or a combination of both. Partner must provide one example of a global customer engagement using centralized procurement methods and one example of a global customer engagement using decentralized procurement methods. 3.4 Security Requirement 3.4.1 Partner must maintain documented security procedures. Partner must have documented procedures for identification and assessment of security threats and risks (e.g., physical/functional failures, incidental or intentional damage to infrastructure, operational threats and risks, natural environmental events), and mitigation of identified risks and their consequences. 3.4.2 Partner must have a process for Cisco Brand Protection. Partner must have a documented process specifying internal control mechanisms for ensuring compliance with Cisco Brand Protection policies, including preventive measures to ensure that no counterfeit or grey market product is distributed. 3.4.3 Partner must have defined roles and responsibilities for security management activities. Partner must have documented identification of roles and responsibilities and provision of resources for security management, including identification of ethical responsibilities for all personnel. 3.4.4 Partner must conduct security audits. Partner must provide evidence of periodic internal audits of the security management system, including evidence of corrective action taken when problems are found. 3.4.5 Partner must conduct security management reviews. Partner must provide evidence of periodic review of the security management system to ensure its ongoing suitability and effectiveness and to identify opportunities for improvement. 3.5 Business Continuity Note: If partner provides evidence of compliance to Business Continuity Standards, including ISIS2 or BS25999/PAS56, this section of the audit will be waived. Version 4.0, 8/31/09 Cisco Global Commerce Audit Preparation Document 6

Requirement 3.5.1 Partner must maintain documented plans and procedures for ensuring business continuity. Business continuity plans and procedures must include: Business risk assessment Business continuity/disaster recovery strategies Roles and responsibilities for responding to incidents and emergencies Identification of critical systems and records, and appropriate back up and storage procedures Periodic review and revision of business continuity and disaster recovery plans 4 Required Capabilities 4.1 Global Order Management Process Capabilities and Services Audit Requirements Partner must maintain a documented process for global order management. The process must include Review of customer requirements prior to acceptance of the order Records of order review Methods for modification of orders after order acceptance Methods for communication with customers regarding order inquiries and customer feedback Partner must offer their global customers the following order management services: Centralized and in-country ordering A single point of contact when ordering centrally Order configuration/verification for compliance with customer specifications Order verification for local requirements when customer orders centrally Customer access to global order tracking information Consolidated reporting of global customer purchases, including total price Partner must demonstrate their order tracking and reporting capabilities through a demonstration of their customer-facing systems and/or by providing sample reports. Partner must provide objective evidence of the above capabilities in at least three global customer engagements; these may be in the form of an SLA. 4.2 Global Invoicing Process Capabilities and Services Audit Requirements Partner must maintain a documented process for global invoicing. The process must include Review of invoices prior to issuance to the customer Records of customer invoicing 4.3 Global Agreements Partner must offer their global customers the following invoicing services Consolidated billing and centralized collection Local currency billing for all major currencies Partner must demonstrate the above capabilities in at least three global customer engagements; these may be in the form of an SLA, invoice or accounting system. Version 4.0, 8/31/09 Cisco Global Commerce Audit Preparation Document 7

Process Capabilities and Services Audit Requirements Partner must maintain a documented process for creating and maintaining global customer agreements. The process must include Methods for establishing and periodically reviewing global pricing Review of global agreements Records of review and any changes resulting from the review 4.4 Global Logistics Partner must offer their global customers the following global agreement services Global master agreement offering consistent base terms and conditions. Service SLAs may vary by region Consistent global discount for Cisco products Partner must provide sample global master agreements and corresponding local addendums for at least three global customer engagements. For consistent discounts, objective evidence may be in the form of a master agreement, invoice or accounting system display. Partner must also demonstrate their global pricing methodology, including one example where Cisco has provided partner with a single discount and one where partner purchased at their contractual discount for each country. Process Capabilities and Services Audit Requirements Partner must maintain a documented process for global logistics. The process must include Identification and traceability of product while in partner s control through the use of an asset tracking system Coordination of staging, shipping and delivery activities Handling of customer complaints regarding logistics services, including problem identification and escalation, investigation/root cause analysis, corrective action and follow up with the customer. Partner must offer their global customers the following logistics services Asset tracking by serial number to point of delivery or to point of installation if required by customer Staging facilities in each graphic region Management of export/import process, in cases where not provided by Cisco Import includes customs clearance, duty/vat payment, delivery from port of entry to final destination Export includes export documentation, compliance with export laws, providing insurance, managing carrier(s) Partner must demonstrate their asset tracking capabilities by providing at least three SLAs with global customers, or at a minimum, demonstrate their asset tracking system for at least three global engagements, including one where the customer required tracking to the point of installation. Partner must provide a list of staging facilities, including the location and services provided. Partner must provide at least three global SLAs for engagements where they provided import/export services, including one where these services were provided by agents (or Cisco) in some countries. Version 4.0, 8/31/09 Cisco Global Commerce Audit Preparation Document 8

Appendix 1: Sample Audit Agenda Audit Agenda Item Introductions and review of audit goals and methodology Partner introduction of global customer business, including an overview of partner s process/model for engaging and supporting global customers and the organizations involved Cisco relationship Review of Previous Action Items and Opportunities for Improvement, if applicable Validation of prerequisites General Requirements: Procurement Critical Success Factors Contracting Required Capabilities: Global Order Management Global Invoicing Global Agreement Global Logistics Global Information Security Review of audit findings with auditor (if applicable) Estimated duration 30 minutes 1 hour 4 hours Version 4.0, 8/31/09 Cisco Global Commerce Audit Preparation Document 9

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information