Reminder Bulletin – MD 4:2018 Information and Communication Technology (ICT) for Auditing

Bulletin date:
Bulletin number:
2020-13

Action required

Reminder for all Conformity Assessment Bodies: the application date of the new version of IAF MD 4 is July 4th, 2019.

 

IAF MD 4:2018 states that: “the use of ICT is not mandatory, but if used as part of the audit/assessment methodology, it is mandatory to conform to this document”.

 

Affected customers

All Conformity Assessment Bodies using information and communication technology (ICT) for auditing as part of their audit methodology are required to conform to IAF MD 4:2018.

 

Background

IAF MD4:2018 introduces important changes in the application of ICT in auditing and assessment.

 

The revised concepts include but are not limited to:

  • Risk-based approach
  • Emphasis on data security and confidentiality
  • Impact of the use of ICT on the duration of the assessment
  • Competency and ability to conduct an audit/assessment using ICT

 

New requirements

Organizations using ICT as part of their audit methodology are required to notify SCC when confirming the notice of assessment. SCC will verify compliance to IAF MD 4:2018 during the next scheduled assessment activity, if applicable.

 

Deadline

Effective immediately, SCC will assess the full implementation of the standard, and findings against IAF MD 4:2018 can be raised as appropriate.

 

Questions?

Please contact Abdel Kassou, Manager, Compliance and Assessment Services, at abdel.kassou@scc.ca or +1 613 238 3222 for more information.