Level 2 Checklist

Level two organizations are typically rapidly growing technology companies that are looking to enter into the medium and large size market, but are being blocked by vendor qualification criteria requiring SOC or ISO-27001. These standards mandate many aspects of a QMS and IT security best practices.

In general, the following policies, procedures, and documentation must be created to:

• Ensure documents are controlled per a standard such as GDP or ISO 9001
• Formalize employee training via an LMS
• Define organization mission/vision, structure, roles, and responsibilities.
• Facilitate internal and external audits
• Continually improves the organization through CAPAs
• Ensure operational consistency in the form of change control procedures
• Support traceability through complete audit trails that are always tied to a person, time, detailed changes, and reason for the change
• Create a secure operating environment through the adoption well established security standards
• Manage risk

Depending on your industry, region, subsector, company size, etc. some combination of the above points will be focused on more than others, but in general you must ensure that your employees are:

• Qualified to execute on the responsibilities for their assigned roles when hired
• Trained on all the documents above per their assigned roles
• Retain proof of procedural execution of SOPs (optional for some L2 organizations)