Concepts for developing the Review Plan cont'd

DOE-HDBK-3027-99

review. This guidance is essential in the development of the Review Plan (RP). The RP, if

prepared correctly, provides guidance and direction to the team so that they have a clear goal for

accomplishing the review. The RP provides the contractor and DOE staff with an outline of

exactly what is expected for the review. Thus they can be better prepared to provide the team

with the information necessary to determine the adequacy of the ISMS.

The development of the Criteria and Review Approach Documents (CRADs) should be one of

the first tasks conducted in preparing for the verification review. The Team Leader should

suggest the functional areas to be specified in tailoring the CRADs. Appendices 2 and 3 of this

handbook provide templates to assist in preparing the CRADs. CRADs should be tailored to

address the site, facility, or activity being reviewed. One of the first team projects is to develop

the CRADs. This is a key step. By involving the team in the development of the CRADs, the

team develops a sense of ownership. The contractor and the DOE staff should be included in the

writing of the CRAD. At the end of this effort, if it is conducted rigorously, the team will clearly

understand what it is that they must do to satisfy their CRADs, and the inspected contractor and

DOE staff will understand the scope of the review for which they are to be held responsible.

Experience has shown that when this process has been effectively conducted, an effective

verification has resulted. When this process has not been conducted so that the team members,

contractor, and DOE staff have been involved, the ISMS verification has proceeded in a chaotic

fashion.

The Team Leader must carefully craft the Review Plan so that the information gained will lead to

a recommendation to the Approval Authority as to the acceptability of the ISMS. This result is

usually required to be documented in a report. As part of the ISMS verification preparation

process, the Team Leader must carefully consider what format he/she will use for the report. The

input of the team and sub-team leaders, if assigned, should be crafted to efficiently support the

report format. The manner of identifying issues and concerns should be understood by the team

and there should be agreement that those determinations will support the needs of the Approval

Authority.

The following outline provides a suggested format for the Review Plan.

1.0 Introduction/Background : Describes the site, facility, or activity that will be reviewed.

This section provides background information concerning the basic process, hazards, and

issues associated with the activity to be reviewed.

2.0 Purpose: Describes the reasons why the review will be conducted and provides the basic

rationale for the defined scope of the review.

3.0 Scope : Defines the physical and administrative boundaries of the site, facility, or activity

and justifies those defined boundaries and support functions for review. This section of the

Review Plan should describe the approved scope as identified by the Approval Authority. It

should define the major objectives of the review. These objectives define the disciplines or

areas which are selected for review and define the approach and guidelines for the reviewer.

4.0 Prerequisites: Summarizes prerequisites specified by the Approval Authority. The use of

defined prerequisites has proven beneficial both in the preparation and conduct for the review.