Quality Assurance Process - ASI AI Solutions Wiki

QA Framework Overview

ASI AI Solutions maintains a Quality Management System (QMS) aligned with ISO 9001:2015. Our QA framework ensures that all services, projects, and internal processes meet defined quality standards, client expectations, and regulatory requirements.

⚙

Service Quality

SLA compliance, incident resolution quality, change success rates, and client satisfaction measured continuously through ITSM data and surveys.

☰

Project Quality

Deliverable acceptance rates, defect density, scope adherence, and post-project satisfaction scores tracked per project.

☉

Security Quality

Vulnerability management, compliance audit results, security incident trends, and Essential Eight maturity levels assessed quarterly.

☶

Process Quality

Internal process adherence, documentation currency, training completion rates, and knowledge base accuracy reviewed monthly.

Service Quality Standards

Quality Dimension	Standard	Measurement	Target
Incident Resolution Quality	Incidents resolved correctly first time, no reopens	Reopened incident rate	≤ 5%
Change Success	Changes implemented without causing incidents	Failed change rate	≤ 8%
Documentation Accuracy	Runbooks and procedures are current and accurate	Audit sample accuracy	≥ 95%
Response Timeliness	All priorities meet SLA response targets	SLA compliance %	≥ 95%
Client Communication	Proactive, clear, and timely updates during incidents	CSAT communication score	≥ 4.0/5.0
Knowledge Utilisation	Engineers use KB articles for known issues	KB attachment rate on tickets	≥ 60%
Security Posture	Client environments meet Essential Eight targets	Essential Eight maturity level	≥ Level 2 all controls

ISO 9001 Alignment

Our QMS is structured around the ISO 9001:2015 clauses:

Clause	Requirement	ASI Implementation
4. Context	Understand the organisation and its context	Annual strategic review, stakeholder analysis, risk assessment
5. Leadership	Leadership commitment and quality policy	Quality policy signed by CEO, leadership reviews quarterly
6. Planning	Actions to address risks and opportunities	Risk register maintained per process, improvement objectives set annually
7. Support	Resources, competence, awareness, communication	Training matrix, competency assessments, internal communications programme
8. Operation	Operational planning and control	All processes documented in this wiki, controlled through ServiceNow workflows
9. Performance	Monitoring, measurement, analysis, evaluation	KPI dashboards, internal audits, management reviews, client feedback
10. Improvement	Nonconformity, corrective action, continual improvement	NCR process, PDCA cycle, lessons learned integration

Internal Audit Schedule

Internal audits are conducted throughout the year to ensure all processes remain compliant and effective. Each process is audited at least once per year.

Quarter	Processes Audited	Lead Auditor	Status
Q1 (Jul-Sep)	Incident Management, Service Delivery & SLA	External (BSI)	Complete
Q2 (Oct-Dec)	Change Management, Project Delivery, Security Incident Response	Internal (QA Lead)	Complete
Q3 (Jan-Mar)	Client Onboarding, Sales Process, Procurement	Internal (QA Lead)	In Progress
Q4 (Apr-Jun)	Knowledge Management, QA Process, Management Review	External (BSI)	Scheduled

Audit Process

Planning: Audit scope, criteria, and schedule communicated 2 weeks in advance
Preparation: Auditor reviews process documentation, previous findings, and metrics
Execution: Interviews with process owners and practitioners, evidence sampling, observation
Reporting: Draft report within 5 BD, including findings categorised as Major NC, Minor NC, or Observation
Response: Process owner provides corrective action plan within 10 BD
Follow-up: Auditor verifies corrective actions are implemented and effective within 30 BD

Customer Feedback Loop

CollectCSAT, NPS, QBR Feedback, Complaints

AnalyseCategorise, Trend, Root Cause

ActImprovement Actions Assigned

ImplementChanges Deployed

VerifyMeasure Impact

CloseReport to Client & Close Loop

Feedback Channels

Per-ticket CSAT: Automated after every resolved incident (ServiceNow)
Quarterly NPS: Email survey to all client stakeholders
QBR feedback: Structured feedback session during Quarterly Business Reviews
Complaints: Formal complaints logged via email to quality@asiaisolutions.com.au or SDM. Acknowledged within 4 hours, investigated within 5 BD.
Annual relationship survey: Comprehensive survey covering all service dimensions

Continuous Improvement (PDCA Cycle)

Plan

Identify improvement opportunity from data (metrics, audits, feedback, incidents)
Define the problem and desired outcome
Analyse root cause (5-Whys, fishbone, Pareto)
Develop improvement plan with SMART objectives
Assign owner and timeline

Do

Implement the improvement action (pilot if high-risk)
Communicate changes to affected teams
Update documentation and training materials
Train staff on new/modified procedures

Check

Measure the outcomes against planned objectives
Collect data for defined measurement period (typically 30-90 days)
Compare before/after metrics
Gather stakeholder feedback on the change

Act

If successful: standardise the improvement, update QMS documentation
If unsuccessful: analyse why, revise approach, re-enter Plan phase
Share lessons learned across the organisation
Identify next improvement opportunity

Quality Metrics Dashboard

96.2%

SLA Compliance

94%

Change Success Rate

4.6/5

Client Satisfaction

3.8%

Incident Reopen Rate

Major Non-Conformances

89%

Project On-Time Delivery

Non-Conformance Reporting

A Non-Conformance Report (NCR) is raised when a process, service, or deliverable does not meet its defined standard.

NCR Categories

Category	Definition	Response Time	Approval to Close
Major	Systematic failure or absence of a required process/control. Certification risk.	Corrective action plan within 5 BD	Head of Compliance + external auditor
Minor	Isolated instance of non-compliance. Process exists but was not followed.	Corrective action plan within 10 BD	QA Lead
Observation	Area for improvement. Not a non-conformance but could become one.	Improvement action within 30 BD	Process Owner

Management Review

The Quality Management Review is conducted quarterly by the Leadership Team. It is a mandatory requirement of ISO 9001.

Review Inputs

Internal and external audit results
Client feedback and satisfaction trends
Process performance metrics and KPIs
Status of corrective and preventive actions
Changes that could affect the QMS (regulatory, organisational, technological)
Resource adequacy assessment
Risk register review
Improvement opportunities and innovation proposals

Review Outputs

Decisions on QMS improvements and process changes
Resource allocation decisions
Updated quality objectives for next quarter
Action items with owners and due dates
Minutes distributed within 5 BD, tracked in Confluence

Certifications Maintained

☉

ISO 27001:2022

Information Security Management System. Covers all ASI operations and client service delivery.

Certifying Body: BSI
Last Audit: November 2025 (Surveillance)
Next Audit: November 2026 (Recertification)
Scope: Provision of managed IT services, cloud services, and security services

✓

SOC 2 Type II

Service Organisation Control report covering Security, Availability, and Confidentiality trust principles.

Auditing Firm: Deloitte
Report Period: 1 July 2025 – 30 June 2026
Last Report: August 2025 (clean opinion)
Available to: Clients and prospects under NDA

⚙

Essential Eight (Maturity Level 2)

ACSC Essential Eight cyber security framework. ASI maintains Maturity Level 2 across all eight strategies for internal systems.

Last Assessment: January 2026
Next Assessment: July 2026
Target: Maturity Level 3 by December 2026
Client environments: Assessed individually per onboarding