Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11268 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Defining scope of QMS
Answer:
The standard requires organizations to define the scope of its quality management system, meaning that you need to determine what processes, locations, products and services will be included in your quality management system. This can be the entire organization, but in some cases the companies create separate QMS for separate locations or departments of the same company.
There is no need for writing a procedure for determining the scope of QMS, however it must be documented somewhere. This is usually done in the Quality Manual or in separate document about the scope of QMS. Here you can find a free preview of our Scope of Quality Management System https://advisera.com/9001academy/documentation/scope-of-quality-management-system/
For more information, see: How to define the scope of the QMS according to ISO 9001:2015 https://advisera.com/9001academy/documentation/scope-of-quality-management-system/ -
Identifying external providers
Answer:
It depends mostly on how you defined the scope of the QMS. If you have one QMS that covers your entire company and includes all units around the globe than it wouldn't be considered as an external provider. However, if you defined separate QMSs for each unit of your company that, those other units should be considered as external providers. Another way to bypass this requirement is to exclude the other units of your company form the procedure for control of externally provided processes, products and services. For more information, see: How to control outsourced processes using ISO 9001 https://advisera.com/9001academy/blog/2015/05/05/how-to-control-outsourced-processes-using-iso-9001/ -
Mandatory documents for internal audit
Thanks
Answer:
ISO 9001:2015 requires less documents for internal audit compared to the 2008 revision of the standard. The only mandatory documents for internal audit are internal audit program and internal audit report. You can find the free preview of those documents here:
- Internal Audit Program https://advisera.com/9001academy/documentation/internal-audit-program/
- Internal Audit Report https://advisera.com/9001academy/documentation/internal-audit-report/
However, there are some other documents that are not mandatory but can help you with internal audit, such as internal audit procedure and internal audit checklist. We created the documentation package designed for internal audit only, and you can find free preview here https://advisera.com/9001academy/iso-9001-2015-internal-audit-toolkit/ -
Mandatory clauses
Answer;
All clauses in the standard are mandatory, however there are some clauses that may be inapplicable to your company and such clauses may be excluded form the scope of the QMS.
In the previous version of the standard, the exclusions could be made form the clause 7. In the 2015 version of the standard, the company may exclude any clause that it finds inapplicable to its business, in practice, the clauses that can be excluded are 7.1.5 and any sub-clause form the clause 8.
For every exclusion made form the standard, the company must provide justification in a form of documented information. For more information, see What clauses can be excluded in ISO 9001:2015? https://advisera.com/9001academy/blog/2015/07/07/what-clauses-can-be-excluded-in-iso-90012015/2015/ -
ISO 9001 for an information security services company
Answer:
The process of implementation of ISO 9001 is the same regardless of the size and the type of business the company conducts. Of course, in smaller companies the process is more simple but it still includes all the steps in implementation.
First you need to conduct the GAP analysis to determine to what extent your company is already compliant with the standard. You can use our free online GAP analysis tool https://advisera.com/9001academy/iso-9001-gap-analysis-tool/
Once you determine what documents need to be created and what activities need to be performed, you can establish a Project Plan to assign responsibilities and define deadlines for each activity. This is not a mandatory step but it will help you avoid missing any thing out. Here you can find our free Project Plan for ISO 9001 implementation https://advisera.com/9001academy/free-downloads//
Next step is to implement all activities and documents and finally, you need to conduct internal audit and managemen t review. When you finish with all activities, your company is ready for certification and you can hire certification body to conduct the certification audit. For more information, see Checklist of ISO 9001 implementation & certification steps https://advisera.com/9001academy/knowledgebase/checklist-of-iso-9001-implementation-certification-steps/ -
How many people can have access to admin password?
Answer:
I am sorry but there is no a specific number for this. Anyway, generally the admin password is only for those people that need to perform changes over a system, or over a server. A normal user that only use an information system to read email and surf through internet, does not need an admin password, but the system administrator obviously needs the admin password. Keep in mind that is a best practice that each employee has an unique user ID.
It is also a best practice to develop a password policy where you can define rules about passwords, so this template can be useful for you (you can see a free version clicking on “Free demo” tab ) “Password Policy” : https://advisera.com/27001academy/documentation/Password-Policy/
And our online course can be also interesting for you “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/ -
Release and deployment management
Analysis shall include assessment of the impact of the release on the
customer. I am looking for what all the information one need to cover as
part of this report post release?
Answer:
This part of the Release and deployment management process (clause 9.3 in the ISO 20000-1) is actually asking from you to check the efficiency of the implementation. Namely, releases (particularly less successful ones) can be source of new errors i.e. incidents. By analyzing:
a) impact - this will tell you how big is the "damage", and
b) incidents itself - this will give you insight information what went wrong, who is responsible, why...etc.
you can get valuable information about further proceeding. Often such analysis results in improvement initiatives.
So, what you should do is analyze newly created incident (i.e. incidents which occur as a result of the release) and document your findings. Result can be e.g. do-nothing (e.g. when impact of the new incident is not significant and customer agree with it - less likely but sometimes it could happen) or new improvement initiative (e.g. when you are aware what is wrong and now you have to remove cause of the incident).
These two articles will give you general view on Release and deployment management:
ITIL Release and Deployment Management Part I – General principles and service testing - https://advisera.com/20000academy/blog/2014/01/15/itil-release-deployment-management-part-general-principles-service-testing/
ITIL Release and Deployment Management Part 2 – deployment methods and early life support - https://advisera.com/20000academy/blog/2014/01/28/itil-release-deployment-management-part-2-deployment-methods-early-life-support/ -
Defect vs. error
Totally understand the ITIL V3 framework is not equal to Application Development Lifecycle. I need to understand if “errors” are equal to “defects” from a nomenclature perspective.
Answer:
ITIL is intended for IT services. Usually, services are relying on application so you can drive the parallel between IT service lifecycle and application lifecycle. The article "ITIL Application Management Function – Custodian of application knowledge" https://advisera.com/20000academy/blog/2014/03/18/itil-application-management-lifecycle-within-service-lifecycle/ can help you with this.
Defects vs. errors - well, defects are qualiyt management description of nonconformity related to the specified use. ITIL doesn't use word defect but error if there is a discrepancy between what an service should do and what it does. Corrective action follows defect and errors are followed by change. -
Closing meeting, checklist and findings
2.- Can you tell five check list for hr security audit?
3.- What is 3 type of audit findings?
Answers:
Regarding the first question, I suppose that it is related to the internal audit, if so, basically you can give information about the process, services, etc. reviewed, people interviewed, and findings detected, which are the results of the audit.
Regarding your second question, I am sorry but I am not sure what you mean, anyway, this article can help you to develop your own checklist for the internal audit of ISO 27001 “How to make an Internal Audit checklist for ISO 27001 / ISO 22301” : https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/ Keep in mind that basically this checklist will include all the requisites of the standard that you need to review during the audit.
Regarding the third question, 3 types of findings are: non conformities, observations and opportunities for improvement .
Finally, our online course can be interesting for you because we give more information about the internal audit "ISO 27001:2013 Internal Auditor Course" : https://advisera.com/training/iso-27001-internal-auditor-course/ -
Difference between ISOs and British Standard
Answer:
Basically an ISO is developed by the International Organization for Standardization, and a British Standard is developed by British Standards Institution. The International Organization for Standardization is an international body that develops standards ISOs, which is composed by representatives from various national standards organizations, and one of these national standard organizations is the British Standard Institution (it is one of the most important organizations, because the origin of some ISO standards was a British Standard: ISO 9001-BS 5750, ISO 14001-BS 7750, ISO 27001-BS7799).
By the way, do you know our online course about ISO 27001? Maybe can be interesting for you “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/