Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11268 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
What needs to be done for transition to the 2015 version
Note: Objective, Controls and KPIs are in place.
Answer:
In order to achieve full compliance with the new version of the standard, there must be some revisions practically in every segment of the EMS. Some changes are major, some minor but they all need to be implemented.
The biggest addition compared to the previous version of the standard is determining context of the organization, which requires organization to determine internal and external issues related to the EMS. For more information, see: Determining the context of the organization in ISO 14001 https://advisera.com/14001academy/blog/2015/09/07/determining-the-context-of-the-organization-in-iso-14001/
TO get a full overview of the differences between previous and new version of the standard, take a look at this ISO 14001:2015 vs. ISO 14001:2004 matrix https://advisera.com/14001academy/free-downloads/ -
Legislation Register
Answer:
The standard requires you to identify the legal and other requirements but it doesn't define how detailed the information need to be. It is completely up to organization how it will collect and document these information. And you don't need to copy index of the standard into your list since these requirements are addressed with your documents and processes.
For more information, see:
- How to identify and comply with legal requirements in OHSAS 18001 https://advisera.com/18001academy/blog/2015/06/24/how-to-identify-and-comply-with-legal-requirements-in-ohsas-18001/
Here you can find a free preview of our List of Legal and Other Requirements https://advisera.com/18001academy/documentation/list-of-legal-and-other-requirements/ -
Implementation of ISO 9001:2015 quality management system
Answer:
The best way to start with the implementation is to perform GAP analysis and determine to what extent your company already conforms to requirements of the standard and what needs to be done to achieve full compliance with the standard. Here you can find free ISO 9001 implementation diagram https://advisera.com/9001academy/free-downloads//
Next step would be to establish a project plan for the implementation. This step is not mandatory but it helps in estimation of time and resources needed for the implementation, and also it will prevent you from missing anything out. Here you can download a free version of our Project Plan for ISO 9001 implementation https://advisera.com/9001academy/free-downloads//
Once you implement all requirements of the standard, you need to conduct internal audit and management review to check whether all the requirements are met and than you are ready to hire certification body to conduct certification audit and issue your company the ISO 9001 certificate. For more information, see: Checklist of ISO 9001 implementation & certification steps https://advisera.com/9001academy/knowledgebase/checklist-of-iso-9001-implementation-certification-steps/ -
Questions about ISO 22301/BS 25999 Toolkit
1. Do I get a copy of the ISO 22301/BS 25999 standard if I buy this package?
2. Why is risk assessment and treatment documents not included in this package?
3. Is this toolkit enough to implement BCP in our organization?"
Answers:
1.- No I am sorry, we do not offer these standards with our toolkit, although the BS 25999 is obsolete, and the current “universal” standard about business continuity is ISO 22301 (ISO 22301 was developed from the BS 25999). You can buy ISO 22301 from the official site of ISO.org : https://www.iso.org/standard/50038.html
2.- Large majority of our clients who go for the implementation of ISO 22301 already have some kind of risk assessment and treatment documentation. If you do not have risk management in place, I would suggest you go for our ISO 27001 & ISO 22301 Premium Documentation Toolkit https://advisera.com/27001academy/iso-27001-22301-premium-documentation-toolkit/ which also has the risk management documents, and the documents that will help you with policies and procedures that will mitigate the risks.
3.- Certainly, our ISO 22301 Toolkit contains the Business continuity plan (BCP) template, but also all other document templates that are required by ISO 22301. The toolkit provides you all the documentation and support that is needed to implement this standard in your company without using a consultant. -
Shredding CDs and USB memory sticks
Answer: If I understood your question well, you're asking about the documentation you should use for the process of shredding the media. From our ISO 27001 Documentation Toolkit you can use the Disposal and Destruction Policy https://advisera.com/27001academy/documentation/disposal-and-destruction-policy/ through which you can define some basic rules on how this process is handled.
You should also keep records of destruction of these media, however there is no need for some special form - in such records you need to specify what media was destroyed, method of destruction, when was this done, and by whom.
This article will also help you: Secure equipment and media disposal according to ISO 27001 https://advisera.com/27001academy/blog/2015/12/07/secure-equipment-and-media-disposal-according-to-iso-27001/ -
SLA and stakeholders
Answer:
To explain how an SLA helps i.e. empowers various stakeholders, let's assume some of them:
- Service Level Manager and operational team - SLA provides them with objectives which need to be achieved (e.g. resolution time for incidents of priority 2)
- Management of the organization/company - SLA is obligation to the customer and management want's to know whether company fulfills its requirement. Additionally, SLA is a tool to evaluate operational team (do they fulfill SLA requirements or not or whether we are much better then agreed in SLA so we can introduce new service level package)
- Customer - they know what to expect and they can control delivery of services they pay for (i.e. check whether they get what they paid for
- Suppliers - although not visible in SLA (or they don't know the content of SLA), but indirectly SLA defines their obligation, too.
Read the articles
"SLAs, OLAs and UCs in ITIL and ISO 20000" https://advisera.com/20000academy/knowledgebase/slas-olas-ucs-itil-iso-20000/
"ITIL – Service Level Agreements: Designing frameworks" https://advisera.com/20000academy/blog/2015/01/27/itil-service-level-agreements-designing-frameworks/
"ITIL Supplier Management and Service Level Management – How to put the two in balance" https://advisera.com/20000academy/blog/2015/11/10/itil-supplier-management-and-service-level-management-how-to-put-the-two-in-balance/
to learn more about SLA and other contracts. -
Environmental aspects in office
One more thing. Our main activity is designing high voltage installations and system analysis of power systems. I cannot see how the Procedure of Production & Services apply to us as we do not produce anything. Maybe I am on the wrong track here and hopefully you can give me a hi nt that help me with this issue.
Answer:
Since you are involved only in the office work, only environmental aspect related to your business are waste papers, toners for printers and other electronic waste. In case when there are no significant aspects in your company, you will have to define some insignificant environmental aspects as significant only because without significant environmental aspect you simply can't ave environmental management system. For more information, see: How to identify environmental aspects in your office using ISO 14001 https://advisera.com/14001academy/blog/2015/05/18/how-to-identify-environmental-aspects-in-your-office-using-iso-14001/
You are right, basically your main process is design and development and not production. In this case, you can use only Procedure for Design and Development but you need to add the reference documents from Procedure for Production and Service Provision and the part about customer property if you use any during your processes. -
Implementing ISO 9001 in hospitals
- organizational context
The requirements for determining context of the organization do not differ much from the industry to industry. You need to determine all internal and external issues relevant to our hospital and its ability to achieve its objectives. The best way to do it is to involve key people in the hospital and discuss and issues relevant to the quality of your service and satisfaction of your customers. For more information, see: How to identify the context of the organization in ISO 9001:2015 https://advisera.com/9001academy/knowledgebase/how-to-identify-the-context-of-the-organization-in-iso-90012015/
- resources management
This shouldn't be too difficult because it existed even without QMS. You need to determine all necessary resources for your hospital, this includes human resources, infrastructure, equipment, etc. However, you don't have to document the process of providing resources but you will need to keep records about competence of your employees and records about calibration of measuring equipment.
- design and development
This clause can be excluded if your hospital does not design new practices for patient treatment.
- control of nonconforming output
Nonconforming output in the case of hospitals is when some procedures are not followed. The nonconforming product can be out dated or corrupted medicines or improper disposal of medical waste.
In addition, Will I have to contain the clinical units in our QMS, if yes, How?
It depend on how you defined the scope of your QMS, if you decided to include all your clinical units in the scope then you need to define them in the document Scope of QMS. For more information, see: How to define the scope of the QMS according to ISO 9001:2015 https://advisera.com/9001academy/knowledgebase/how-to-identify-the-context-of-the-organization-in-iso-90012015/ -
Getting support for ISO 9001 implementation
Even I as a System Compliance Manager, the only reason I can give this change is that it will enable all management systems to be easily integrated since the requirement will be having the same structure now. Business risk management, stakeholders(interested parties) management - a sort of Context of Organisation has always been in company books and is always discussed.
Well, to change is always difficult. Lets hope this seemingly unnecessary burden works.
Answer:
Introducing changes, especially systematic ones is always difficult. The best way to persuade the rest of the cmpany is to arrange awareness raising meetings where you will explain them that they wont have too many new obligations and that their company will have a lot of benefits. The most important is that you acquire your top management support, once you have this, the rest of the company will follow.
For more information, see: Six Key Benefits of ISO 9001 Implementation https://advisera.com/9001academy/knowledgebase/six-key-benefits-of-iso-9001-implementation/ -
Control of external documents
Answer:
One way to deal with this situation is to limit recording only external documents related to the quality management system. The standard requires external documents to be controlled but non necessarily recorded into list of external documents, so you only need to add to the procedure how you handle this drawings.
For more information, see: New approach to document and record control in ISO 9001:2015 https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/