Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11268 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Relations with subcontractor and ISO 9001
Main contractor will request subcontractor to records their inspection activities in the form they provided according and comply to their procedure. On the other hand, subcontractor also has establish own procedure and records as required by ISO standards.
From my opinion, both main and sub's forms shall be used and filled in by subcontractor because it is mandatory for subcontractor to comply with main contractor requirement in order to maintain ISO requirement for the main contractor and it is also mandatory for the subcontractor to comply to ISO standards and keep records for its own.
So in an inspection, there shall be two forms are used, one from main contractor and will be kept by main contractor and one from subcontractor to be kept for subcontractor proof of their QMS implementation.
I t hink it is logical but I need confirmation whether it is indeed the common practice for subcontractor company.
Answer:
It is not a very common practice for organization to prescribe records to its subcontractors, it is not a nonconformity but it definitely isn't something that the standard requires. But if the main organization decided to prescribe a procedure and records to sub contractor, then in the point of view of the subcontractor there is no need to double the records of their own, they can use the main company records and refer to them in the Quality Manual or some other procedure.
There is no need or requirement of the standard to have two records for the same thing, regardless of the origin of the record. The records and procedures provided by the main company will be considered as external documents in the QMS of the subcontractor and that is all. -
Scope of the internal audit
Answer:
The scope of the internal audit needs to be aligned with the scope of the ISMS, and should include the review of all requirements of the standard, including the security controls implemented by the organization. So, you can develop a checklist with all points that you need to review during the internal audit, and for this, you can read our article “How to make an Internal Audit checklist for ISO 27001 / ISO 22301” : https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/
And our template can be also interesting for you (you can see a free version clicking on “Free demo” tab) “Internal Audit Checklist” https://advisera.com/27001academy/documentation/internal-audit-checklist/
Or maybe can be also useful for you our Internal Audit Toolkit “ISO 27001/ISO 22301 Internal Audit Toolkit” : https://advisera.com/27001academy/iso-27001-22301-internal-audit-documentation-toolkit/
Finally, our online course can be also interesting for you, because we give more details about the internal audit “ISO 27001:2013 Internal Auditor Course” : https://advisera.com/training/iso-27001-internal-auditor-course/ -
Service Management objectives and quality objectives
Answer:
Setting up objectives is mandatory but there is no fix-defined period how often they should be changed/updated. Review of objectives (whether quality or service management) should take place at least once a year. And, as you said, they should be measured and adapted accordingly to the results. But to set completely new objectives once a year - I think that's not possible. Additionally, objectives should point into mission/vision direction so they will be, from time-to-time, slightly adapted.
Is Quantitati ve Measurement is not a mandate from Standard Point of view. Lots of people debate on this. What is exactly. As per me It must measurable but how you are measuring it is matter of choice.
Answer:
Measurement should be quantitative. This means that you have to have exact values which are result of measurement. They are compared to expected/desired/required numbers. Consequence is to define what to do or where to go once you have quantitative results.
Read the article "Facing reality – measurements in ITIL" https://advisera.com/20000academy/blog/2013/04/02/facing-reality-measurements-itil/ to learn more.
If aim of both Quality objective, Service Management objective and Service Improvement Plan is same then why to have to at same place. Main question is again same is it mandatory from Standard Point of view to have a objective for a time bound period and then achieve it. Can't we have a running objectives. Is it Non-conformance ?
Answer:
Quality objectives and Service Management objectives do not need, necessarily, same. Service Improvement Plan is your plan (containing concrete measures) how to achieve improvements. It could directly affect your service management objectives but it could affect some e.g. operational activity or some part of the service which does not directly influence service management objective. So, I think is't not possible to declare Service Improvement Plan same as Service Management objective. Read the article "ITIL Continual Service Improvement – don’t lose the momentum" https://advisera.com/20000academy/blog/2014/04/15/itil-continual-service-improvement-dont-lose-momentum/ and "ITIL CSI 7-step improvement process: How to analyze and present findings" https://advisera.com/20000academy/blog/2015/07/21/itil-csi-7-step-improvement-process-how-to-analyze-and-present-findings/ to learn more about improvement in IT Service Management. -
Publishing Quality and Environmental Policy
Answer:
Yes, you can publish the Quality and Environmental policies on your website, the standards require you to make the policies available to interested parties and this is a good way to meet this requirement. Also, publishing them on your website indirectly says that you have implemented ISO 9001 and ISO 14001 so it is in a way an advertising. But, since they will be a public documents, you must be very careful how you formulate them because the long and poorly written policies can backfire and have negative effect on the original purpose of publishing them.
Here are some articles with tips on how to write the policies:
- How to Write a Good Quality Policy https://advisera.com/9001academy/blog/2014/03/25/write-good-quality-policy/
- How to write an ISO 14001 environmental policy https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/how-to-write-an-iso-14001-environmental-policy/ -
TS 16949 and ISO 9001
Answer:
Although TS 16949 derived from ISO 9001, it is a separate stand alone standard and it is not in collision with ISO 9001. So if you implemented both standards you can get certified against bot ISO 9001 and TS 16949, they do not exclude one another.
ISO/TS 16949, particular requirements for application of ISO 9001:2008 for automotive production and relevant service part organizations, has used the ISO 9001 standard as the foundation for its requirements. ISO/TS 16949 takes the complete ISO 9001 standard requirements (in boxed text) and simply includes additional requirements and notes throughout the document. Due to this, it would be possible to implement a quality management system that is compliant with ISO/TS 16949, with the implementation of certain requirements only applicable to a smaller part of your organization (such as one production line) that is engaged in the automotive industry.
For more information, see:
- ISO 9001 vs ISO/TS 16949 advisera.com/9001academy/blog/2014/10/01/iso-9001-vs-isots-16949/ -
How many times to list an asset on the risk assessment table
Ok great, thank you, will also check out those other references -
Certify ISO 22301 methodology?
Answer:
I am not sure if I have understood your question but an organization cannot certify only a methodology, for example their ISO 22301 methodology, can certify a system (Business Continuity Management System - BCMS) based on ISO 22301, which is used for the management of the continuity of products, services, and all related activities of the business, so, really you can certify products, services and all related activities of the business of the organization, using ISO 22301 and their elements (BCP, BIA, RA, etc).
And effectively, you can certify the whole organization, although it is not mandatory, I mean you can also limit the scope (what products, services, activities will be included in the scope).
For the definition of the scope you need to identify other elements (internal and external issues, interfaces and dependencies, etc.), so this article can help you (talks about ISO 27001 but is similar to ISO 22301) “How to define the ISMS scope” : https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/ -
How detailed should be the risk assessment?
Answer: No, in most cases people tend to over-complicate the risk assessment - essentially, ISO 27001 requires you only the following 5 elements:
- Identifying the risk
- Risk owner
- Risk impact
- Risk likelihood
- Level of risk
Therefore, if you want your risk assessment to be simple, you just need to limit it to these 5 elements. This article will explain you how to do it: How to write ISO 27001 risk assessment methodology https://advisera.com/27001academy/knowledgebase/write-iso-27001-risk-assessment-methodology/
2) What are the points more relevant to perform the risk assessment in a consistent way?
Besides having a clear risk assessment methodology, you have to perform all the 6 steps in the risk assessment process - see this article for explanation: ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/ -
Implementing ISO 9001 in hospital
Answer:
Implementing ISO 9001 in hospitals is a challenging task. The best way to approach it is to set it as a project, meaning to determine what needs to be done, who will do it and what are the deadlines. First thing that should be done is to conduct GAP analysis and determine to what extent your organization is already compliant with the standard a nd what documents and processes need to be established to achieve the full compliance.
QMS in hospitals differs from the QMSs i other industries so it needs extra caution. ISO organization published IWA 1 - Quality Management Systems - Guidelines for process improvements in health service organizations and I suggest you to use this document for implementation of the ISO 9001 in your organization. For more information, see:
- Would hospitals benefit from ISO 9001? https://advisera.com/9001academy/blog/2015/07/21/would-hospitals-benefit-from-iso-9001/ -
Performance management and Problem Management
scope of these two management process
Answer:
ITIL (or ISO 20000) do not explicitly define Performance Management as a stand alone process. It's rather in scope of the Capacity Management or Continual Service Improvement. Performance management is about measuring, monitoring and improving (or fine tuning) performance of the service or component (or could be of your e.g. Service desk).
More details about Capacity Management could be found in the articles:
"ITIL and ISO 20000 – How to setup the Capacity Management process" https://advisera.com/20000academy/blog/2016/02/16/itil-and-iso-20000-how-to-setup-the-capacity-management-process/
"Three faces of Capacity Management" https://advisera.com/20000academy/knowledgebase/three-faces-capacity-management/
"ITIL Reactive and Proactive Capacity Management" https://advisera.com/20000academy/blog/2015/04/07/itil-reactive-and-proactive-capacity-management/
Problem Management has to find root cause of one or more incidents. An incident can have root cause in performance so from that point of view Problem Management can deal with performance as well. But Problem Management has much broader scope. This articles should explain:
"How to resolve the problem ticket/record according to ITIL/ISO 20000" https://advisera.com/20000academy/blog/2016/04/05/how-to-resolve-the-problem-ticketrecord-according-to-itiliso-20000/
"ITIL Reactive and Proactive Problem Management: Two sides of the same coin" https://advisera.com/20000academy/knowledgebase/itil-reactive-proactive-problem-management-two-sides-coin/
"ITIL and ISO 20000 Problem Management – Organizing for problem resolution" https://advisera.com/20000academy/blog/2014/07/29/itil-iso-20000-problem-management-organizing-problem-resolution/
"ITIL Problem Management: getting rid of problems" https://advisera.com/20000academy/blog/2013/08/05/itil-problem-management-getting-rid-problems/