Search results

Home / Search

Category:
Select
Select

11275 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Publishing Quality and Environmental Policy


    Answer:

    Yes, you can publish the Quality and Environmental policies on your website, the standards require you to make the policies available to interested parties and this is a good way to meet this requirement. Also, publishing them on your website indirectly says that you have implemented ISO 9001 and ISO 14001 so it is in a way an advertising. But, since they will be a public documents, you must be very careful how you formulate them because the long and poorly written policies can backfire and have negative effect on the original purpose of publishing them.

    Here are some articles with tips on how to write the policies:
    - How to Write a Good Quality Policy https://advisera.com/9001academy/blog/2014/03/25/write-good-quality-policy/
    - How to write an ISO 14001 environmental policy https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/how-to-write-an-iso-14001-environmental-policy/

  • TS 16949 and ISO 9001


    Answer:

    Although TS 16949 derived from ISO 9001, it is a separate stand alone standard and it is not in collision with ISO 9001. So if you implemented both standards you can get certified against bot ISO 9001 and TS 16949, they do not exclude one another.

    ISO/TS 16949, particular requirements for application of ISO 9001:2008 for automotive production and relevant service part organizations, has used the ISO 9001 standard as the foundation for its requirements. ISO/TS 16949 takes the complete ISO 9001 standard requirements (in boxed text) and simply includes additional requirements and notes throughout the document. Due to this, it would be possible to implement a quality management system that is compliant with ISO/TS 16949, with the implementation of certain requirements only applicable to a smaller part of your organization (such as one production line) that is engaged in the automotive industry.

    For more information, see:
    - ISO 9001 vs ISO/TS 16949 advisera.com/9001academy/blog/2014/10/01/iso-9001-vs-isots-16949/

  • How many times to list an asset on the risk assessment table

    Ok great, thank you, will also check out those other references

  • Certify ISO 22301 methodology?


    Answer:
    I am not sure if I have understood your question but an organization cannot certify only a methodology, for example their ISO 22301 methodology, can certify a system (Business Continuity Management System - BCMS) based on ISO 22301, which is used for the management of the continuity of products, services, and all related activities of the business, so, really you can certify products, services and all related activities of the business of the organization, using ISO 22301 and their elements (BCP, BIA, RA, etc).

    And effectively, you can certify the whole organization, although it is not mandatory, I mean you can also limit the scope (what products, services, activities will be included in the scope).

    For the definition of the scope you need to identify other elements (internal and external issues, interfaces and dependencies, etc.), so this article can help you (talks about ISO 27001 but is similar to ISO 22301) “How to define the ISMS scope” : https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/

  • How detailed should be the risk assessment?


    Answer: No, in most cases people tend to over-complicate the risk assessment - essentially, ISO 27001 requires you only the following 5 elements:
    - Identifying the risk
    - Risk owner
    - Risk impact
    - Risk likelihood
    - Level of risk

    Therefore, if you want your risk assessment to be simple, you just need to limit it to these 5 elements. This article will explain you how to do it: How to write ISO 27001 risk assessment methodology https://advisera.com/27001academy/knowledgebase/write-iso-27001-risk-assessment-methodology/

    2) What are the points more relevant to perform the risk assessment in a consistent way?

    Besides having a clear risk assessment methodology, you have to perform all the 6 steps in the risk assessment process - see this article for explanation: ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/

  • Implementing ISO 9001 in hospital


    Answer:

    Implementing ISO 9001 in hospitals is a challenging task. The best way to approach it is to set it as a project, meaning to determine what needs to be done, who will do it and what are the deadlines. First thing that should be done is to conduct GAP analysis and determine to what extent your organization is already compliant with the standard a nd what documents and processes need to be established to achieve the full compliance.

    QMS in hospitals differs from the QMSs i other industries so it needs extra caution. ISO organization published IWA 1 - Quality Management Systems - Guidelines for process improvements in health service organizations and I suggest you to use this document for implementation of the ISO 9001 in your organization. For more information, see:
    - Would hospitals benefit from ISO 9001? https://advisera.com/9001academy/blog/2015/07/21/would-hospitals-benefit-from-iso-9001/

  • Performance management and Problem Management

    scope of these two management process

    Answer:
    ITIL (or ISO 20000) do not explicitly define Performance Management as a stand alone process. It's rather in scope of the Capacity Management or Continual Service Improvement. Performance management is about measuring, monitoring and improving (or fine tuning) performance of the service or component (or could be of your e.g. Service desk).
    More details about Capacity Management could be found in the articles:
    "ITIL and ISO 20000 – How to setup the Capacity Management process" https://advisera.com/20000academy/blog/2016/02/16/itil-and-iso-20000-how-to-setup-the-capacity-management-process/
    "Three faces of Capacity Management" https://advisera.com/20000academy/knowledgebase/three-faces-capacity-management/
    "ITIL Reactive and Proactive Capacity Management" https://advisera.com/20000academy/blog/2015/04/07/itil-reactive-and-proactive-capacity-management/

    Problem Management has to find root cause of one or more incidents. An incident can have root cause in performance so from that point of view Problem Management can deal with performance as well. But Problem Management has much broader scope. This articles should explain:
    "How to resolve the problem ticket/record according to ITIL/ISO 20000" https://advisera.com/20000academy/blog/2016/04/05/how-to-resolve-the-problem-ticketrecord-according-to-itiliso-20000/
    "ITIL Reactive and Proactive Problem Management: Two sides of the same coin" https://advisera.com/20000academy/knowledgebase/itil-reactive-proactive-problem-management-two-sides-coin/
    "ITIL and ISO 20000 Problem Management – Organizing for problem resolution" https://advisera.com/20000academy/blog/2014/07/29/itil-iso-20000-problem-management-organizing-problem-resolution/
    "ITIL Problem Management: getting rid of problems" https://advisera.com/20000academy/blog/2013/08/05/itil-problem-management-getting-rid-problems/

  • Is ISO 27001:2013 consistent with HLS?


    Answer:
    Yes, ISO 27001:2013 is consistent with HLS (High Level Structure), this means that ISO 27001:2013, ISO 9001:2015, ISO 14001:2015, ISO 22301:2012, etc. have the same structure: 0. Introduction, 1. Scope, 2. Terms and definitions, 4. Context of the organization, 5. Leadership, 6. Planning, 7. Support, 8. Operation, 9. Performance evaluation, 10. Improvement.

    It is also known as “Annex SL” of ISO/IEC Directives, so this article can be interesting for you “Has the PDCA Cycle been removed from the new ISO standards?” : https://advisera.com/27001academy/blog/2014/04/13/has-the-pdca-cycle-been-removed-from-the-new-iso-standards/

    And if you are interested in ISO 27001:2013, our online course can give you a good knowledge about the standard “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/

  • ¿Se tienen en cuenta los activos en ISO 27001:2013?


    Respuesta:
    En la nueva ISO 27001:2013 no es obligatorio trabajar con activos durante la gestión de riesgos (esta es una diferencia importante con respecto a la versión anterior del estándar), pero desde nuestro punto de vista, una metodología basada en activos es un enfoque sencillo, y nuestra recomendación es mantenerla. En cualquier caso, puedes trabajar también sin activos, calculando los riesgos sin activos, aunque esto no es nuestra recomendación.

    Por tanto, este artículo sobre los cambios que se han producido sobre la gestión de riesgos te puede interesar "What has changed in risk assessment in ISO 27001:2013" : https://advisera.com/27001academy/knowledgebase/what-has-changed-in-risk-assessment-in-iso-270012013/

    Y también te puede interesar nuestro curso online porque también te puede dar información sobre la gestión de riesgos en la versión actual de la norma , aunque el curso de momento sólo está disponible en inglés “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/

  • Terms and Definitions

    It is not a requirement of the standard so it is up to organization to decide whether to have them or not. If you find them useful then keep them.
Page 1007-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +