Search results

Home / Search

Category:
Select
Select

11272 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Control of outsourcing partners and suppliers


    i.e. As a distributor are we required to ask our suppliers/manufacturers to be compliant with a particular standard? If they are not compliant, should all the products they supply be classified as a non-conforming product?

    We had a process in place previously where we would ask all suppliers to complete a compliance form and ask for their most up to date certificates. Products supplied by suppliers with non-existent or out dated certificates would be classified and non-conforming and would be dealt with accordingly, however we were told this is no longer necessary.

    Answer:

    Yes, the standard requires control of outsourced processes, but it does not define to what extent. Basically, you will need to determine what extent of control is necessary. In some cases the contract will be enough or clearly defined requirements regarding the o utsourcing partner and in some cases you might need to require that the service or product provided to you by outsourcing partner to be produced and delivered under certain conditions sou you might have to provide them documented procedures or instructions and to conduct on site inspections.

    Of course, the level of control of the outsourcing partners may vary from situation to situation. For example if your outsourcing partner is a small company then you might impose higher level of control, but if your supplier or outsourcing partner is some big company oversees that you won't be able to enforce much control on them.

    You might require form your supplier to have certificate but that is completely up to you, the standard only requires you to establish controls but it doesn't prescribe what control you should establish. If having certificate is enough for you to determine whether the suppliers can or can not deliver what you expect from them, than it is OK.

    For more information, see:
    - How to control outsourced processes using ISO 9001 https://advisera.com/9001academy/blog/2015/05/05/how-to-control-outsourced-processes-using-iso-9001/

  • Managing documents


    Answer:

    Not all emails are considered as documents, some of them are just communication and there is no point in making records of all emails received in the company, but of course some of them should be considered as documents, especially if they have some documents in attachment, such documents can be recorded into some email register.

    Vehicle registration slips are issued by the external organization and should be treated as external documents.

    For more information, see:
    - New approach to document and record control in ISO 9001:2015 https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/

  • How to start complying with ISO 9001


    Answer:

    The first step is to get to know with the standard requirements and performing a gap analysis to determine to what extent the organization is already compliant with the standard and what needs to be done to achieve the full compliance. Here is the link to our free GAP Analysis Tool https://advisera.com/9001academy/iso-9001-gap-analysis-tool/

    Once you determine what needs to be done, yo need to establish the implementation of the standard as a project, determine the deadlines for activities, assign resources and responsibilities. Here you can find a free Project Plan for ISO 9001:2015 implementation https://advisera.com/9001academy/free-downloads// also you can find the ISO 9001 Implementation diagram on the same link.

    When you finish with implementation of the standard, meaning to develop all documents and establish all the process, you need to conduct internal audit and management review to ensure that you are compliant with all requirements of the standard. Then you can hire certification body to conduct certification audit and to issue you the certificate.

  • Stage 1 and stage 2 for the internal audit?


    Answer:
    The stage 1 (and stage 2), typically is only for the certification audit (third party audit), and before it you only need to perform the internal audit. You can do the review during the internal audit, and assess that documented information is completed and managed in a compliant way, so you do not need to perform the internal audit dividing it into 2 parts, I mean, you only need to perform an stage to review all documents and to review the compliance with the standard.

    This article can help you to make an internal audit checklist (and to know all steps of the internal audit) “How to make an Internal Audit checklist for ISO 27001/ISO 22301” : https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso -22301/

    And our online course can help you to become an internal auditor and perform internal audits “ISO 27001:2013 Internal Auditor Course” : https://advisera.com/training/iso-27001-internal-auditor-course/

  • Implementing ITIL/ISO 20000


    Answer:
    ITIL, i.e. ISO 20000 are applicable in variety of industries and companies.
    Here are few case studies i.e. articles which can give you better overview:
    "ITIL implementation in your IT organization" https://advisera.com/20000academy/free-downloads/
    "Implementing ITIL in a telecommunications company" https://advisera.com/20000academy/free-downloads/
    "Applicability of ITIL divided by industry" https://advisera.com/20000academy/free-downloads/
    "Applicability of ISO 20000 divided by industry" https://advisera.com/20000academy/free-downloads/

  • ISO 27001, COBIT and SOX


    Answer:
    ISO 27001 is used when a company wants to Information Security Management System (ISMS) to protect the information of his business, or when a company needs an international certificate to demonstrate to the world that he is compliant with an international standard related to the protection of the information. This article can help you to know more basic information about ISO 27001 “What is ISO 27001?” : https://advisera.com/27001academy/what-is-iso-27001/

    And this article can show you what are the benefits of the implementation of ISO 27001 “Four key benefits of ISO 27001 implementation” : https://advisera.com/27001academy/knowledgebase/four-key-benefits-of-iso-27001-implementation/

    So, generally the compliance with ISO 27001 is optional, unless you have an agreement with another party that establishes that you need to implement the standard.

    Regarding SOX, it is also related to the information security, although it is related to the public company accounting and investor protection, and it is applicable for all companies that traded in NYSE (New York Stock Exchange).

    Regarding COBIT, it is similar to ISO 27001, because it is an international standard, although you cannot certify it, and it is related to the governance of IT (which includes information security, but not only this).

    Our online course can be interesting for you if you need more information about the implementation and compliance of ISO 27001 “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/

  • ISO 27001 and massive companies


    Answer:
    We have all necessary documents for the implementation of ISO 27001:2013, but our templates are mainly developed for small and medium companies. Those documents can be used by large companies, but they would need to be made more complex - for example, in our Risk assessment methodology we use the assessment scales of Low-Medium-High, whereas you could use the scales of 1 to 5; we assess impact and likelihood, while you could choose to assess separately the impact on confidentiality, integrity and availability, as well as vulnerabilities and threats.

    Anyway, remember that ISO 27001:2013 establishes a number of specific documents which are mandatory, and you need to have t hem independently of the size of your company. Here you can see a list of these mandatory documents “List of mandatory documents required by ISO 27001 (2013 revision)” : https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/

    Other important thing for the implementation of ISO 27001 in any company, so I think that it can be also useful for you, is to see it as a project, so this article can be also interesting for you “ISO 27001 project – How to make it work” : https://advisera.com/27001academy/blog/2013/04/22/iso-27001-project-how-to-make-it-work/

    For the implementation, you can also use our approach based on 16 steps, so please see this “ISO 27001 implementation checklist” : https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/

    And you can also write your own methodology of risk management with the help of this article “How to write ISO 27001 risk assessment methodology” : https://advisera.com/27001academy/knowledgebase/write-iso-27001-risk-assessment-methodology/

    Finally, our online course can be interesting for you to learn more about the implementation of ISO 27001 “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/

  • Same person implementing and auditing ISO 14001


    Answer:

    Yes, the person involved in the implementation can be the internal auditor. Only condition is that the auditor can not audit his own work, so for areas where the person works or part of the system where the person participated in implementation should be audited by some other internal auditor.

    Here is the link to our free ISO 14001:2015 Internal Auditor Course https://advisera.com/training/iso-14001-internal-auditor-course/

  • Evidence of ISO 9001 compliance


    Answer:

    In order to pass the certification audit, the company must be fully compliant with the standard, meaning that all documents (mandatory by the standard and ones that organization determine as part of QMS) and processes are in place and internal audit and management review are conducted.

    For more information, see:
    - ISO 9001 Certification https://advisera.com/9001academy/iso-9001-certification/
    - Checklist of ISO 9001 implementation & certification steps https://advisera.com/9001academy/knowledgebase/checklist-of-iso-9001-implementation-certification-steps/

  • What is new in ISO 9001:2015


    Answer:

    New version of ISO 9001 brings lot of changes, basically there are some changes in every clause of the standard. The main changes are:

    - The structure - instead of 8 clauses there are now 10 and it is better aligned with the new version of ISO 14001, ISO 27001 and all new versions of other standards.

    - Context of the organization - this is completely new clause and requires organization to determine internal and external issues relevant to organization purpose and strategic direction. For more information, see: How to identify the context of the organization in ISO 9001:2015 https://advisera.com/9001academy/knowledgebase/how-to-identify-the-context-of-the-organization-in-iso-90012015/

    - Risk based thinking - this new approach replaces preventive actions and requires organization to identify risk and opportunities related to ability of the organization to achieve its objectives. For more information, see: Risk-based thinking replacing preventive action in ISO 9001:2015 – The benefits http: //advisera.com/9001academy/knowledgebase/risk-based-thinking-replacing-preventive-action-in-iso-90012015-the-benefits/

    To get a full overview of the changes and differences between 2008 and 2015 revision of the standard, take a look at this free ISO 9001:2015 vs. ISO 9001:2008 matrix https://advisera.com/9001academy/free-downloads//
Page 1009-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +