Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11275 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
What processes does ISO 9001 covers?
No, according to ISO 9001:2015 it is not mandatory to include in the quality management system any disciplinary or staff sickness procedures/policies
-
What is ISO 9001:2015
Answer:
ISO 9001 is the international standard for Quality Management Systems (QMS), published by ISO (the International Organization for Standardization). The Quality Management System, which is often referred to as a QMS, is a collection of policies, processes, documented procedures and records. This collection of documentation defines the set of internal rules that will govern how your company creates and delivers your product or service to your customers.
For more information, see:
- What is ISO 9001? https://advisera.com/9001academy/what-is-iso-9001/ -
Life-cycle and environmental aspects evaluation
Answer:
Yes, the life-cycle of the products should be evaluated in perspective of environmental aspects, meaning that you need to identify and evaluate all environmental aspects that emerge in each phase of your product life-cycle and to define operational controls for each significant environmental aspect.
For example, if you produce some chemicals, during the production there can be various environmental aspects so you need to prescribe how the impact of those aspects will be decreased, than in the phase of storage and transport, the chemicals may be spilled, so it is an environmental aspect that you control by defining way of packaging, storing and transporting the chemicals.
But there are some phases of life-cycle that you may not control, such as the storage conditions at your clients, etc. In such situations you can't prescribe operational controls but you can provide the instructions to your clients.
The point is, during the evaluation of environmental aspects in life-cycle of your products you need to determine not only the significant environmental aspects, but also the extent of the controls that you can establish.
For more information, see:
- 4 steps in identification and evaluation of environmental aspects https://advisera.com/14001academy/knowledgebase/4-steps-in-identification-and-evaluation-of-environmental-aspects/ -
Password management
Answer:
In accordance with the control 9.4.3 Password management system of ISO 27002:2013 (or A.9.4.3 in the Annex A of ISO 27001:2013), you should enforce regular password changes and as needed (but the frequency is not established in the standard). So, you can establish the frequency that you want. However, you should define the frequency based on the results of the risk assessment related to your IT system - if the risks are very high, you might set the frequency to 1 month, if they are high then the frequency might be 3 or 6 months, if the risks are low then every 1 or 2 years.
By the way, we have a template that you can use as Password Policy, you can see a free version of this document clicking on “Free demo” tab here “Password Policy” : https://advisera.com/27001academy/documentation/Password-Policy/
And our on line course can be also interesting for you “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/ -
Power management
Answer:
Yes, Facility Management (as part of IT Operations function) includes also power back-up. Please read the article "IT Operations Management Function in ITIL" https://advisera.com/20000academy/knowledgebase/operations-management-function-itil/ to learn more about IT Operations function according to ITIL. -
L1 and L2 support in financial industry
when reopen? -
ISO 27000:2016
Answer:
Yes, you are right, ISO has published recently the ISO 27000:2016, but the structure of the standard is very similar to the previous ISO 27000:2014 (by the way, the clause 2 Terms and definitions includes the same terms in both standards). The main change that I have seen is that in the clause 0.2 ISMS family of standards, the new ISO 27000:2016 references to new standards like ISO 27009, ISO 27017 or ISO 27018.
Anyway, from my point of view, the formal recommendation is that you always need to have the latest version of all standards, but in this case if you do not work with these new standards (ISO 27009, ISO 27017, ISO 27018), maybe the last revision of ISO 27000 will be not relevant for you.
Finally, do you know that we have an online course? Please try it! “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/ -
Exclusion of unnecessary procedures
Answer:
Depending on your processes, some of the requirements of the standard won't apply to your organization. Since you don't have warehousing as a process, you may exclude this procedure from your QMS documentation.
But, production procedure can't be excluded because it doesn't refer only to the production processes, but also to service provision processes and this is something that your company does. It wouldn't be called "Procedure for Production" but "Procedure for Service Provision" and here you need to describe how your service provision process is carried out, who is responsible for which steps in the process, what resources and additional documents and records are used, etc.
On the other hand, I would suggest you consider exclusion of the following clauses of the standard since they probably don't apply to your quality management system:
- 7.1.5 Monitoring and measuring resources
- 8.3 Design and development
- 8.5.3 Property belonging to customers or external providers
For more information, see:
- What clauses can be excluded in ISO 9001:2015? https://advisera.com/9001academy/blog/2015/07/07/what-clauses-can-be-excluded-in-iso-90012015/2015/ -
Where to start ISO 9001 implementation
Answer:
The best way of ISO 9001 implementation is to set it up as a project, meaning to define the activities, responsibilities, resources and deadlines.
The first step is to conduct GAP analysis to determine to what extent you already meet the requirements and what needs to be done to achieve the full compliance.
Once you determine all the activities, you need to create all the documents, establish new processes and adapt the existing processes. When everything is done, the company must conduct internal audit to check whether all the requirements of the standard are met and to conduct the management review.
After all the activities are executed and internal audit and management review are conducted, the company may hire certification body to conduct certification audit.
For more information, see:
- Checklist of ISO 9001 implementation & certification steps https://advisera.com/9001academy/knowledgebase/checklist-of-iso-9001-implementation-certification-steps/
- How to choose a project manager for your ISO 9001:2015 implementation https://advisera.com/9001academy/blog/2016/01/12/how-to-choose-a-project-manager-for-your-iso-90012015-implementation/ -
Naming the actions to address risks and opportunities
I would like to know your opinion on a question I asked during the webinar (not answered because of shortage of time).
How could you define in your QMS the actions coming out from a "risk assesment / evaluation activity":Preventive actions (no nonconformity has occurred yet), even if the term "preventive action" is not mentioned in the new ISO 9001) or "Corrective actions" assuming for instance that a risk exceeding a certain level (eg FMEA risk weight) is considered a nonconformity in your QMS ?
Answer:
The standard, doesn't define how this actions should be called, but I think the best title for them should be "actions to address risks and opportunities". The reason for that is to avoid the term "preventive" and they are not always "corrective", on the other hand, they need to be reviewed during the management review and it will be much easier to systematize them if they all have the same title, like corrective actions.
For more information, see:
- The Role of Risk Assessment in the QMS https://advisera.com/9001academy/blog/2014/01/07/role-risk-assessment-qms/