Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11275 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Starting consulting agency
Answer:
Starting consulting business is not easy. Beside competence, you need to create a lot of materials regarding not only the standards that you offer but also things related to sales, and other processes in your new company. For people who are just starting the consulting business, we offer special product to help them establish their busines, here you can find free preview of our ISO 9001 Tools for Consultants https://advisera.com/9001academy/consultants/ -
Procedure for work environment
Answer:
From the title of the procedure I can't be sure what it should contain and does it really refers to ISO 14001 and to what requirements, but I can give you some general advice.
First you need to define the purpose, scope and users of the procedure, meaning why is it written, where it applies and who will apply it. Than you need to define all activities, responsibilities for the activities and records to demonstrate that the activities are carried out as planned.
That is, in short how to write the procedure, for more information, see:
- Deciding which procedures to document in the EMS https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/deciding-which-procedures-to-document-in-the-ems//
- 7 steps in writing QMS policies and procedures for ISO 9001 https://advisera.com/9001academy/blog/2015/03/10/7-steps-in-writing-qms-policies-and-procedures-for-iso-9001/
- ISO 9001:2015 process vs. procedure – Some practical examples https://advisera.com/9001academy/blog/2016/01/19/iso-90012015-process-vs-procedure-some-practical-examples/ -
Internal audit before certification according to new version
Answer:
The ISO 14001:2015 does not explicitly requires that you must perform internal audit before certification, but a lot of certification bodies expect you to conduct both internal audit and management review before certification in order to demonstrate that you applied all requirements of the standard.
The second reason for conducting internal audit before certification is to make sure that your organization is really compliant with the standard and avoid some nonconformities during certification audit. Once the internal audit is done you can meet certification audit without any stress.
For more inf ormation, see:
- What will the ISO 14001 auditor ask you during the certification? https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/what-will-the-iso-14001-auditor-ask-you-during-the-certification/ -
Corrective action traceability
Answer:
If there is one cause to several nonconformities, you can use the same corrective action to address those nonconformities. If the corrective action cause nonconformities on the other part of the system, it would be good to make reference in new corrective actions to the initial corrective action.
For more information, see:
- ISO 9001 – Difference between correction and corrective action https://advisera.com/9001academy/blog/2016/02/09/iso-9001-difference-between-correction-and-corrective-action/
- Seven Steps for Corrective and Preventive Actions to support Continual Improvement https://advisera.com/9001academy/blog/2013/10/27/seven-steps-corrective-preventive-actions-support-continual-improvement/ -
Logic behind dropping preventive actions
Answer:
The preventive actions were left out from the new version of the standard because of introduction of risk-based thinking that covers much larger scope than preventive actions and provides a framework for identification of risks and opportunities arising from the context of the organization and not only from the processes as it was with the preventive actions.
Preventive actions no longer exists only by their name, but actions to address risks and opportunities required by the new version of the standard basically represent the preventive action.
For more information, see:
- Risk-based thinking replacing preventive ac tion in ISO 9001:2015 – The benefits https://advisera.com/9001academy/knowledgebase/risk-based-thinking-replacing-preventive-action-in-iso-90012015-the-benefits/ -
Instalation
1. Is the toolkit on a CD or once payment has been received is there a link that is sent and then I (client) can download the documents from there, secondly,
2. If the toolkit is a software, does it come on a CD and is the software compatible with Mac?
Answer:
1. Once you purchase the toolkit, you will receive the email with the link where you can download the toolkit, in case when the link doesn't work or some other problem, we will send you an email with attached toolkit. You can also order the toolkit to arrive to your address on CD, but then you will have to wait until the post office delivers it to you.
2. The toolkit is set of Word and Excel documents, so it is not a software and it is completely compatible with Mac -
Time-frame for getting the certificate
Answer:
The answer to this question depends on the stage in implementation of the standard.
If the company implemented the standard and conducted internal audit and management review, than it only need to hire a certification body to conduct certification audit and issue the certificate. In this case, the certificate will be issued rather quickly.
If the company needs to implement the standard first, than it can take form three to six months or even longer, depending on the size of the company,complexity of the processes and also on resources and priority given for the implementation and certification of the standard.
for more information, see:
- Checklist of ISO 9001 implementation & certification steps https://advisera.com/9001academy/knowledgebase/checklist-of-iso-9001-implementation-certification-steps/ -
Achieving ISO 9001:2015 certificate
Answer:
In order to get certified, the company need to implement the standard first and than to hire certification body to perform certification and issue the certificate.
The implementation include several steps, the first one is to perform GAP analysis to determine what needs to be done to achieve full compliance with the standard, and than to develop project plan with all necessary activities, responsibilities and deadlines to ensure that nothing is missed out. Next step is to create documents and make changes in activities in order to be compliant with the standard. Once the standard is implemented and all processes are in place, the company need to conduct internal audit and management review to make sure that the quality management system is compliant with the standard.
When all this activities are carried out successfully, the company can hire certification body to conduct certification audit.
For more information, see:
- ISO 9001 Certification https://advisera.com/9001academy/knowledgebase/iso-9001-certification/
- Checklist of ISO 9001 implementation & certification steps https://advisera.com/9001academy/knowledgebase/checklist-of-iso-9001-implementation-certification-steps/ -
Support management
Answer:
I am sorry but I am not sure if I have understood your question. If you mean how to obtain support from the top management for the implementation of the ISO 27001 in the organization, you need to show the benefits that the ISMS can give to the business, that basically are 4 main points: compliance, marketing edge, lowering the expenses and putting your business in order.
For more information about these points, please read this article “Four key benefits of ISO 27001 implementation” : https://advisera.com/27001academy/knowledgebase/four-key-benefits-of-iso-27001-implementation/
And this free webinar can be also interesting for you “ISO 27001 benefits: How to obtain management support” : https://advisera.com/27001academy/es/webinar/iso-27001-benefits-how-to-obtain-management-support-free-webinar-on-demand/
Finally, our online course can be also interesting for you “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/ -
Merging the asset, risk assessment, risk treatment tables
Answer:
Yes, merging the Asset inventory and the Risk assessment table makes sense, especially for smaller companies; for a larger company it would be better if they separate the Asset inventory into a separate document because they would have some additional information stored there - see this article: How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/
However, I wouldn't recommend merging the Risk assessment table and Risk treatment table - this is because not all risks from the Risk assessment table need to be treated, and very often for one risk you would need several control s. Therefore, if you're using Excel for risk management, it is much easier to have two separate sheets for this purpose.