Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11271 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
The process of implementation in a simple way
Answer:
Maybe the easiest way to understand the process of implementation is to see it as a checklist of 16 steps, so this article can be very useful for you “ISO 27001 implementation checklist” : https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
We hope you in the next webinar where we will also speak about this process of implementation, and remember that we also have an online course that can be interesting for you “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/ -
ISO 27001 and COBIT 5
Answer:
Basically ISO 27001 is focused specifically to information security, while COBIT is focused on IT governance (one part of IT governance is also information security).
By the way, a company can get certified against ISO 27001 but cannot certify against COBIT.
Finally, our online course can be very interesting for you “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/ -
The implementation of ISO 27001
Answer:
Your situation is very normal, so don’t worry, we can help you. The first thing that you need, before all, is to obtain the management support. To do this, you need to show them the benefits of the ISMS, that we can resume in 4 points: Compliance, Marketing edge, Lowering the expenses, and putting your business in order. For more information about this, please read this article “Four key benefits of ISO 27001 implementation” : https://advisera.com/27001academy/knowledgebase/four-key-benefits-of-iso-27001-implementation/
After this, is very important treat the implementation as a project (like other project), so this article can be useful for you “ISO 27001 project – How to make it work” : https://advisera.com/27001academy/blog/2013/04/22/iso-27001-project-how-to-make-it-work/
And after, you should define the scope the ISMS, write an ISMS policy, define the risk assessment methodology, et c. For more details, please read this article “ISO 27001 implementation checklist” :https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
Finally, maybe our online course can be also very interesting for you “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/ -
Checklist for documenting risk analysis
Answer:
The requirement from the clause 6.1 does not have to be documented. However, if you decide to document it, you can create the procedure that will explain the process of addressing risks and opportunities and records where you will have registry of key risks and opportunities in your company and plans for addressing those risks and opportunities.
You can take a look at free preview of our Procedure for Addressing Risks and Opportunities https://advisera.com/9001academy/documentation/procedure-for-addressing-risks-and-opportunities/ -
Involve people in update to ISO 9001:2015
Answer:
Engagement of people is crucial for effective quality management system, especially because the new version require higher involvement of the top management for determining context of the organization and addressing risks and opportunities. The second important change is that there is no management representative required any more so the process owners mus be involved in order to have effective QMS.
The only way to achieve higher involvement of the people regarding update to ISO 9001:2015 is to raise awareness about it. You can arrange the awareness raising sessions where you will explain the changes to the people and also the benefits of the new version and overall benefits of ISO 9001.
For more information, see:
- How to ensure competence and awareness in ISO 9001:2015 https://advisera.com/9001academy/knowledgebase/how-to-ensure-competence-and-awareness-in-iso-90012015/
- ISO 9001 awareness training material: How to create it, what it should contain https://advisera.com/9001academy/blog/2015/05/19/iso-9001-awareness-training-material-how-to-create-it-what-it-should-contain/
- Using Competence, Training and Awareness to Replace Documentation in your QMS https://advisera.com/9001academy/blog/2013/12/17/using-competence-training-awareness-replace-documentation-qms/ -
Supplier Evaluation Consultant
Answer:
The real question is, do you need a consultant for evaluation of suppliers. New ISO 9001:2015 is very clear on what needs to be done in order to conduct effective evaluation of suppliers.
First you need to establish criteria for evaluation, selection and monitoring suppliers. This means that you need to determine what is really important to you when it comes to selection of the suppliers, criteria can be the price of products and services to be delivered, the quality, shipment timing, etc. Different criteria can have different importance to you, so you can assign different scale to different criteria to demonstrate their importance and to help you make better selection. Once you define criteria for evaluation, you need to determine criteria for selection, meaning how high on the scale the supplier need to be in order to be selected.
When you determine criteria for evaluation and selection of the suppliers, next step is to conduct t he evaluation and select the suppliers, as a result of this activity you will have a list of approved suppliers, and this evaluation needs to be conducted periodically, usually every year.
Keep in mind that the new version of the standard treats the same the suppliers and outsourcing partners, so you need to include in your evaluation not just the your suppliers but also outsourcing partners.
For more information see:
- How to evaluate supplier performance according to ISO 9001:2015 https://advisera.com/9001academy/blog/2015/10/27/how-to-evaluate-supplier-performance-according-to-iso-90012015/
- How to control outsourced processes using ISO 9001 https://advisera.com/9001academy/blog/2015/05/05/how-to-control-outsourced-processes-using-iso-9001/
You can also take a look at a free preview of our Procedure for Purchasing and Evaluation of Suppliers https://advisera.com/9001academy/documentation/procedure-purchasing-evaluation-suppliers/ -
ISO 45001
Some questions regarding the transition from OHSAS 18001 to ISO 45001,
a) When will ISO 45001 be released?
b) Will you advise me to implement OHSAS 18001 now in companies or wait until release of ISO 45001 standard and then implement the new ISO standard?
c) I want to advise my clients properly and not end up costing them unnecessary money by advancing in OHSAS now and later have to be re-certified for ISO 45001,
Answer:
a) ISO 45001 will be released probably in September or October this year, maybe even later but certainly not before.
b) Since the standard will be released so late this year, I would suggest you to implement the OHSAS 18001, also there will be some two or three year transition period so it is safe to go with existing OH&S standard.
c) It all depends how quick they need the OH&S management system, if they can wait until the end of the year that i s fine, but if they need it sooner than they should go with OHSAS 18001. Also the transition period gives them enough time to choose when they want to start with transition.
For more information, see:
- First glance at ISO/DIS 45001 – How different is it from OHSAS 18001? https://advisera.com/18001academy/blog/2016/01/20/first-glance-at-isodis-45001-how-different-is-it-from-ohsas-18001/ -
Details about ISO 9001:2015
Answer:
To learn more about ISO 9001:2015, I suggest you to take a look at our free ISO 9001:2015 Foundation online course https://advisera.com/training/iso-9001-foundations-course/
We also have a free webinar that explains differences between old and new version of the standard:
- Free webinar – ISO 9001:2015 vs ISO 9001:2008 – The main changes https://advisera.com/9001academy/webinar/iso-90012015-vs-iso-90012008-the-main-changes-free-webinar-on-demand/ -
Definition of an aspect
Answer:
According to ISO 14001:2015 environmental aspect is element of an organization’s activities or products or services that interacts or can interact with the environment and environmental impact is change to the environment, whether adverse or beneficial, wholly or partially resulting from an organization’s environmental aspects.
For example, in the process of car repair, the activity can be change of motor oil, inputs in this activity are man power, working order, new oil filters, motor oil, etc. The output of this activity is waste oil, waste oil filters, working order, etc. When you take a look at the activity and its inputs and outputs, you can see that the aspects are those inputs and outputs that interact with the environment, so it would be motor oil, waste motor oil and waste filters. Environmental impact that those aspect have is on water and soil. If they are proclaimed as significant environm ental aspect than the organization must establish operational controls to decrease their impact.
For more information, see:
- List of procedures for managing environmental aspects https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/list-of-procedures-for-managing-environmental-aspects/
- 4 steps in identification and evaluation of environmental aspects https://advisera.com/14001academy/knowledgebase/4-steps-in-identification-and-evaluation-of-environmental-aspects/
- Catalogue of environmental aspects https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/catalogue-of-environmental-aspects/ -
Exclusion vs. Not applicable
Answer:
You are right, according to the new version of the standard, correct term would be "not applicable" rather then "exclusion" as it were in the 2008 revision of the standard. The reason why we continued to use the old term was that the people are more familiar with it and it would be easier for them to understand.
For more information, see:
- What clauses can be excluded in ISO 9001:2015? https://advisera.com/9001academy/blog/2015/07/07/what-clauses-can-be-excluded-in-iso-90012015/2015/