Search results

Home / Search

Category:
Select
Select

11275 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • IMS Standards

    Yes, you can still use the term "Management Representative" in your documentation, even though the specific role is no longer mentioned in ISO 9001:2015. While the 2015 version of the standard does not require a designated "Quality Management Representative," it does not prohibit using the term in your organization's documentation or procedures.

    The term "Management Representative can still be meaningful within the context of your organization's quality management system. It can represent the individual or individuals who are responsible for overseeing the QMS and ensuring its effectiveness

    Using the term "Management Representative" can provide clarity and a clear point of contact for QMS-related matters within your organization. However, it's essential to ensure that the responsibilities and roles associated with the "Management Representative" are clearly defined in your documentation (job description, for example). This ensures that everyone understands their responsibilities and facilitates effective communication and coordination in managing the QMS.

  • Question about SMCA

    The proper way to identify which assets (e.g., products and services) you need to consider for ensuring the continuity of your customer process is by performing a Business Continuity analysis (BIA).

    The BIA will help you identify how businesses are affected by disruptive events, and from this analysis, you can identify which assets (i.e., your products and services) you need to consider for the recovery efforts. 

    For further information, see:

  • Controlled documents

    Yes, these documents should be in the title of the controlled document. The storage period should first be determined according to the customer's specific requirements.

    If there is no request on this subject; you as an organization should determine the retention period.

    Apart from this, these test reports should be accessible, the records should be protected against fire, wetting, etc.

  • Scope (locations and addresses)

    For certification purposes, an organization needs to provide at least one physical address (in general, for remote work environments, where management activities are performed). Since you do not want to include the CEO’s home address you should consider an alternative location like renting a small office in a shared workspace, for example.

  • Identifying Controlled prints/documents

    The IATF 16949 standard does not require anything different from ISO 9001 in document management. Having a stamp is not a necessary issue for both.

    The important thing is that it is clear who prepares and approves the document, that the revisions are followed systematically, and that the current versions can be found in the places of use.

    Your company should establish and implement the revision tracking system, but this does not necessarily mean that it will be stamped.

  • Register of Requirements

    Please note that writing contracts requires legal expertise, and our expertise is in ISO standards and how to implement them.

    In general terms, contracts can be signed between the company and its employees (e.g., employment contracts), and the company and its customers and suppliers (e.g., service agreements).

    The main elements of a contract are the contract object (what is to be delivered), the identification of involved parties, and the rights and obligations of each party (contract clauses).

    In terms of information security clauses, these are based on risks that require mitigation and legal requirements that need to be fulfilled.

    For example, if there is a relevant risk of data loss, you may include a security clause to enforce the adoption of backup procedures to ensure copies of the information will be available. In case your company needs to be compliant with a privacy regulation like HIPAA or EU GDPR, you may include a security clause to enforce the other party to adopt practices to protect personal data and people’s privacy.

    For the proper writing of information security clauses and other contract clauses, we advise you to hire a legal expert.

    For further information, see:

  • ISO 27001 and minor non-conformities

    In general, the results of the treatment of minor nonconformities are reported in the next scheduled audit, but the best approach here is for you to contact your certification body and confirm with them when the treatment results should be reported to the certification auditor. 

  • Labelling information

    ISO 27001 does not prescribe what needs to be done with documentation created prior to the implementation of the Information Security Management System, so organizations are free to decide how to classify and label information.

    The organization can simply define that documentation created in the past has a standard classification (e.g., internal), and labeled accordingly, or that it is not classified and labeled at all.

    For further information, see:

  • Infosec responsibility for BCP from an IT perspective

    Please note that, in general, during the execution of a BCP, the infosec team and the IT team only have a limited number of shared responsibilities, so it does not make much sense to put the infosec team leading the IT response.

    The infosec team is also responsible for information that is not on information systems (e.g., information on paper media, and information in the form of people’s knowledge), while the IT team is also responsible for running recovered systems and networks.

    As you can see, in terms of a BCP, a better strategy would be for the infosec team to help define IT-related information security objectives to be achieved by the IT team.

    For further information, see:
Page 17-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +