Search results

ISO 14001 Significant aspects

You determine a set of environmental aspects. Then, you evaluate and segregate the significant from the nonsignificant environmental aspects:

Organizations do not have enough resources to act upon every environmental aspects. Each organization has the authority to determine its own method to evaluate significant from nonsignificant aspects. Many organizations use, as criteria, the frequency or probability of the environmental aspect and the severity of its impact.

Please check this information below with more detailed answers:

• Environmental aspect identification and classification - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/environmental-aspect-identification-and-classification/
• Free webinar - Free webinar - ISO 14001: Identification and evaluation of environmental aspects - https://advisera.com/14001academy/webinar/iso-14001-identification-and-evaluation-of-environmental-aspects-free-webinar-on-demand/
• Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
• Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/
   

Creation of training procedure

When writing the training procedure; you should especially consider clauses 7.2,7.2.1,7.2.3,7.2.47.3.1 of the IATF 16949: 2016 standard.

The training procedure should mainly include the following topics:

• How is the training need determined,
• How training needs are evaluated and planned,
• How to measure training effectiveness,
• How are employee competencies developed,
• How to increase awareness  of employees for quality and customer expectations
• On-the-job training should be provided for each new and assigned personnel and this subject should be explained.
• How to prepare and review an annual training plan
• How and for how many years training records will be kept

For more information please see:

• How to ensure the competence of your employees according to IATF 16949 https://advisera.com/16949academy/blog/2017/10/04/how-to-ensure-competence-of-your-employees-according-to-iatf-16949/

• Procedure for Competence, Training and Awareness https://advisera.com/16949academy/documentation/procedure-for-competence-training-and-awareness/
• Training Record https://advisera.com/16949academy/documentation/training-record/ 

• ISO 9001 Corrective action

  First, let us consider the general situation:

   

  Based on my interpretation of your text, you are describing a correction, not a corrective action. A corrective action will start when you look for the root cause of the short circuit. So, why did you have a short circuit?

  After finding the root cause you should implement an action to remove that root cause. After implementing that action, you should look for a way of testing its effectiveness.

  You can find more information below:

  • How to use root cause analysis to support corrective actions in your QMS - https://advisera.com/9001academy/blog/2016/03/01/how-to-use-root-cause-analysis-to-support-corrective-actions-in-your-qms/
  • Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
  • Book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
     

• Third party

  Among data controllers and data processors, it is always required a Data Processing Agreement (DPA) by Article 28 GDPR either if the processor has remote access to data or not. The nature of processing is determined by the controller while the processor processes data on the controller’s behalf under a written legal agreement with binding effects.

  Here you can find more information about the data controller and the processor, consent, and data subjects:

  • Is consent needed? Six legal bases to process data according to GDPR https://advisera.com/eugdpracademy/knowledgebase/is-consent-needed-six-legal-bases-to-process-data-according-to-gdpr/
  • Data subject rights according to GDPR https://advisera.com/eugdpracademy/knowledgebase/8-data-subject-rights-according-to-gdpr//
  • EU GDPR controller vs. processor – What are the differences? https://advisera.com/eugdpracademy/knowledgebase/eu-gdpr-controller-vs-processor-what-are-the-differences/

  In order to understand how to manage data subjects PII, you can consider enrolling in our free online training EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

• Are templates mapped with NIST and CIS 20 requirements

  By your question, I’m assuming you are referring to templates of the ISO 27001 Documentation Toolkit.

  Considering that, these templates are developed considering the requirements of ISO 27001 standard, so there is no available mapping to NIST and CIS 20 requirements.

  However, included in the toolkit there is a List of documents file that shows which clauses and controls of the standard are covered by each template. Additionally, NIST documents already have annexes that identify the relations between their requirements and ISO 27001 requirements (e.g., NIST 800-171 Annex D and NIST 800-53 Annex H).

  As for CIS 20, most of its controls can be related to ISO 27001 Annex A controls (e.g., CIS control “Inventory and Control of Hardware Assets” can be related to ISO 27001 controls “A.8.1.1 Inventory of assets” and “A.8.1.2 Ownership of assets”).

  These articles will provide you a further explanation:

  • How to use the NIST SP800 series of standards for ISO 27001 implementation https://advisera.com/27001academy/blog/2016/05/02/how-to-use-the-nist-sp800-series-of-standards-for-iso-27001-implementation/
  • How to use NIST SP 800-53 for the implementation of ISO 27001 controls https://advisera.com/27001academy/blog/2016/05/10/how-to-use-nist-sp-800-53-for-the-implementation-of-iso-27001-controls/

  These materials will also help you regarding ISO 27001:

  • Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
  • Overview of ISO 27001:2013 Annex A https://advisera.com/27001academy/iso-27001-controls/

• Clauses that require records

  On this link, you can find the white paper with all mandatory documents and records required for ISO 13485. Feel free to download it.

  • Checklist of Mandatory Documentation required by ISO 13485:2016 - https://info.advisera.com/13485academy/free-download/checklist-of-mandatory-documentation-required-by-iso-134852016

  • Legal basis

    The data processor processes data on behalf of the data controller, under Article 28 GDPR, with a written binding legal document.Therefore, the legal basis of data processing is to perform a contract obligation (toward the data controller).The data subject shall contact the controller to handle their consent and the controller shall inform the processor on how to proceed (in case of Data Subject Access Right procedure or consent withdrawal).

    Here you can find more information on the processor obligations and data subject management:

    • EU GDPR controller vs. processor – What are the differences? https://advisera.com/eugdpracademy/knowledgebase/eu-gdpr-controller-vs-processor-what-are-the-differences/
    • Data subject rights according to GDPR https://advisera.com/eugdpracademy/knowledgebase/8-data-subject-rights-according-to-gdpr//
    • Four main questions for obtaining and managing data subjects’ consent under GDPR https://advisera.com/eugdpracademy/knowledgebase/four-main-questions-for-obtaining-and-managing-data-subjects-consent-under-gdpr/

    If you need to know more about data subjects rights and processor obligation under the EU GDPR you may consider enrolling in our free online training EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

  • Change management process

    Change management process according to the automotive management system, IATF 16949: 2016 standard; required for issues related to production or product change. The web page change or IT-based, etc.,  you can use your normal processes for topics.

  • ISO 14001 environment objectives

    Everything starts with your environmental assessment:

    

    You determine a set of environmental aspects. Then, you evaluate and segregate the significant from the nonsignificant environmental aspects:

    

    Some of the significant environmental aspects due to the scale of your organization operations are mentioned in the environmental policy, they are very important to improve your organization’s interaction with the environment:

    

    A practical example can be:

    

    So, the organization decides to develop environmental objectives around:

    • Reducing the number of wastes sent to landfill
    • Reducing the unitary energy consumption
    • Reducing the unitary solvent consumption

    Before setting objectives, organizations have to define an environmental policy. A good environmental policy considers the scale and environmental impacts of its activities, products, and services. So, the relevant environmental objectives of an organization must be based on significant environmental aspects and impacts.

    You can find more information below:

    • How to Use Good Environmental Objectives - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/how-to-use-good-environmental-objectives/
    • Examples of ISO 14001 objectives based on the different company sizes - https://advisera.com/14001academy/blog/2019/10/22/iso-14001-objectives-examples-for-different-company-sizes/
    • Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
    • Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/
       

  • ISO 9001 awareness of hospital QMA

    Unfortunately, I cannot give you a specific answer concerning hospitals, I will give you a general answer applicable to any organization in any sector. Please check clause 7.3 of ISO 9001:2015.

    People working for the QMS need to be aware of the quality policy, need to be aware of the quality objectives that they can influence with their work, need to be aware how they can contribute to meet those objectives, and need to be aware of the consequences of nonconformities.

    To meet these requirements, I normally set workshops where the representation of the organization, based on the process approach as a set of interrelated processes, is the starting point. From there I invite people to find in which processes they work in, which processes act as their internal suppliers and which processes act as their internal clients. Then I invite people to make the relationship between processes and quality objectives, from there they see how they influence the quality objectives and the QMS effectiveness.

    The following material will provide you more information about organizational knowledge:

    • How to manage knowledge of the organization according to ISO 9001 - https://advisera.com/9001academy/blog/2016/08/30/how-to-manage-knowledge-of-the-organization-according-to-the-iso9001/
    • How to ensure competence and awareness in ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/how-to-ensure-competence-and-awareness-in-iso-90012015/
    • Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    • Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/