Search results

Home / Search

Category:

Sort by:

Select

Types of user:

Select

11275 results

Guest

Create New Topic As guest or Sign in

Business department* About business* Organization size*

Title *

Body *

HTML tags are not allowed

Category *

Select

Assign topic to the user

Select user

Maintaining two risk registers for ISO 9001 and ISO 27001

No, it is not mandatory to maintain two risk registers for ISO 9001 and ISO 27001 respectively. Please check this article - List of mandatory documents required by ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/ - there is no mandatory requirement in ISO 9001:2015 to keep a risk register. So, it is up to you to design the approach that best suits your organization, one common or two separate risk register.

You can find more information below:
- How to address risks and opportunities in ISO 9001: https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
- About risks, you can see this free webinar on-demand - How to implement risk management in ISO 9001:2015 - https://advisera.com/9001academy/webinar/how-to-implement-risk-management-in-iso-90012015-free-webinar/
- Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
Real examples of "process approach", "risk management" and "PDCA" concepts mentioned in ISO9001:2015

Please check our webinars free on-demand, perhaps they have examples that can help you build your communication to the staff of your company.
- The Process Approach - What it is, why it is important, and how to do it - https://advisera.com/9001academy/webinar/iso-9001-process-approach-free-webinar-on-demand/
- How to implement risk management in ISO 9001:2015 - https://advisera.com/9001academy/webinar/how-to-implement-risk-management-in-iso-90012015-free-webinar/
- Measurement, analysis, and improvement according to ISO 9001:2015 - https://advisera.com/9001academy/webinar/measurement-analysis-and-improvement-according-to-iso-9001-2015-free-webinar/
Please check also my book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ - where I develop a case based on the process approach and the risk-based approach.
ISO 9001 mandatory clauses and scope for implementation

what clauses are compulsory to our organization?

Answer:
Basically, all clauses are mandatory. An organization can only exclude those clauses that are not applicable. Without knowing in detail your business, it is very difficult to give a clear answer. For example, does your organization design consulting services? If not, ISO 9001:2015 clause 8.3 is not applicable.

What should be the scope?

Answer:
About the scope, as you can see in this free webinar on-demand - ISO 9001:2015 clause 4 - Context of the organization, interested parties, and scope - https://advisera.com/9001academy/webinar/iso-90012015-clause-4-context-of-the-organization-interested-parties-and-scope-free-webinar-on-demand/ - it is a management decision, not a technical decision. The webinar explains some of the nuances behind different scopes. Your organization can have 10 different consulting services and decide to design a quality management system applicable only to three of those services.

The following material will provide you more information about exclusions:
- What clauses can be excluded in ISO 9001:2015? - https://advisera.com/9001academy/blog/2015/07/07/what-clauses-can-be-excluded-in-iso-90012015/2015/
- How to define the scope of the QMS according to ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/how-to-define-the-scope-of-the-qms-according-to-iso-90012015/
- Enroll for free in the course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
GDPR Documentation and PII

Please advise regarding the below:

1. What is data processor obligations in details regarding data subject rights

• The right to be informed.
• The right of access.
• The right to rectification.
• The right to erasure.
• The right to restrict processing.
• The right to data portability.
• The right to object.
• Rights in relation to automated decision making and profiling.

Is there any procedure to be taken as example

2. When providing outsourcing call center services , what is the legal basis to process the data noting that consent is taken by the data controller (is it legitimate interest : be able to fulfill our contractual obligation with the controller ?)

3. What is the list of documentations required by the data processor
Filling templates

"Thank you for your detailed responses! Our company is in the US but we have a representative in Austria (Prighter). I assume I use this address for the supervisory authority address? Can you confirm if this is correct?"

Yes, you should refer to the Austrian Supervisory Authority.
Documenting mandatory documents for ISMS

When writing mandatory documents you need to take into account all the elements that are prescribed in the standard - e.g. in Statement of Applicability you need to include all 114 controls from Annex A, and for each one if it is applicable, the justification, and the status of the implementation.

This white paper will give you an overview of mandatory documents, and how to structure them: Checklist of Mandatory Documentation Required by ISO 27001 https://info.advisera.com/27001academy/free-download/checklist-of-mandatory-documentation-required-by-iso-27001

This free online training will teach you the basics of the ISMS and what are the steps in the implementation: ISO 27001 Foundations Course: https://advisera.com/training/iso-27001-foundations-course/
What to exclude from Procedures and/or Quality Manual?

If you will not design any new products, it means that you are manufacturing already known products, that you can exclude requirement 7.3 Design and development. In our documentation toolkit, you do not need to use folder 09_Procedure_for_Design_and_Development.

If your medical device is not sterile, it means that requirement 7.5.5 Particular requirement for sterile medical devices and 7.5.7 Particular requirements for validation of processes for sterilization and sterile barrier systems. In our documentation toolkit, you do not need to use 12_Procedures_for_Sterile_Medical_Devices.

Each exclusion must be stated and explained in the Quality manual. For example, requirements 7.5.5 and 7.5.7 are not applicable because our medical devices are not sterile.

On the following link you can find tips on how to write a short quality manual for ISO 13485:
- ISO 13485: How to write a short quality manual https://advisera.com/13485academy/knowledgebase/iso-13485-how-to-write-a-short-quality-manual/
- Setting quality in a service that an institute provides
  
  Let us apply ISO 9001:2015 clauses 4.2, 4.4, 4.1, and 6.1 to help me in developing the answer.
  
  4.2 - What is the institute’s purpose? Why does it exist in the first place? Whom does it serve? What are their needs and expectations? An institute, like any other organization, has to serve its “customers” (even if they are not the ones who pay) and its patrons (the ones that pay, maybe the government and private donors, for example). These groups also have needs and expectations. And the service may have to be provided under a set of regulations that act as constraints. So, list the more relevant needs and expectations. You see, after all the noise and bells and whistles, the institute exists to provide, to answer, to deliver on those needs and expectations.
  
  From here you can define and characterize the set of services that are provided by the institute, and their outcomes, their service specifications.
  
  4.4 – What kind of processes are needed to systematically provide the desired outcomes according to specifications? Develop the model of your organization based on the process approach.
  
  4.1 – Is it easy to deliver on those needs and expectations? While answering this question reality sets in. The institute is placed in a certain context with internal and external issues. Perhaps there is not enough money, perhaps there is a lack of staff, perhaps “customers” don’t collaborate, perhaps there are voluntaries that can be called to help, …
  
  6.1 – when you confront the relevant needs and expectations of the relevant interested parties with the internal and external issues from the context you can determine risks and opportunities. What can help you or hinder you in meeting the desired outcomes according to specifications? You can use the most relevant risks to develop a Quality Plan – what needs to be controlled, what needs to have work instructions, what needs to be recorded, what kind of training is needed, … this way you are starting to design your quality management system not based on mambo jambo, but in what really matters to the purpose of the institute and its interested parties.
  
  You can find more information below:
  - About context and interested parties you can see this free webinar on-demand - ISO 9001:2015 clause 4 - Context of the organization, interested parties, and scope - - where I present examples of internal and external issues and how to determine them, and examples of interested parties and their requirements and expectations.
  - About mapping and risks, you can see this free webinar on-demand - The Process Approach - What it is, why it is important, and how to do it - https://advisera.com/9001academy/webinar/iso-9001-process-approach-free-webinar-on-demand/
  - About risks, you can see this free webinar on-demand - How to implement risk management in ISO 9001:2015 - https://advisera.com/9001academy/webinar/how-to-implement-risk-management-in-iso-90012015-free-webinar/
  - How to determine interested parties and their requirements according to ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/11/10/how-to-determine-interested-parties-and-their-requirements-according-to-iso-90012015/
  - How to address risks and opportunities in ISO 9001: https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
  - Enroll for the free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
  - Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ (I use the approach of this answer in this book)
- Developing a standard project applicable to real "construction sites" for a cleaning cooperative in the development of service design
  
  Each construction site is different, no two are alike. So it doesn't make sense to have a standard model applicable to all of them. The cleaning service at a construction site can be translated into what elementary activities? For example, cleaning meeting spaces, cleaning bathrooms, ... Does it make sense to develop a standard library of elementary activities - which describes the service, the type of equipment that can be used, the type of materials and people, the type of specifications that must be established in each case. Then, for each specific construction site, the site is visited, the client's requirements are listed, and a proposal is prepared taking into account the dimension, the set of elementary activities, their frequency, and specifications.
  
  Does this make sense to you?
  
  The following material will provide you more information:
  - The ISO 9001 Design Process Explained - https://advisera.com/9001academy/blog/2013/11/05/iso-9001-design-process-explained/
  - About conducting design and development reviews consider - ISO9001 Design Verification vs Design Validation - https://advisera.com/9001academy/knowledgebase/iso9001-design-verification-vs-design-validation/
  - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
  - Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Compliance with monitoring and measurement requirement
  
  I assume you are referring to ISO 27001 clause 9.1 or ISO 22301 clause 9.1.
  
  Measuring means that you set certain objectives (e.g. maximum number of incidents) and that you evaluate if your achieved numbers are within your expectations.
  
  Monitoring means that you track the performance of a particular process or a system (e.g. log activity) and you react if the trends are out of the ordinary.
  
  These materials will help you learn more:
  - article How to perform monitoring and measurement in ISO 27001 https://advisera.com/27001academy/blog/2015/06/08/how-to-perform-monitoring-and-measurement-in-iso-27001/
  - free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +

Search results

11275 results

Create New Topic As guest or Sign in

Assign topic to the user

Want to vote?

Maintaining two risk registers for ISO 9001 and ISO 27001

Real examples of "process approach", "risk management" and "PDCA" concepts mentioned in ISO9001:2015

ISO 9001 mandatory clauses and scope for implementation

GDPR Documentation and PII

Filling templates

Documenting mandatory documents for ISMS

What to exclude from Procedures and/or Quality Manual?

Setting quality in a service that an institute provides

Developing a standard project applicable to real "construction sites" for a cleaning cooperative in the development of service design

Compliance with monitoring and measurement requirement

Didn’t find an answer?