Search results

Home / Search

Category:
Select
Select

11275 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Showing evidence for clause 4.4

    ISO 45001 clause 4.4 does not require you to keep documented information, so there is no requirement to have something written down to meet this requirement. Many companies will create a flowchart showing the processes of the OHSMS, including the interactions between them, but this piece of written evidence is not a requirement of the standard. It is important to remember that written evidence is not the only evidence used in an audit, statements of fact and assessments at the end of the audit are also used.

    This requirement is often assessed once an entire audit is completed, rather than asking for one piece of evidence; where at the audit conclusion the auditors will look at all of their evidence and findings and ask “Does all of this evidence indicate that the OHSMS is established, implemented, maintained and improved?”

     

    You can learn a bit more about what documented information is mandatory in the whitepaper: Checklist of Mandatory Documentation Required by ISO 45001, https://info.advisera.com/45001academy/free-download/checklist-of-mandatory-documentation-required-by-iso-45001

  • Defining scope

    To support scope definition I suggest you these materials:
    - How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
    - Defining the ISMS scope if the servers are in the cloud https://advisera.com/27001academy/blog/2017/05/22/defining-the-isms-scope-if-the-servers-are-in-the-cloud/
    - Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/
    - How to set the ISMS scope according to ISO 27001 [free webinar on demand] https://advisera.com/27001academy/webinar/how-to-set-the-isms-scope-according-to-iso-27001-free-webinar-on-demand/ (this one is a recording from previous presented webinar)

     Additionally, included in your toolkit, you have access to a video tutorial that can help you define the ISMS scope.

  • Interpretación de requisitos de la norma

    Un requisito legal o una obligación de cumplimiento es una condición que ha sido establecido por leyes, reglamentos, estatutos, acuerdos con terceras partesque le son aplicables a una organización y al sector en el que opera.

    Dentro de los requisitos legales en ISO 14001, podemos encontrar varios tipos: 

    - Requisitos operativos: se trata de autorizaciones y programas de seguimiento en los que el gobierno emite un permiso especial a una organización para realizar una actividad. La empresa en este caso, debe reportar a la entidad con la frecuencia establecida, algún tipo de resultados de test, informes de emisiones, etc.
    - Permisos operativos: están relacionados con requisitos establecidos en una ley, un decreto, un reglamento o una disposición oficial. Estos permisos,  son de carácter general y su vigencia no está supeditada al suministro de determinados informes.
    - Acuerdos de colaboración:se tratan de acuerdos aprobados por una organización, ya sea en su interior o con socios externos, que finalmente se convierten en una obligación de cumplimiento ambiental para la organización y por ende, para ISO 14001. 

    Para más información sobre los requisitos legales y otras obligaciones de cumplimiento, vea los siguientes materiales: 

    - ISO 14001 legislation checklist: how to create it: https://advisera.com/14001academy/blog/2019/11/04/iso-14001-legislation-checklist-how-to-create-it/

    - Curso gratuito en línea - Curso de Fundamentos ISO 14001:2015: https://advisera.com/training/es/course/curso-fundamentos-iso-14001/

    - Libro - The ISO 14001:2015 companion: https://advisera.com/books/the-iso-14001-2015-companion/

  • Design process

    In IATF 16949: 2016 standard, product design, and production design are specified in item 8.3. Product design is out of scope for companies that do not design products, but for all manufacturing companies, the production design is within the scope and is a must requirement. Tool design is part of the production design and according to the IATF Standard clause 8.3, the production design clauses of the standard are valid for your company. 

  • Section 8.5.6

    There is no explicit requirement in the standard to use such a procedure. However, as you rightly mention, any changes may bring risks and opportunities. A good practice is to determine and evaluate them in order to act when needed. For example, I’m working with a manufacturing company that determined the risk, the possibility of having to use employees to perform unusual tasks to replace colleagues on sick leave with covid. For this reason, they prepared an on-the-job training plan for eventual substitutes. Another example, when organizations update procedures it is a good practice to inform and or train people about the changes.

  • IMS system

    Yes, QA specialist may take overall responsibilities for IMS. So, the same rules will apply for quality, environment and health and safety.

    You can find more information about documentation below:

  • ISO 28000 growth

    Hi Rhand -  thanks for the response.  Yes, that is the article taht I was referring to.

    I've been looking at the data on the ISO Survey and there is a spike in ISO28000 certifications from 2018 to 2019 from 617 certificates to 1,874 certificates.  The jump of 203% looks significant as in previous years it has been a 38% (2016-17) and 24% (2017-18). 

    You do mention ISO 28000 in your first table of the article (Overview of the valid certfications worldwide), but you don't mention it in any subsequent tables.

    If there's noinformation for reasons for growth, I think we can put it down to an increasing awareness of the importance of a resilient supply chain.

     

  • ISO 27001 certification

    1. How long can the background preparation stage for ISO 27001 Certification take?

    I’m assuming you are referring to the time for generating records before undergoing the certification audit.

    Considering that, please note that ISO 27001 does not require the minimum period of records (i.e. minimum period of the ISMS operation before the certification), however, some certification bodies do have such requirements and some don't, so you should contact your certification body to confirm what criteria it applies.

    This article may also help you:

    2. Can I make my own assessment in this regard without consulting the policies, regulations and expectations of the company directors?

    Please note that such assessment is in fact the internal audit, a mandatory requirement for ISO 27001, so you need to perform it, and for this, you need to consult the applicable implemented policies, procedures, required regulations, and expectations of the company directors (these are essential elements to evaluate if the standard´s criteria are being fulfilled).

    These articles will provide you a further explanation about internal audit:

    This material can help you organize and perform an internal audit:

    These materials will also help you regarding internal audit and certification:

  • Control A.8.3

    Templates which cover controls from section A.8.3 are:

    • Information Classification Policy, located in folder 08 Annex A Security Controls >> A.8 Asset Management
    • Disposal and Destruction Policy, located in folder 08 Annex A Security Controls >> A.11 Physical and Environmental Security
    • Security Procedures for IT Department, located in folder 08 Annex A Security Controls >> A.12 Operations Security

    By the way, included in your toolkit, there is a List of documents file which maps which controls and requirements of the standard are covered by each template in the toolkit.
Page 246-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +