Search results

Integrating ISO27001, ISO20000 and ISO9001

ISO 27001, ISO 20000, and ISO 9001 share some common requirements that can be fulfilled by the same documents with minor adjustments, like document control procedure, internal audit, and management review. For requirements specific to each standard you will need to develop specific documents.
 
There is no specific procedure for such integration, but broadly speaking you can follow the steps to implement ISO 27001 and use the following material to identify  when common requirements can be integrated:  

• ISO 27001 vs. ISO 9001 matrix (PDF) https://info.advisera.com/9001academy/free-download/iso-9001-2015-vs-iso-27001-2013-matrix
• ISO 27001 vs. ISO 20000 matrix (PDF) https://info.advisera.com/27001academy/free-download/iso-27001-vs-iso-20000-matrix

For further information, see:

• Using ISO 9001 for implementing ISO 27001 https://advisera.com/27001academy/blog/2010/03/08/using-iso-9001-for-implementing-iso-27001/
• How to implement ISO 27001 and ISO 20000 together https://advisera.com/27001academy/blog/2015/03/16/how-to-implement-iso-27001-and-iso-20000-together/
• How to integrate ISO 27001 and ISO 20000 [free webinar on demand] https://advisera.com/27001academy/webinar/how-to-integrate-iso-27001-and-iso-20000-free-webinar-on-demand/

Defining and documenting authorities

Yes, you can do it with an organizational chart and updating the job descriptions. There is no requirement in the ISO 13485:2016 how you are supposed to do it. The requirement 5.5.1 Responsibility and authority stated that top management shall ensure that responsibilities and authorities are defined, documented, and communicated within the organization. It is totally up to you how you will do it.

For more information on defining roles and responsibilities within an ISO 13485-based QMS, please see the following article:

• How to define roles and responsibilities within an ISO 13485-based QMS https://advisera.com/13485academy/blog/2017/11/16/how-to-define-roles-and-responsibilities-within-an-iso-13485-based-qms/

For more information fulfilling management responsibilities in ISO 13485:2016, please see the following article:

• How to fulfill management responsibilities in ISO 13485:2016 https://advisera.com/13485academy/knowledgebase/how-to-fulfill-management-responsibilities-in-iso-13485/

• FCS security governance critical success factor

  Considering ISO 27014, the ISO standard for Governance of Information Security, the governance of information security is a system for control and direction of information security activities.

  Considering that, examples of measurements to identify failure to control and direct information security activities are:

  • low number of business strategies supported by information security initiatives
  • low number of controls achieving proposed objectives
  • high number of information security incidents
  • no achievement of proposed objectives for the ISMS

  The measurements you proposed are mainly focused on management activities, and these cannot ensure the expected results for information security are achieved (e.g., all meetings can address security issues, but no one of them is effectively resolved over time).

• DPIA For Cloud Services

  When and how to carry out a DPIA (data protection impact assessment) with respect to cloud services for my organisation.

• ISO 9001 surveillance audit requirements

  If I have a certified person in a company who conducts ISO internal audit annually, do I need to pay certification body anyway to come and conduct a surveillance audit every year? Is it must?

  Answer:

  If you want to be certified by a certification body, you must have the surveillance audits every year. If your organization does not need to be certified you can avoid that cost.

  You can find more information below:

  • What is an ISO 9001 surveillance audit? - https://advisera.com/9001academy/blog/2016/10/18/what-is-an-iso-9001-surveillance-audit/
  • Surveillance visits vs. certification audits - https://advisera.com/27001academy/knowledgebase/surveillance-visits-vs-certification-audits/
  • ISO 9001:2015 Lead Auditor Training Course - https://advisera.com/training/iso-9001-lead-auditor-course/
  • Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

• ISO 9001 manual

  ISO 9001:2015 has no mandatory requirement for the existence of manual or procedures. It is up to each organization to decide if a manual is useful and what should be its content.

  I recommend organizations to have a quality manual, but it is just a recommendation. Please check this article about mandatory documentation - List of mandatory documents required by ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/

  The following material will provide you information about the quality manual:

  • The future of the Quality Manual in ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/the-future-of-the-quality-manual-in-iso-90012015/
  • Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

• Roles and responsibilities of the QMS working committee

  ISO 9001: 2015 does not provide, does not prescribe the existence of a QMS working committee, but it also does not prohibit it. Each organization must consider which organizational arrangement is best suited to its internal culture.

  So, I advise you to start with the end in mind. What is needed to happen at a higher level to ensure continued compliance to certification?

  For example:

  • Ensure that internal audits are done and closed
  • Ensure that management review takes place and is effective
  • Meet to analyze trends around performance indicators results
  • Keep updated the context and interested party’s determination
  • Ensure continual improvement
    …
     

  You can find more information below:

  • What will be the destiny of the management representative in the new ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/what-will-be-the-destiny-of-the-management-representative-in-the-new-iso-90012015/
  • Choosing the best person for the job quality management representative: https://advisera.com/9001academy/blog/2014/06/03/choosing-best-person-job-quality-management-representative/
  • Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

• Preparing documents per each clause

  First of all, it is necessary to understand the IATF 16949: 2016 standard very well, if necessary, it may be good to participate in a 2-day training and perform a gap analysis during the training. Every "shall" written in the standard is a requirement and must be done. An action plan should be made for all "shall" requirements and relevant requirements should be taken and adopted into the quality management system (QMS).

  To get an idea of which kind of records you can use for your management system, see this toolkit:

  • IATF 16949:2016 Documentation Toolkit https://advisera.com/16949academy/iatf-16949-2016-documentation-toolkit/

  • ISO 14001 Cost, benefits, purpose and intention

    1. What do you view as the Cost and benefits of ISO 14000 adoption and implementation?

    Answer:

    About benefits, please check these articles - 6 Key Benefits of ISO 14001 - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/6-key-benefits-of-iso-14001/ and - ISO 14001: The benefits for customers - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/

    About costs, it is difficult to answer because ISO 14001:2015 imposes nothing that the legislation does not impose. Thus, the costs incurred to comply with the legislation are not imposed by ISO 14001: 2015. Other costs are implementation and maintenance costs for the management system.

    2. Describe the purpose and intent of the ISO 14000 program?

    Answer:

    The purpose of ISO 14001 is to help organizations improve their environmental performance through more efficient use of resources and reduction of waste.

    You can find more information about IDSO 14001 below:

    • Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
    • Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/
       

  • Software for creating the routes for the school buses

    Hello Alessandra, thank yoy very mutch for your reply! Could you please explaine how can we apply pseudonymization or anonymization to adresses without names? Thank in advance, kind regards, Denis