Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Determined vs Provided controls

    ISO 45001, occupational health and safety management system, does not include the terms “determined controls” or “provided controls”, so as such it is difficult to give you a generic answer since this may be something specific to your industry or area.

    In the standard controls are considered for addressing hazards that have been identified in the workplace. It is possible that these terms are referring to controls that you determine yourself as part of your assessment (such as the need for a work instruction so that work happens safely) as opposed to controls that you are directed to use (such as a legal requirement to provide safety glasses, or to put guards on machinery with pinch points)

    For more on hazard controls, see the article: 5 levels of hazard controls in ISO 45001 and how they should be applied, https://advisera.com/45001academy/blog/2015/09/02/5-levels-of-hazard-controls-in-iso-45001-and-how-they-should-be-applied/

  • Table Top Exercise /Drill Validity in meeting ISMS Certification

    Our organization has achieved ISO27001:2013 certification for few years back for a Data Center (DC). Recently, we have established a Security Monitoring Center (SMC) and we are exploring to have the SMC being certified with ISO 27001.

    We are considering to extend the existing DC ISMS Certification scope to the SMC or to have the SMC to gain a separate ISMS certification.

    Below are my doubts that requires your expert advice:

    a) Would it be fine to have the same ISMS team who take care of DC ISMS certification to manage the SMC ISMS Certification programme?

    In terms of the ISO 27001 standard, there are no restrictions regarding using one team to manage multiple certifications. In fact, the experience of the team with the previous certification will help make the second implementation easier.

    b) Would it be fine to deploy the existing relevant DC ISMS SOPs to the SMC ISMS Certification? Meaning that we maintain a single set of SOPs but to be used for two separate ISMS Certification;DC and SMC respectively.

    Commonly used SOPs can be deployed for both DC and SMC, but you need to take care when managing such documents, to ensure that when any changes are made on them you make clear to which scope it is related.

    For further information, see:

    c) What are the advantages and disadvantages to maintain a single ISMS Certification for both centers versus each center has its own ISMS certification?

    The main advantage of a single certificate is the reduced maintenance and recertification costs because you will need to go through only a single set of surveillance audits and recertification audits.
     
    The main advantage of separated certificates is that if something happens that affects the certificate of one scope it will not have an impact on the other.

    It seems to me that you are talking about two different areas in the same company, and it is extremely rare for one company to have two separate certificates for one standard. What normally happens in situations like this is companies deciding to expand the existing ISMS scope to include the new area.

  • ISO 9001 Implementation timeline and costs

    If you want to evaluate cost efficiency for obtaining an ISO 9001 certification, you should consider several alternatives:

    • Using an external consultant;
    • Using an internal project team and a customizable documentation toolkit 

    Time to implement and be certified, with our Toolkit Documentation, can take:

    • Companies of up to 10 employees - up to 3 months
    • Up to 50 employees – up to 3 to 6 months
    • Up to 200 employees – up to 6 to 10 months
    • More than 200 employees – up to 10 to 20 months

    You can find detailed information about how to plan and implement a quality management system in the following links:

  • EU GDPR in UK

    Question 1. What about GDPR in the UK? Is it different from GDPR EU?

    GDPR is a EU Regulation and applies across all Europe and all around the world if the data processing involves data of individuals living in the EU (Article 3 GDPR).The Brexit process made GDPR fully applicable until December 31st, 2020, then the UK will be able to implement its own privacy law.

    2. How could I find the differences?

    Currently, UK Privacy law is the GDPR until December 31st 2020. The Data Protection Act of 2018 implement the GDPR which is the core of the legislation and provide rules for enforcement, powers of the Information Commissioner and its role in enforcing GDPR.You can find any information about UK on the Information Commissioner’s Office (ICO) which is UK Data Protection Authority: https://ico.org.uk/ICO made a guide for data controller and processor on how to comply at the end of the transitional period: https://ico.org.uk/media/2617967/eot-five-steps-le-processing.pdf The first point is to continue to comply with GDPR and then UK controller will need to regulate the data transfers with EU partners applying Standard Contractual Clauses (SCC) or Binding Corporate Rules (BCR) (the latter for large companies).

    Here some useful information:

    You can also consider enrolling in this free EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

  • ISO 9001 Internal audit clauses

    That will depend on the scope of the audit. If your organization performs an annual internal audit, all clauses have to be included. For example, if you are going to audit the production process, perhaps you must include the following ISO 9001:2015 clauses:

    • 7.1.3 – about equipment maintenance
    • 7.1.4 – about production environment
    • 7.1.5 – about monitoring and measuring resources
    • 7.2 – about people’s competence
    • 7.3 – about people knowing the quality policy
    • 7.5 – about documents and records control
    • 8.5 – about specifications, process control plans, work instructions, traceability, preservation,
    • 8.6 – quality control
    • 8.7 – nonconforming product treatment
       

    The following material can provide more information:

  • Remote audits recordings

    Yes, they can, but you can say no!

    Recording remote audits should be an issue analyzed before the audit. Recording remote audits is not common. What is common is asking permission to make “print screens” of relevant records asked. A good practice is to ask permission whenever an auditor wants to make a record of something, he/she is seeing on the screen.

    The following material can provide more information:

  • Is personnel in ISO 17025 required to have training and certificate before starting auditing the lab?

    As for any management system activity, personnel must have suitable skills, adequate training and evidence of competency to perform a task.

    Furthermore for internal auditing the auditors must be impartial and independent, meaning they cannot audit their own work and it is typically ineffective and risky if they audit processes their colleagues are responsible for. Internal auditors need not be certified auditors, but formal training is recommended, whether in house or through a service provider on site or remotely. Either way, management need to deem auditors suitable and competent through observation and against criteria such as professional approach, interview techniques, and outcome of an audit they performed under supervision. They need to have a good understanding of ISO 17025, risk-based thinking, the purpose of the quality management system and quality assurance activities. A technical auditor must, in addition, have a good technical working knowledge to audit the particular activity, including how to assess equipment, method validation, measurement uncertainty, calibration and metrological traceability needs.

    The following ISO 17025 document templates may be of interest

    Competence, Training and Awareness Procedure at https://advisera.com/17025academy/documentation/competence-training-and-awareness-procedure/
    Internal Audit Procedure at https://advisera.com/17025academy/documentation/internal-audit-procedure/
    Competence Approval and Authorization Record at https://advisera.com/17025academy/documentation/competence-approval-and-authorization-record/

  • ISO 13485 vs EN ISO 13485

    Prefix ISO means that it is an international standard published by the ISO organization. When an ISO is adopted by the European Union, for example, it becomes an EN-ISO.

    There is no difference in the requirements between those two standards.
Page 270-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +