Search results

Home / Search

Category:

Sort by:

Select

Types of user:

Select

11269 results

Guest

Create New Topic As guest or Sign in

Business department* About business* Organization size*

Title *

Body *

HTML tags are not allowed

Category *

Select

Assign topic to the user

Select user

ISO 14001 Risks and opportunities

I think you are referring to ISO 14001:2015. No, mitigation measures cannot be classified as EMS Opportunities.

Think about what you want from an EMS:

How is this done? With a set of action plans:

Risks and opportunities are:

After determining risks and opportunities you have to determine which are relevant and deserve an action plan. Proposed mitigation measures are examples of action plans.

For example:

In the case of cutting-fluid leak a mitigation measure may be installing a spill containment area.

Please check this information below with more detailed answers:
- Environmental aspect identification and classification - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/environmental-aspect-identification-and-classification/
- Catalogue of environmental aspects - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/catalogue-of-environmental-aspects/
- ISO 14001 risks and opportunities vs. environmental aspects - https://advisera.com/14001academy/blog/2016/03/21/how-does-product-life-cycle-influence-environmental-aspects-according-to-iso-140012015/
- Risks and opportunities in ISO 14001:2015 – What they are and why they are important - https://advisera.com/14001academy/blog/2016/03/07/risks-and-opportunities-in-iso-140012015-what-they-are-and-why-they-are-important/
- Free webinar - ISO 14001: Identification and evaluation of environmental aspects - https://advisera.com/14001academy/webinar/iso-14001-identification-and-evaluation-of-environmental-aspects-free-webinar-on-demand/
- ISO 14001 document template: Procedure for Identification and Evaluation of Environmental Aspects and Risks - https://advisera.com/14001academy/documentation/procedure-for-identification-and-evaluation-of-environmental-aspects/
- Enroll for free in this course – ISO 14001:2015 Lead Auditor Course - https://advisera.com/training/iso-14001-lead-auditor-course/
- Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/
ISO 9001 Remote audit plan

After receiving the mission of preparing an audit the audit team will receive an “order” specifying the objective, the scope and the criteria for the audit. In this free webinar on demand you can see how an auditor can prepare an audit - How to perform an ISO 9001:2015 internal audit - https://advisera.com/9001academy/webinar/how-to-perform-an-iso-9001-2015-internal-audit-free-webinar-on-demand/

A remote audit team can meet online and decide who will be responsible for auditing which part of the scope, and when will the audit team work together or will split.

In this free webinar on demand you can see how a remote audit can be performed - How to perform an internal audit remotely - https://advisera.com/9001academy/webinar/remote-internal-audit-free-webinar-on-demand/ a detailed explanation about how to remotely audit operations using a tablet, a smartphone, CCTV or a drone.

You can find more information below:
- What are the benefits and barriers when performing remote audits? - https://advisera.com/articles/what-are-benefits-and-barriers-when-performing-remote-audits/
- ISO 9001:2015 Internal Auditor Course: https://advisera.com/training/iso-9001-internal-auditor-course/
- Book - ISO internal audit: A plain English guide: https://advisera.com/books/iso-internal-audit-plain-english-guide/
Roles and Responsibilities

ISO 27001 only requires a definition of information security roles and responsibilities that can impact the ISMS scope (i.e., you must define the roles of the IT related to information security if this area is inside the ISMS scope).

Regarding where to document these roles, ISO 27001 does not require to write a separate document for roles and responsibilities. You can define the general roles and responsibilities in the Information Security Policy, and all other detailed responsibilities can be defined in specific documents.

This article will provide you a further explanation about roles and responsibilities:
- How to document roles and responsibilities according to ISO 27001 https://advisera.com/27001academy/blog/2016/06/20/how-to-document-roles-and-responsibilities-according-to-iso-27001/
Initial environmental analysis

Attention, there is no requirement in ISO 14001:2015 making it mandatory to write a manual about the environmental management system. Please check this article Checklist of Mandatory Documentation Required by ISO 14001:2015 - https://info.advisera.com/14001academy/free-download/checklist-of-mandatory-documentation-required-by-iso-140012015

I start with the gap analysis. Until some years, after the gap analysis, I used to perform the initial environmental analysis to get a clear picture of all the aspects and impacts and to know where their source is. Then, I realized that before that it is better to do a rough environmental compliance evaluation to determine situations of noncompliance that take time to correct and need investment. Changes in the wastewater treatment facility, changes in chimneys. After that, I perform the initial environmental analysis to locate all aspects, impacts, and sources.

You can find more information below:
- Is a gap analysis desirable for ISO 14001 implementation? - https://advisera.com/14001academy/blog/2016/11/14/is-a-gap-analysis-desirable-for-iso-14001-implementation/
- 4 steps in identification and evaluation of environmental aspects - https://advisera.com/14001academy/knowledgebase/4-steps-in-identification-and-evaluation-of-environmental-aspects/
- Environmental aspect identification and classification - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/environmental-aspect-identification-and-classification/
- Free webinar - Free webinar - ISO 14001: Identification and evaluation of environmental aspects - https://advisera.com/14001academy/webinar/iso-14001-identification-and-evaluation-of-environmental-aspects-free-webinar-on-demand/
- Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
- Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/
GLP and ISO 17025 (Clause Improvement)

You asked

"My question is regarding GLP. Are there written requirements of GLP anywhere .which would be fulfilled to by lab.

Indeed, look at the Economic Cooperation and Development (OECD) principles of Good Laboratory Practice (GLP) at https://www.oecd.org/chemicalsafety/testing/good-laboratory-practiceglp.htm and US Food and Drug Administration (FDA) Electronic Code of Federal Regulations Title 21 → Chapter I → Subchapter A → Part 58 from https://www.ecfr.gov/

Typically, a country will have specific GLP requirements and an official GLP monitoring authority that conducts study audits and provides certificates of compliance to organisations for compliance to the OECD principles of GLP.

You also asked

If the lab will get same results as was in previous year then it means the lab has maintained its success or maintained the implemented rules. Does this would be counted in improvement?

No this is not improvement. The term “improvement” relates to an increased ability to fulfil requirements, not just having maintained or met the same “level” of implementation.

And you asked

Further to fulfill the clause of improvement what would you suggest to do ?"

Improvement involves meeting requirements in a more effective and or efficient way. It could also come from improved monitoring and traceability of objective evidence. Opportunities for improvement can be identified through:
- feedback from customers and personnel (positive and negative)
- review of operational procedures, risk and opportunity assessments, audits, and management review
- data and trend analysis, including quality control (internal and proficiency testing), corrective actions, audits, and root cause / corrective action trends
- analyzing outcomes and use the evaluation to improve customer service, specific laboratory activities, and the overall management system
You should use your procedure for addressing risks and opportunities to select which improvements to make.

For more information regarding actions to address risks and opportunities, see the ISO 17025 toolkit document template: Addressing Risks and Opportunities Procedure at https://advisera.com/17025academy/documentation/addressing-risks-and-opportunities-procedure/

Also have a look at a previous response to questions
- Addressing Improvement clause at https://community.advisera.com/topic/addressing-improvement-clause/ and
- Actions to address risks and opportunities (Option A) (new) at https://community.advisera.com/topic/8-5-actions-to-address-risks-and-opportunities-option-a-new/
Adapting existing management system

Both ISO/IEC 17025:20117 and ISO/IEC 17020:2012 are conformity assessment standards. They have common requirements and are structured in the same way in terms of Management requirements, General, Structural, Resource and Process requirements. If the responsibility for the management systems is with the same person, or group of people; it should be straight forward to have common processes and procedures. You would need to integrate the laboratory activities into the current processes, for example complaints, corrective actions. I suggest you look at the responsibilities and perform a gap assessment on what is required to “add” or build on to your existing management system. Perform a risk and benefit analysis of merging the two systems.

For more information on ISO 17025 have a look at the toolkit at https://advisera.com/17025academy/iso-17025-documentation-toolkit/
ISO 27001 for medium-sized companies

Please note that ISO 27001 was designed to be applicable to organizations of any size and industry. In short, clauses from 4 to 10 (the ones that are mandatory), requires:
- Definition of the ISMS scope considering relevant internal and external issues and expected results
- Definition of roles and responsibilities regarding information security
- Identification and treatment of relevant risks
- Provision of resources
- Proper operation of controls, and recording of evidence
- Performance review
- Treatment of non-conformities and continual improvement
If you note, these activities should be performed by organizations of any size looking for excellence.

Regarding documents, ISO 27001 requires few documents in clauses 4 to 10, and most of the controls from Annex A do not require documentation such as policies or procedures (although for implemented controls you have to produce records, such as logs, reports, etc.)

What normally varies is that, according to the organization's willingness to take risks, the number of applicable controls will be greater or smaller than to other similar organizations, and this will affect the provision of resources.

Most of our clients are companies smaller than 200 employees, and they do not have much trouble implementing this standard.

These articles will provide you a further explanation about ISO 27001:
- What is ISO 27001 https://advisera.com/27001academy/what-is-iso-27001/
- List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
- Where to start from with ISO 27001 https://advisera.com/27001academy/knowledgebase/iso-27001-where-to-start-most-important-materials/
These materials will also help you regarding ISO 27001:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Required reference documents for EU GDPR & ISO 27001 Integrated Documentation Toolkit

If your question was about templates for policies and procedures for Annex A controls, our EU GDPR & ISO 27001 Integrated Documentation Toolkit contains more than 30 templates for such documents - you can find them in folder "14 Security controls".

If your question was about the text of the ISO 27001 standard and its Annex A, unfortunately we are currently not authorized to sell ISO standards - you can purchase it here: https://www.iso.org/standard/54534.html
This book will provide you a quick explanation of the controls:
- ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- When is a good time to implement ISO 9001
  
  Please check these articles about the benefits of implementing a QMS - Six Key Benefits of ISO 9001 Implementation - https://advisera.com/9001academy/knowledgebase/six-key-benefits-of-iso-9001-implementation/ and What are the benefits of ISO 9001 for your employees? - https://advisera.com/9001academy/blog/2016/06/14/what-are-the-benefits-of-iso-9001-for-your-employees/ - Can your organization benefit from implementing ISO 9001? For example, would it bring more credibility?
  
  An organization with 4 employees can design a very light, a very practical QMS.
- Do we need ISO 17025 certification to certify the freezer?
  
  You asked
  
  Do we need that certification to certify the freezer?"
  
  I assume you are referring to your company having ISO 17025 accreditation (it is not certification)? It depends on the customers needs.
  
  The requirement that could be applicable to your situation is that the client needs the performance of the device verification to be done by an ISO 17025 accredited laboratory. In that case, the accredited laboratory would have to be accredited for the specific scope (type of test) they require. There are various ISO and National standards and regulations related to fridges and freezers, depending on their purpose. For example, the National Health regulator could have requirements for storage and monitoring conditions for vaccines. There is difference between certifying the performance of a device on manufacture (technical specification) to assure stability and verifying and monitoring the operational performance. For example refer to WHO requirements https://apps.who.int/immunization_standards/vaccine_quality/pqs_catalogue/categorypage.aspx?id_cat=17 The customer must clarify exactly what they need.
  
  Different vaccines require different storage conditions, provided by the vaccine manufacturers provide recommended storage temperatures for their products.
  
  Regarding the tests performed and the certificate of calibration, see the CDC requirements as an example, at https://www.cdc.gov/vaccines/hcp/admin/storage/toolkit/storage-handling-toolkit.pdf
  
  For ISO 17025 calibration report requirements, refer to the ISO 17025 document template: Calibration Report and Certificate Requirements Procedure at https://advisera.com/17025academy/documentation/calibration-report-and-certificate-requirements-procedure/