Search results

ISO 14001 implementation benefits

A – An EMS according to ISO 14001:2015 requires environmental objectives, requires environmental indicators, requires having a clear picture of the interaction with the environment through a register of classified aspects and impacts, requires having a clear sense of environmental compliance obligations and its status. All these issues help management take decisions based on facts.

B – An organization with an EMS according to ISO 14001:2015 monitors, controls and communicates its environmental performance. Communication brings more transparency, and more transparency brings more trust.

C - An EMS according to ISO 14001:2015 keeps an updated register of environmental aspects and impacts.

D – I don’t know what precise meaning you attribute to “Social security”. So, I translate that into: An EMS according to ISO 14001:2015 can reduce environmental insurance fees, can make an organization more attractive to potential employees that value the environment issue.

E - An EMS according to ISO 14001:2015 can help organizations win customers and clients that value the environmental issue and can help organizations in being more efficient by focusing attention on reducing environmental costs and higher yields.

Please check below more information:

• How to define EMS key performance indicators (KPIs) according to ISO 14001 - https://advisera.com/14001academy/blog/2016/05/30/how-to-define-ems-key-performance-indicators-kpis-according-to-iso-14001/
• Case study: Using ISO 14001 KPIs to reduce waste in manufacturing - https://advisera.com/14001academy/blog/2016/05/16/5135/
• Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
• Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/

Is ISO 27001 applicable to community non-profit with regards to ensuring continuity?

Yes, ISO 27001 is applicable to any type of organization (for profit or non-profit), any size of the organization, and any industry.

You can find more information in this article: What is ISO 27001 https://advisera.com/27001academy/what-is-iso-27001/

To learn more about this standard, you'll find useful this free online training: ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

Design master file

There is no direct requirement that the design master file must have control numbers, revision, and similar. However, in ISO 13485:2016 in requirement 4.2.4 Control of documents is stated that all documents required by the quality management system must be controlled; and that that control includes the following: review and approve documents for adequacy prior the use; ensure that current revision status of and changes to documents are identified; prevent deterioration or loss of documents, and prevent the unintended use of obsolete documents and apply suitable identification to them. 

Since the Desing master file is part of the quality management system, then this also applies to that file. 

For more information what are common mistakes with ISO 13485:2016 documentation control and how to avoid them, please see the following link:

• Common mistakes with ISO 13485:2016 documentation control and how to avoid them https://advisera.com/13485academy/blog/2018/03/14/common-mistakes-with-iso-134852016-documentation-control-and-how-to-avoid-them/

• Medical Device File

  It will be good if you can add which standard are applyed durign production (if any), and if you are certified by ISO 13485:2016 it would be great if you could put a number of the certificate, validity date of the current certificate and notify body who issued the certificate.

• Intermediary device security

  ISO 27k series of standards does not have technical standards, i.e. they do not define technical security requirements. The main standard in the series is ISO 27001, and it works on the principle that you have to identify risks, and then based on those risks you have to define for yourself which kind of technical controls are applicable. In other words, to be compliant for ISO 27001, you need to set your own internal standards and rules, and make sure you comply with them.

  If you want more technically-oriented standards, you can take a look at NIST sp800 series: https://csrc.nist.gov/publications/sp800

  Learn more here: The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/

  You'll also find this free online training useful: ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

• Addressing and closing nonconformity regarding clause 7.2

  Clause 7.2 requirements relate to the selection, verification and validation of methods. I cannot tell from your question what the specific nonconformity (NC) is. 

  For all tests that your laboratory is accredited for you should have access to and be using the most recent standard methods or latest reviewed in-house methods. Then you should know what the performance requirements are to meet the purpose (use)of the test. Validation or verification activities must prove  that the parameters are suitable.

  The nonconformance must be addressed according to your laboratory procedure. The specific problem statement is the crucial starting point, i.e. what should be in place and is not in place 
  (a gap) or deviating from requirements. Then you should perform root cause analysis and find the correctable causes, that if addressed will resolve the nonconformance and stop it from reoccurring. Then select the appropriate actions and implement. Closing the NC will follow once it is verified that the action taken was effective.

  The following may be of interest:

  The ISO 17025 toolkit procedure Test and Calibration Method Procedure, along with two supporting documents Test Method Development, Verification and Validation Register and Test Method Development, Verification and Validation Record. The techniques for method validation are listed as well as the required records.. The procedure is also available separately at https://advisera.com/17025academy/documentation/test-and-calibration-method-procedure/

  A question and response in Advisera Expert Community regarding  Cause 7.2.1.3 at https://community.advisera.com/topic/clause-7-2-1-3/

• Including WFH or teleworking in audit plan

  1 - can external auditor still considered this compliant and an ISO/IEC 27001 certification be awarded to the company?

  Even if WFH or teleworking is not included in the audit plan, if the auditor identifies this practice affects the stated ISMS scope, he can include it in the audit (because it may compromise the security of the information the ISMS is intended to protect), checking if relevant requirements were identified, risk assessment and treatment were performed, and, in case there are required controls if they are implemented and working properly.

  In case such items are not properly fulfilled, this could mean a non-conformity that can prevent the certification to be awarded.

  2 - is there such thing as partial certification?

  What is possible is that you limit the scope of your ISMS, and therefore limit the scope of certification - see this article for more information:

  • How to set the ISMS scope according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/

• Monitoring and measuring environmental processes and activities

  Speaking in general terms you can measure outputs like air emissions quality, water discharging quality, environmental noise levels. You can measure amounts and types of wastes generated, amount of reused, recycled or landfilled wastes. You can measure amount of hazardous wastes generated. You can measure efficiency in the use of resources like water, energy or main raw materials. Some of these may be prescribed by legislation with frequency attached, others may be voluntary.

  Please consider the following information:

  • Environmental performance evaluation - https://advisera.com/14001academy/blog/2015/07/06/environmental-performance-evaluation/
  • How to perform communication related to the EMS - https://advisera.com/14001academy/blog/2015/08/31/how-to-perform-communication-related-to-the-ems/
  • Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
  • Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/

• Questions to ask a lead auditor

  You should focus on top management responsibilities and make questions to get a feeling about what level of commitment they have with the management system.

  You can find more detailed information below:

  • What are the responsibilities of top management in the EMS according to ISO 14001:2015? - https://advisera.com/14001academy/blog/2016/01/18/what-are-the-responsibilities-of-top-management-in-the-ems-according-to-iso-140012015/
  • Questions to successfully perform ISO 14001 top management audit - https://advisera.com/14001academy/blog/2019/06/17/iso-14001-top-management-audit-what-questions-to-ask/
  • Although this article it is about ISO 9001 it can be useful - How to perform an ISO 9001 audit of top management without fear - https://advisera.com/9001academy/blog/2019/05/15/iso-9001-top-management-audit-how-to-perform-it-successfully/
  • Enroll for free in this course – ISO 14001:2015 Lead Auditor Course - https://advisera.com/training/iso-14001-lead-auditor-course/
  • Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/