Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • ISO 14001 benefits

    Recently, I've seen several organizations implement an environmental management system (EMS) and get its certification because that is becoming increasingly relevant to win B2B clients. I worked with an organization that implemented an EMS to improve the relationship with the neighborhood and local government, to reduce opposition to plant expansion. I worked with another organization that was able to reduce hazardous wastes due to better segregation of wastes. In this article, you can see a longer list of benefits - 6 Key Benefits of ISO 14001 - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/6-key-benefits-of-iso-14001/

    Please check this information below with more detailed answers:

     

  • ISO 9001 benefits and certified assessor

    1. What benefits will be earned by an educational organization by implementing ISO 9001. 

    Answer:

    In this article - Six Key Benefits of ISO 9001 Implementation - https://advisera.com/9001academy/knowledgebase/six-key-benefits-of-iso-9001-implementation/ you can find a general list of benefits for all kinds of organizations. From my experience of working with educational organizations I think the most important benefit is process integration.

    2. Please advise me how to become a certified assessor of ISO 9001?

    Answer:

    If you want to become recognized as lead auditor, you have to evidence knowledge about ISO 9001 and evidence competence about being an auditor. You can, for example, enroll in our free ISO 9001:2015 Lead Auditor Training Course - https://advisera.com/training/iso-9001-lead-auditor-course/

    Then, you should start doing internal audits to gain experience. With time you can apply to audit for certification bodies.

     

  • Minimum number of audits per year requirement

    As stated in IATF 16949: 2016 standard 7.2.3 f) "Maintenance of and improvement in internal auditor competence shall be demonstrated through: f) executing a minimum number of audits per year, as defined by the organization". The minimum number of internal audits to be performed should be determined by the organization. The minimum number of audits could be 1 or 2, etc. Performing 1 audit annually can be a risk for the knowledge and practice of internal auditors.   

    If your internal auditors did not conduct any audit in the last year; my recommendation is that you can develop the relevant internal auditor with internal training and can conduct its first audit with an experienced auditor. You can define the internal training programs with IATF 16949:2016 and ISO 9001:2915  standard knowledge and internal auditor training. If you indicate these points that I recommend in your internal audit procedure, it will be effective for the system.

    This article may provide additional information:

     

  • Special training for employees to help in implementing ISO 17025

    Implementing and obtaining accreditation to ISO 17025:2017 requires you to meet general requirements for competence (of personnel and operations) and consistent operations (in terms of quality of the work and results). This means that all personnel must be sufficiently skilled, trained and deemed competent for the specific task they are responsible for. ISO 17025 has mandatory requirements for documenting the competency requirements and retaining records.

    The technicians should have suitable ISO 17025 awareness training, as they need to know how their role and actions can positively or negatively impact the consistent valid results of the laboratory. This could be inhouse, as long as the knowledge is gained and there is evidence of them understanding the scope and quality requirements of ISO 17025 as relates to their work and contribution to the laboratory accreditation.

    The Whitepaper Clause-by-clause explanation of ISO 17025:2017 could also assist you with ISO 17025 awareness. Available at https://info.advisera.com/17025academy/free-download/clause-by-clause-explanation-of-iso-17025/

    As personnel training and competency is a critical activity, the Advisera ISO 17025 toolkit includes the mandatory procedure as ISO 17025 document template: Competence, Training and Awareness Procedure along with 4 appendices: Training Program, Training Record and Performance Monitoring, Record of Attendance and Competence Approval and Authorization Record. You can preview the template at https://advisera.com/17025academy/documentation/competence-training-and-awareness-procedure/

    Also have a look at the Advisera Expert Advice Community question and answer in deeming someone competent for more information. Available at https://community.advisera.com/topic/how-training-should-someone-have-before-they-are-deemed-competent-for-a-specific-task/

  • Information Security Risk Assessment and Risk Treatment

    1. Are the risk treatment options limited to the four discussed in your publication?

    I'm assuming you are referring to the book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/

    Considering that, risk acceptance, risk avoidance, risk mitigation, and risk transfer are the most common and used treatments, but regarding ISO 27001 you can use other approaches you may find useful.

    2. Is there conventional risk acceptance criteria, based on likelihood and consequence?

    Common types of risk acceptance criteria involve financial, brand, and legal aspects, but there are no conventional details, like the range of financial values, because these details will depend on the business objectives and its tolerance to risks (e.g., for organizations with low tolerance to risk, the acceptable financial impact of risk will be lower than for organizations with high tolerance to risk)

    For further information, see:

    3. Is treatment options generated from risk acceptance criteria?

    No. Treatment options are based on the identified risk and your available resources. The risk criteria will give you an idea about how much resources you should consider, but they do not define them.

    For further information, see:

    4. How can I join your community...to review issues relating to 27001...tried to sign in but it's impossible...can only comment as a guest?

    In order to post comments on our Expert Advice Community, you need to create an account at this link: https://community.advisera.com/sign-up/
    After that, you will be able to log in and post questions and search for other topics you are interested in.

  • Scope of legal and contractual requirements

    Please note that ISO 27001 requires only requirements relevant to information security, not all the regulations in a country.

    Additionally, please note that the list in the article you mentioned is not fully up-to-date because it depends on voluntary contributions from our readers – therefore, it is likely that not all regulations for each country are listed (some even may have been withdrawn). To make sure you have the latest list of laws and regulations, it would be best to hire a local legal adviser.

    For further information, see:

  • Preparing site for first-time ISO 13485 audit

    This depends on the type of your medical device. It is expected that, if the medical device is sterile, those necessary premises are properly clean. Also, there should be no cross-contamination between warehouse and production, that pathways for raw material and final goods are not crossed over each other. It is also expected that everything will be properly labeled. For example, cabinets, tables, drawers if they can be used for different purposes (eg clean/unclean) that it is so marked; if there is a defined place to dispose of something then that too should be properly marked; in the warehouse to see exactly where the non-compliant products are disposed of, and to see the paths of forklifts and people. If separate work clothes are required, then the place from which one can only move in it should be marked.

    Following article regarding infrastructure can be helpful:

    • Managing medical device infrastructure requirements according to ISO 13485:2016 https://advisera.com/13485academy/blog/2017/06/28/managing-medical-device-infrastructure-requirements-according-to-iso-13485/

    • Annex A.14.2 controls

      When we talk about developments within the organisation are we talking solely about development of software for use within the organisation, or does this include development of commercial software as a product to be sold to customers?

      Please note that the term "developments within the organization" refers to the development process, not to the final users, so it is applicable both for when developed software is for internal use or is to be sold to customers.

      Secondly, does the word development include the configuration (no coding or customisation) of commercial software packages such as Microsoft Dynamics CRM, or Xero accounting.
      So, if development of c

      The configuration is an action related to installation, not development.

      Considering both previous answers, control A.14.2 would be applicable in case the mentioned development process covers commercial software.
Page 290-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +