Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Accreditation for 3D machines

    First of all, there is no relationship or request with the 3D machine in the IATF 16949:2016 standard. I would like to state again that you cannot see the word 3D printer directly in any item of the IATF standard.

    I will answer your question in 2 ways.

    Firstly, if the company produces 3D printers and sells these machines to automotive customers, then the company that produces 3D must be ISO 9001: 2015 certified. Calibration may be required for 3D printing and machine maintenance must also be performed. The machine must be repaired in case of malfunction and the necessary spare parts must be provided.

    Secondly, if the company producing automotive parts uses a 3D printing machine to design products and/or molds, item 8.3 of the IATF 16949: 2016 standard must be considered a product and process design and development.

    In other words, part/mold technical drawings must be kept with revision numbers and history. FMEA’s (Design and/or Process) records related to the project must be created. Prototype part tests and results must be followed and documented. This topic is about a product or process design, not related to the 3D printer machine. Here, the 3D printer is in the auxiliary equipment position. It should be calibrated, routinely maintained, necessary spare parts must be kept, user trained, etc.

     

  • Information Security Incident or Business Continuity Disruption

    If a customer has a business continuity disruption that affects the availability of information, must they log it as an InfoSec incident AND a BCMS Disruption?  How should they go about assessing which system to manage it under?

  • Implementar el ISO 9001 en una biblioteca universitaria

    Lo primero que debe de hacer es contar con el apoyo de la dirección de la organización, en este caso la dirección d ela biblioteca, que será clave durante la implementación de ISO 9001:2015 ya que proporciona los recursos tanto económicos como de personal.

    Después lo que puede hacer es un análisis GAP o de brecha, que le va a ayudar a identificar aquellos requisitos con los que ya cumple y aquellos con los que aún debe aún cumplir. Aquí puede llevar a cabo el análisis de forma gratuita: https://advisera.com/9001academy/iso-9001-gap-analysis-tool/

    Luego debe conocer cada una de las cláusulas con las que tiene que cumplir para poder llevar a cabo el proyecto de implementación de ISO 9001. En este white paper puede encontrar información resumida sobre cada una de ellas - Clause by clause explanation of ISO 9001: https://info.advisera.com/9001academy/free-download/clause-by-clause-explanation-of-iso-90012015

    Posteriormente puede escribir un plan de proyecto en el que de signa responsabilidades, define la documentación que va a escribirse, los plazos de implementación, etc. En este enlace puede descargarse una plantilla - Plan de Proyecto para la implementación de ISO 9001:https://info.advisera.com/9001academy/es/descarga-gratuita/plan-de-proyecto-para-la-implementacion-de-iso-9001-ms-word

    Luego ya podría empezar con la implementación de la norma: la definición de la política de calidad, los objetivos de calidad y planes para llevarlos a cabo, el contexto de la organización y sus partes interesadas, el alcance del SGC, etc...hasta llegar a la auditoría interna y la revisión por la dirección, que sería el paso previo para certificarse. En este enlace puede descargarse un checklist para la implementación de la norma - Porject checklist for ISO 9001:2015: https://info.advisera.com/9001academy/free-download/project-checklist-for-iso-9001-2015-implementation

    Estos materiales pueden ayudarle con la implementación de ISO 9001:2015:
    - Libro – Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
    - Formación gratuita en línea – Fundamentos de ISO 9001:2015 : https://advisera.com/es/formacion/curso-fundamentos-iso-9001/

  • ISO 13485 Lead Auditor

    Thanks for your reply to my questions. I do appreciate it.

  • List of referenced risks and numbers

    Please note that these referenced risks and numbers are only examples for the training, so there is no complete list of risks.

    To see a comprehensive list of threats and vulnerabilities you can use to develop a risk assessment and a risk treatment plan, please see this article:

    In the Risk Assessment Table template available at this link: https://advisera.com/27001academy/documentation/risk-assessment-table/

    You can see a demo of a list of assets, threats, and vulnerabilities.

    This article will provide you a further explanation about risk assessment:

    These materials will also help you regarding risk assessment:

  • Key elements of ISO 27001

    First is important to note that ISO 27001 is not about "how to" (e.g., which documents, technologies, and other solutions to use), but about "what needs to be done" (i.e., which objectives to achieve, like treat risks, train people, etc.)

    Considering that, some key elements you need to consider are:

    • Top management support
    • Definition of roles and responsibilities
    • Information security risk management
    • Employees engagement

    These articles will provide you a further explanation about ISO 27001:

    These materials will also help you in presenting ISO 27001:

  • Main challenges in the implementation of ISO 27001

    The main challenges related to ISO 27001 implementation are:

    • Lack of management support: without this support, you won't have the minimal resources and engagement to implement the required controls.
    • Not using a project management approach: such implementation involves coordinating several people to perform dozens of activities, and without a methodology, you will finish inside a huge mess with no security at all.
    • Lack of time for the implementation project: The project can be very important, but normally, there are a lot of urgent things happening that postpone the project.
    • ISMS scope wrongly defined: not protecting information that really matters.
    • Documentation: Procedures excess or lack of details may compromise operations.

    This article will provide you additional information:

    These materials will also help you regarding ISO 27001 implementation:

  • Information Security Management System

    Would you advise (feasible) and what recommendations would you give during or after the design of the ISMS an application be developed to carry out an automated and adequate management and monitoring of information security, with traceability when implementing an Information Security Management System ( ISMS)?

    Please note that while some activities, like risk assessment and internal audit, require a lot of analysis and evaluation work to be done, and it is not possible to automate them, because some decisions require a human feeling and perception of the business environment that a machine cannot properly evaluate, some activities you can be automated, such as:

    • collect data from existing databases (e.g. to help identity assets if an asset-threat-vulnerability risk assessment approach is used)
    • compare data gathered with risk level limits to warn about risks that require further analysis
    • organize and present data for decision making.

    Considering that, in the development of an ISMS application to fulfill your needs, you need first identify which requirements this application needs to meet, to see the level of automation you can reach, and if this is enough for your purposes.

    This article will provide you a further explanation about the use of tools:

  • How to inspire people for new standard?

    The most effective ways to get the engagement of people are:

    • to show them how the new standard can benefit them, help them achieve their business results
    • always take their opinion into account on project decisions
    • be transparent with them about what you are going to do and why
    • help them to resolve conflicts of interest with other areas, searching for mutually beneficial solutions

    For further information, see:

  • ISO 27001 Asset Management and Information Classification

    The relation between them is that information classification policy is applied to the assets considered relevant to the ISMS scope, and these are identified and managed through the asset management process.

    But please note that neither the Information Classification Policy and the Assessment Management Process, as well as information labeling, are prescribed by ISO 27001. They are only needed if there are relevant risks, or legal requirements, demanding their implementation.

    Considering that, and your started scenario, information, and processes are also assets (you can add, for example, the categories "information" and "processes"), and the other stated assets also need to be classified (as Confidential, Restricted, or Internal use).

    In case you have an asset like a laptop storing information with different classifications, you must use the highest classification to classify the laptop (in your case the laptop is to be considered confidential).

    For further information, see:
Page 296-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +