Search results

Disaster recovery plan in ISO 9001

ISO 9001:2015 does not require creating a disaster recovery plan.

It is not required to have implemented a quality management system according to ISO 9001:2015 to create a recovery disaster plan.

What happens is that ISO 9001:2015 in clause 6.1 requires that organizations determine potential risks and evaluate them. If those risks are significant, organizations should implement actions to prevent those risks from happening or minimizing its consequences. If an organization determines and evaluates potential risks with catastrophic consequences it may conclude that a disaster recovery plan must be design and implemented. Attention, designing that plan would be a decision from the organization not a mandatory requirement from the standard.

The following material will provide you more information about risks and opportunities:

• Risk-based thinking replacing preventive action in ISO 9001:2015 – The benefits - https://advisera.com/9001academy/knowledgebase/risk-based-thinking-replacing-preventive-action-in-iso-90012015-the-benefits/
• How to address risks and opportunities in ISO 9001 - https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
• Please check this free webinar on demand - Free webinar – How to implement risk management in ISO 9001:2015 - https://advisera.com/9001academy/webinar/how-to-implement-risk-management-in-iso-90012015-free-webinar/
• Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ where I use the risk-based thinking in several examples.
   

What should I request from the client to do a DR Plan?

Broadly speaking, considering ISO 27031, an ISO standard focused on IT disaster recovery, a Disaster Recovery Plan should cover:

• Required key competencies and knowledge
• Facilities
• Data
• Processes
• Suppliers

To see how a disaster recovery plan looks like, I suggest you take a look at the free demo of our Disaster Recovery Plan at this link: https://advisera.com/27001academy/documentation/disaster-recovery-plan/

This document will help you to define precisely how an organization will recover its IT infrastructure and IT services within set deadlines in the case of a disaster or other disruptive incident, also attending requirements of ISO 27001 and ISO 22301.

This article will provide you a further explanation about ISO 27031:

• Understanding IT disaster recovery according to ISO 27031 https://advisera.com/27001academy/blog/2015/09/21/understanding-it-disaster-recovery-according-to-iso-27031/

ISO 27000 Lead Auditor

1.Is it necessary or recommended to have a foundation certification to be secured prior to the lead auditor certification?

ISO 27001 Lead Auditor certification does not require prior certifications.

To take the exam you need to attend the ISO 27001 Lead Auditor course, which provides enough information for the exam (although previous knowledge and/or experience may allow you to take more value from the course).

These articles will provide you a further explanation about the lead auditor course:

• How to become ISO 27001 Lead Auditor https://advisera.com/27001academy/knowledgebase/how-to-become-iso-27001-lead-auditor/
• What does ISO 27001 Lead Auditor training look like? https://advisera.com/27001academy/blog/2016/08/29/what-does-iso-27001-lead-auditor-training-look-like/

These materials will also help you regarding the lead auditor course:

• ISO 27001 Lead Auditor Course preparation training [free webinar on demand] https://advisera.com/training/iso-27001-lead-auditor-course/
• ISO 27001 Lead Auditor Course https://advisera.com/training/iso-27001-lead-auditor-course/

2. I am a Quality Manager with relevant 8 years of experience and I intend to switch to core GRC roles. Will this certification benefit to clear CISA as my future certification aspirations?

ISO 27001 Lead Auditor can help you prepare for CISA certification, but please note that CISA is more comprehensive than ISO 27001 Lead Auditor, so you will have to complement your study.

This article will provide you a further explanation about CISA and ISO 27001:

• CISA vs. ISO 27001 Lead Auditor certification https://advisera.com/27001academy/blog/2015/05/11/cisa-vs-iso-27001-lead-auditor-certification/

3. Any other tips if you think might help me scale up would be appreciated.

ISO 27001 can support part of the Governance, Risk, and Compliance process, so to enhance your skills you also have to consider competences related to COSO and COBIT.

These articles will provide you a further explanation about COSO, COBIT, and Governance:

• How to integrate COSO, COBIT, and ISO 27001 frameworks https://advisera.com/27001academy/blog/2016/10/10/how-to-integrate-coso-cobit-and-iso-27001-frameworks/
• Should information security focus on asset protection, compliance, or corporate governance? https://advisera.com/27001academy/blog/2017/03/13/information-security-focus-asset-protection-compliance-corporate-governance/

Risk Assessment

First is important to note that ISO 27001 does not prescribe an approach to be used for risk assessment, only what must be performed.

Considering that, we generally recommend the asset-based risk assessment, because it is easier to perform. However,  with the process-based risk assessment you can have a more understandable context to identify and evaluate risks, so the decision about which approach to use will depend on the competencies you have available and objectives you want to achieve.

These materials will provide you a further explanation about risk assessment approaches:

• ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
• ISO 31010: What to use instead of the asset-based approach for ISO 27001 risk identification https://advisera.com/27001academy/blog/2016/04/04/iso-31010-what-to-use-instead-of-the-asset-based-approach-for-iso-27001-risk-identification/
• Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/

Documented checklist for SaMD

Here you can find  the general list of mandatory documents for ISO 13485:2016:

• List of mandatory documents required by ISO 13485:2016 https://advisera.com/13485academy/blog/2017/01/18/list-of-mandatory-documents-required-by-iso-134852016/

As a manufacturer of software, from that list you do not need the following:

• Arrangements for control of contaminated or potentially contaminated product (clause 6.4.2)
• Requirements for cleanliness of product (clause 7.5.2)
• Records of sterilization process (clause 7.5.5
• Procedure and records for validation of process for sterilization and sterile barriers systems (clause 7.5.7)
• Records of traceability and name and address of the shipping package consignee (clause 7.5.9.2)
• Procedure for preserving the conformity of product (clause 7.5.11)
• Records of rework (clause 8.3.4)

If you do not have any kind of service (repair) in your business, then even the following requirement is not applicable for you:

• Procedure and records for servicing of the medical device (clause 7.5.4)

Furthermore, each medical device software must be in compliance with the following standard:

• IEC 62304:2006/AMD 1:2015 Medical device software — Software life cycle processes — Amendment 1 https://www.iso.org/standard/64686.html

For more information on ISO 13485, please see the following links:

• What is ISO 13485? - https://advisera.com/13485academy/what-is-iso-13485/How to get ISO 13485 certified? - https://advisera.com/13485academy/iso-13485-certification/
• Checklist of ISO 13485 implementation and certification steps - https://advisera.com/13485academy/knowledgebase/checklist-of-iso-13485-implementation-and-certification-steps/

• ISO 9001 Question

  ISO 9001:2015 prefers using the term non-applicability of clauses. Only clauses from section 8 may be considered as non-applicable.

  8.1 is very general and applicable to all organizations, 8.2 is about commercial activities, every organization has commercial activities. 8.3 is about design and development and it is applicable since it is your main service. 8.4 is about purchasing relevant to the service and it is applicable. 8.5 may be applicable to the service of technical supervision of the construction of the dams and it is also applicable to your design work. Your job is designing projects (both 8.3 and 8.5). You have quality control, check calculations, check test results and you sometimes have errors, mistakes, failures. So, clauses 8.6 and 8.7 are still applicable. I think that even subclause 8.5.3 is applicable once your customer may give you drawings, information where intellectual property or business secrets may be relevant.

  You may find more information below:

  • What clauses can be excluded in ISO 9001:2015? - https://advisera.com/9001academy/blog/2015/07/07/what-clauses-can-be-excluded-in-iso-90012015/2015/
  • Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
  • Book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
     

• ISO 9001 In an educational institution

  Unfortunately, I have no experience of working with ISO 21001. Why is your organization deciding to implement a management system? If it is as a marketing tool I recommend ISO 9001 just because is the most well known in the general public. However, even working to get ISO 9001 certification, I recommend using ISO 21001 as a guideline.

  ISO published in 2003, IWA 2:2003 - Quality management systems - Guidelines for the application of ISO 9001:2000 in education, a document updated in 2007 by IWA 2:2007 - Quality management systems -- Guidelines for the application of ISO 9001:2000 in education. However, as far as I know this 2007 guideline has been widrawn.

  ISO published in 2018, ISO 21001:2018 - Educational organizations -- Management systems for educational organizations -- Requirements with guidance for use. ISO 21001:2018 is a management system standard that is partially aligned with ISO 9001:2015 for quality managent systems.

  • The following material will provide you information about a QMS in an education setting:
    ISO 9001 – Should universities implement ISO 9001? - https://advisera.com/9001academy/blog/2015/04/21/should-universities-implement-iso-9001/
  • free online training I SO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
  • Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

   

   

• ISO 9001 Question

  Setup a project sponsor, a project manager and a project team. Determine the scope of the QMS, your organization may decide to include only certain lines of business. Ensure top management support, get training. Designing and implementing a quality management system (QMS) implies being knowledgeable about ISO 9001:2015.

  As a first step perform a Gap analysis, to determine the amount of work to be done - comparing what your organization already has in place versus ISO 9001:2015 requirements. From that GAP Analysis you can develop your Project Plan, listing what needs to be done, by whom, until when.

  Then, an important step is to design a model of how your organization work as a set of interrelated processes. For example:

  

  Decide how to describe and monitor those processes.

  From there it is implementation in order to close the gaps found. Then, perform an internal audit and the management review. There you can decide if your organization is ready for a certification audit.

  This is a very short description of the journey but below you can find more detailed information:

  You can find more information below:

  • Free Gap Analysis Tool - https://advisera.com/9001academy/iso-9001-gap-analysis-tool/
  • Should you use a gap analysis in your ISO 9001 implementation? -https://advisera.com/9001academy/17/use-gap-analysis-iso-9001-implementation/
  • Checklist of ISO 9001 implementation & certification steps - https://advisera.com/9001academy/knowledgebase/checklist-of-iso-9001-implementation-certification-steps/
  • ISO 9001 Implementation diagram - https://info.advisera.com/9001academy/free-download/iso-9001-implementation-diagram
  • How to budget an ISO 9001 implementation project - https://info.advisera.com/9001academy/free-download/how-to-budget-an-iso-9001-implementation-project?utm_source=script-for-iso-9001-lead-implementer-course&utm_medium=downloaded-content&utm_content=lang-en&utm_campaign=free-downloads-9001
  • Free webinar on demand - Overview of ISO 9001 implementation steps - https://advisera.com/9001academy/webinar/overview-of-iso-9001-implementation-steps-free-webinar-on-demand/
  • Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
  • Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
     

• ISO 9001 Pregunta

  La implantación de un Sistema de Gestión de Calidad sobre todo tiene beneficios en la empresa. Algunos de los más importantes son los siguientes: 

  - Una mejora de la credibilidad y de la imagen de la organización

  - Un incremento de la satisfacción del cliente

  - Una mejor integración de los procesos

  - Una mejora del compromiso de los empleados

  - Una mejora en la evidencia de la toma de decisiones

  - La creación de una cultura de mejora continua

  Es importante tener en cuenta que para obtener estos beneficios la implementación de ISO 9001:2015 debe contar con los recursos necesarios, tanto económicos como de personal. Por lo que estos costes deben de ser tenidos en cuenta antes de decirdirse por implementar un SGC en una organización.

  Estos materiales pueden ayudarle a entender el impacto de un SGC en una empresa:

  - Benefits of ISO 9001 implementation for small businesses: https://advisera.com/9001academy/blog/2018/09/17/benefits-of-iso-9001-implementation-for-small-businesses/

  - Seis beneficios clave de la implementación de ISO 9001: https://advisera.com/9001academy/pt-br/kit-de-documentacao-da-iso-9001/nowledgebase/seis-beneficios-clave-de-la-implementacion-de-iso-9001/

  - Curso gratuito en línea - Fundamentos de la norma ISo 9001:2015:  https://advisera.com/es/formacion/curso-fundamentos-iso-9001/

  - Libro - ISO 9001:2015 through practical examples:  https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/