Search results

Home / Search

Category:

Sort by:

Select

Types of user:

Select

11269 results

Guest

Create New Topic As guest or Sign in

Business department* About business* Organization size*

Title *

Body *

HTML tags are not allowed

Category *

Select

Assign topic to the user

Select user

Full Time ISMS Manager

For such a small company you do not need a full-time ISMS manager (needed activities will take him/her perhaps 20% of the time), so this role can be given as an additional function to an already exiting role in your organization, probably someone from the top management, or someone which answer directly to them.

Since related activities must be performed at certain periodicity, you should avoid designate them on an ad-hoc basis, because of risk to lose information when the activities are transferred from one person to another.

These articles will provide you a further explanation about the IS manager role:
- What is the job of Chief Information Security Officer (CISO) in ISO 27001? https://advisera.com/27001academy/knowledgebase/what-is-the-job-of-chief-information-security-officer-ciso-in-iso-27001/
- Chief Information Security Officer (CISO) – where does he belong in an org chart? https://advisera.com/27001academy/blog/2012/09/11/chief-information-security-officer-ciso-where-does-he-belong-in-an-org-chart/
- Roles and responsibilities of top management in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/06/09/roles-and-responsibilities-of-top-management-in-iso-27001-and-iso-22301/
ISO 9001 Resources required for implementation

There is no mandatory requirement for the existence of a QMS manager.

However, during the implementation of the QMS it is important to have a Project Manager to conduct the project. If it is a full-time job or not depends on the investment in training and the ability to develop teamwork. Theoretically, it is not needed to have a QMS manager developing a Quality Control Plan if you have a team in your company that assumes the job: for example the warehouse responsible, the shift managers and one or two operators can design, request approval, train and implement the use of that Quality Control Plan.

You can find more information below:
- What will be the destiny of the management representative in the new ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/what-will-be-the-destiny-of-the-management-representative-in-the-new-iso-90012015/
- Choosing the best person for the job quality management representative: https://advisera.com/9001academy/blog/2014/06/03/choosing-best-person-job-quality-management-representative/
- Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
ISO 9001 Needs and Expectations

I do not know if I’m understanding your question. So, what can be the needs and expectations for a Business Development Department of an EPC company. There is no technical answer, just a management answer according to strategic orientation and target customers. It can be about the volume of business for a certain period of time, it can be about the margins and/or types of demand. To whom thus the Business Development Department answers? What is success for that internal customer? That may be what will be nice set of need and expectations for the department.

The following material will provide you more information:
- Article - How to define Key performance indicators for a QMS based ISO 9001: https://advisera.com/9001academy/24/define-key-performance-indicators-qms-based-iso-9001/-iso-9001/
- Article - How to write good quality objectives: https://advisera.com/9001academy/knowledgebase/how-to-write-good-quality-objectives/
- Free webinar on demand - Measurement, analysis, and improvement according to ISO 9001:2015 -
  https://advisera.com/9001academy/webinar/measurement-analysis-and-improvement-according-to-iso-9001-2015-free-webinar/
- Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
ISO 9001 Question

There is no general rule that one must follow. What we must bear in our mind is the need to clearly identify documents and allow an easy way of checking it they are updated. When I use annexes I call them annexes 1 or 2 or 3 of the document X, I don’t follow the same format, actually I use annexes to be free of using the most useful format for each situation. And I use a separate way of identifying versions to allow changing the main document without changing the annex and vice versa.

You can find more information about documents and records below:
- How to structure quality management system documentation - https://advisera.com/9001academy/knowledgebase/how-to-structure-quality-management-system-documentation/
- New approach to document and record control in ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/
- Free online training ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- Book - Managing ISO Documentation: A Plain English Guide - https://advisera.com/books/managing-iso-documentation-plain-english-guide/
ISO 9001:2015 y ISO 14001:2015 integración

Para implementar la norma ISO 9001 e ISO 14001 de forma integrada puede ayudarse de los siguientes materiales:

- How to integrate ISO 14001 and ISO 9001: https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/how-to-integrate-iso-14001-and-iso-9001/

- Cuadro comparativo - ISO 14001:2015 vs ISO 9001:2015 Matrix: https://info.advisera.com/14001academy/free-download/iso-4001-2015-vs-iso-9001-2015-matrix

- Webinar gratuito - Cómo integrar ISO 9001:2015 e ISO 14001:2015: https://advisera.com/9001academy/es/webinar/how-to-integrate-iso-90012015-and-iso-140012015-free-webinar-on-demand/

Además estos materiales también pueder ayudarle a entender los requisitos de las diferentes normas:

- Curso online gratuito - Curso de Fundamentos de la Norma ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/

- Curso online gratuito - Curso de Fundamentos de la Norma ISO 14001:2015: https://advisera.com/training/es/course/curso-fundamentos-iso-14001/

- Libro - Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

- Libro - the ISO 14001:2015 companion: https://advisera.com/books/the-iso-14001-2015-companion/
6.2 Information security goals and planning to achieve them

Please note that usually objectives are set at two levels:
1. General ISMS level (for this you can use the Information Security Policy, located on folder 04 General Policies)
2. Security controls (for this you can use the Statement of Applicability, located on folder 06 Applicability of Controls)
Regarding the Plan to achieve the objectives, you need the Risk Treatment plan, located on folder 07 Implementation Plan

For further information, see:
- ISO 27001 control objectives – Why are they important? https://advisera.com/27001academy/blog/2012/04/10/iso-27001-control-objectives-why-are-they-important/
ISO 9001 KPI

KPIs should be a function of the strategic orientation of an organization. Simplifying a complex world, an organization can serve clients that value above all:
- The lowest price; or
- Innovation or design; or
- Customized service.
If an organization manufactures a product or provides a service focused:
- on customization, the point is not efficiency but effectiveness;
- on the lowest cost, the point is efficiency.
Some years ago, I developed this crazy metaphor of seeing an organization with all its processes as an athlete. If you compare the body of someone competing on athletics with the body of someone that competes on weightlifting, they are very, very different. The body of a soccer player is very different from the body of a basketball player. Different strategic orientations require different process content. Two different organizations with two different strategic orientations may have a process with a similar name but with different activities or different priorities.

So, beware of the relationship of strategic orientation and KPIs.

The following material will provide you more information:
- Article - How to define Key performance indicators for a QMS based ISO 9001: https://advisera.com/9001academy/24/define-key-performance-indicators-qms-based-iso-9001/-iso-9001/
- Article - How t write good quality objectives: https://advisera.com/9001academy/knowledgebase/how-to-write-good-quality-objectives/
- Free webinar on demand - Measurement, analysis, and improvement according to ISO 9001:2015 -
  https://advisera.com/9001academy/webinar/measurement-analysis-and-improvement-according-to-iso-9001-2015-free-webinar/
- Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
ISO 9001 Quality Policy

The quality policy sets priorities, sets guidelines for defining objectives and plans for action. There is no mandatory relationship between quality policy and business plan. ISO 9001:2015 does not mention the business plan. Also, ISO 9001:2015 does not makes any requirement about the relationship between quality policy and procedures.

The following material will provide you more information:
- How does the ISO 9001:2015 revision affect the Quality Policy? - https://advisera.com/9001academy/blog/2018/04/10/how-does-the-iso-90012015-revision-affect-the-quality-policy/
- Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
Is 'governance' is listed as a control in ISO/IEC 27001 Annex A?

Governance is not listed as a control in ISO/IEC 27001 Annex A, but there are several controls that can help implement governance practices in an organization such as:
- A.5.1.1 Policies for information security
- A.5.1.2 Review of the policies for information security
- A.6.1.1 Information security roles and responsibilities
- A.18.1.1 Identification of applicable legislation and contractual requirements
This article will provide you a further explanation about governance and ISO 27001:
- Should information security focus on asset protection, compliance, or corporate governance? https://advisera.com/27001academy/blog/2017/03/13/information-security-focus-asset-protection-compliance-corporate-governance/

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +

Search results

11269 results

Create New Topic As guest or Sign in

Assign topic to the user

Want to vote?

Full Time ISMS Manager

ISO 9001 Resources required for implementation

ISO 9001 Needs and Expectations

ISO 9001 Question

ISO 9001:2015 y ISO 14001:2015 integración

6.2 Information security goals and planning to achieve them

ISO 9001 KPI

ISO 9001 Quality Policy

Is 'governance' is listed as a control in ISO/IEC 27001 Annex A?

Didn’t find an answer?