Search results

ISO 14001 - Environmental objectives section

No, it is not the same thing.

Based on the environmental assessment an organization determines the significant environmental aspects.

Based on the environmental policy, that sets priorities, and on the significant environmental aspects, an organization must develop its environmental objectives. So, basically, under the priorities of the environmental policy, what environmental improvement challenges must be tackled with scarce resources.

Please check this information below with more detailed answers:

• How to Use Good Environmental Objectives - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/how-to-use-good-environmental-objectives/
• Examples of ISO 14001 objectives based on the different company sizes - https://advisera.com/14001academy/blog/2019/10/22/iso-14001-objectives-examples-for-different-company-sizes/
• Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
• Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/
   

Based on what the sample size to do MSA?

There are different types and purposes of MSA studies. One of them is GRR, which is a repeatability and reproducibility study. In this study, 3 operators measure 10 parts three times.  In other words, MSA study is performed according to 90 measurement results.

Another example of MSA studies is "BIAS" study.

The meaning of BIAS is the difference between the observed average of measurements and the reference value.  In this study, the reference part is measured at least 10 times by an operator.

As I mentioned above, there are different types of MSA studies. Such studies are applied according to the type of device and purpose.

For more information, you can see the following article:

• How to Establish Measurement System Analysis According to IATF 16949 https://advisera.com/16949academy/blog/2017/11/08/how-to-establish-measurement-system-analysis-according-to-iatf-16949/

   

   

• Risk Assessment Table

  This catalog included in the toolkit is generally enough for most of our customers, but if you need additional threats and vulnerabilities to you risk assessment, I suggest you see this document from Enisa, which shows a set of materials with lists of threats and vulnerabilities:

  • Reference source for threats, vulnerabilities, impacts and controls in IT risk assessment and risk management https://www.enisa.europa.eu/publications/archive/reference-source-for-threats-vulnerabilities-impacts-and-controls-in-it-risk-assessment-and-risk-management

• Mandatory Procedures

  First of all, we apologize for this situation. This article was written for the 2005 version of the standard.

  Although version 2005 of ISO 27001, in fact, prescribed four mandatory procedures, its current version does not prescribe them anymore (although some organizations keep/elaborate them as good practice). These currently non-mandatory procedures are: procedure for document and record control, internal audit procedure, corrective action procedure, and management review procedure.

  This article will provide you a further explanation about all mandatory documents and records for ISO 27001:

  • List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/

• Significant aspects of ISO 14001

  When working with organizations I start with what I think is the most basic rating system:

  Does it comply with compliance obligations? If no, it is significant. If yes, apply a second test based on frequency/probability versus severity.

  

  Where L stands for Low, M stands for Medium and H stands for High.

  Please check this information below with more detailed answers:

  • Environmental aspect identification and classification - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/environmental-aspect-identification-and-classification/
  • Free webinar - ISO 14001: Identification and evaluation of environmental aspects - https://advisera.com/14001academy/webinar/iso-14001-identification-and-evaluation-of-environmental-aspects-free-webinar-on-demand/
  • ISO 14001 document template: Procedure for Identification and Evaluation of Environmental Aspects and Risks - https://advisera.com/14001academy/documentation/procedure-for-identification-and-evaluation-of-environmental-aspects/
  • Enroll for free in this course – ISO 14001:2015 Lead Auditor Course - https://advisera.com/training/iso-14001-lead-auditor-course/
  • Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/
     

• Implementation of the function segregation matrix in a small company

  First is important to note that ISO 27001 does not prescribe how to document responsibilities in an ISMS, so organizations are free to document them the best they fit their needs.

  Considering that, there are two common ways:

  • you can document the segregated functions directly in the document they are used (e.g., documenting the responsibilities to create and test backup in the Backup Policy). In this approach, users have easy access to the information, but it is more complicated to have a systemic view
  • you can create a single function segregation matrix, documenting all segregated functions you have. In this approach, it is easier to have a general view of functions, but users may find it difficult to use the documents when needed.

  
  These articles will provide you a further explanation about documenting responsibilities and segregation of functions:

  • How to document roles and responsibilities according to ISO 27001 https://advisera.com/27001academy/blog/2016/06/20/how-to-document-roles-and-responsibilities-according-to-iso-27001/
  • Segregation of duties in your ISMS according to ISO 27001 A.6.1.2 https://advisera.com/27001academy/blog/2016/11/21/segregation-of-duties-in-your-isms-according-to-iso-27001-a-6-1-2/

• Implementação da matriz de segregação de funções em um empresa com 130 funcionarios

  Em primeiro lugar, é importante observar que a ISO 27001 não prescreve como documentar responsabilidades em um SGSI, portanto, as organizações são livres para documentá-las da melhor forma que atendam às suas necessidades.

  Considerando isso, existem duas maneiras comuns:

  • você pode documentar as funções segregadas diretamente no documento em que são usadas (por exemplo, documentar as responsabilidades para criar e testar o backup na Política de Backup). Nessa abordagem os usuários têm fácil acesso às informações, mas é mais complicado ter uma visão sistêmica
  • você pode criar uma única matriz de segregação de funções, documentando todas as funções segregadas que você possui. Nessa abordagem, é mais fácil ter uma visão geral das funções, mas os usuários podem achar difícil usar os documentos quando necessário.

  Estes artigos fornecerão mais explicações sobre a documentação de responsabilidades e segregação de funções:

  • Como documentar papéis e responsabilidades de acordo com a ISO 27001 https://advisera.com/27001academy/pt-br/blog/2016/06/22/como-documentar-papeis-e-responsabilidades-de-acordo-com-a-iso-27001/
  • Segregação de funções em seu SGSI de acordo com a ISO 27001 A.6.1.2 https://advisera.com/27001academy/pt-br/blog/2016/11/23/segregacao-de-funcoes-em-seu-sgsi-de-acordo-com-a-iso-27001-a-6-1-2/

• Individual relevance of ISO 9001

  ISO 9001 is a standard developed for organizations not for individuals. Nevertheless, it has benefits for employees. Please, check this article - What are the benefits of ISO 9001 for your employees? - https://advisera.com/9001academy/blog/2016/06/14/what-are-the-benefits-of-iso-9001-for-your-employees/

  You can find more information below:

  • Six Key Benefits of ISO 9001 Implementation - https://advisera.com/9001academy/knowledgebase/six-key-benefits-of-iso-9001-implementation/
  • Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
  • Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

• Implementing QMS in a consultancy firm

  Implementing a quality management system (QMS) for a consulting firm implies being very pragmatic and knowledgeable about ISO 9001:2015. Now the standard is less and less bureaucratic, it is up to each organization the task to design, develop and implement its QMS.

  Setup a project sponsor, a project manager and a project team. Determine the scope of the QMS. Your organization may provide consultancy services in several areas, but only want to certify one or two services. Ensure top management support, get training and as a first step perform a Gap analysis, to determine the amount of work to be done - comparing what your organization already has in place versus ISO 9001:2015 requirements. From that GAP Analysis you can develop your Project Plan, listing what needs to be done, by whom, until when.

  Then, an important step is to design a model of how your organization work as a set of interrelated processes. For example:

  

  Decide how to describe and monitor those processes.

  From there it is implementation in order to close the gaps found. Then, perform an internal audit and the management review. There you can decide if your organization is ready for a certification audit.

  This is a very short description of the journey but below you can find more detailed information:

  • Free Gap Analysis Tool - https://advisera.com/9001academy/iso-9001-gap-analysis-tool/
  • Should you use a gap analysis in your ISO 9001 implementation? -https://advisera.com/9001academy/17/use-gap-analysis-iso-9001-implementation/
  • Checklist of ISO 9001 implementation & certification steps - https://advisera.com/9001academy/knowledgebase/checklist-of-iso-9001-implementation-certification-steps/
  • ISO 9001 Implementation diagram - https://info.advisera.com/9001academy/free-download/iso-9001-implementation-diagram
  • Free webinar on demand - Overview of ISO 9001 implementation steps - https://advisera.com/9001academy/webinar/overview-of-iso-9001-implementation-steps-free-webinar-on-demand/
  • Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
  • Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
     

• Diagrama de tortuga

  Para definir los procesos en ISO 14001 debe de tener en cuenta las etapas del ciclo de vida de sus productos o servicios, tanto aquellos que puede controlar como aquellos en los que puede influir, para poder identificar todos los aspectos ambientales asociados a los procesos y establecer los controles operacionales necesarios. 

  El diagrama de tortuga por un lado emplea el caparazón para nombrar el proceso, y por otro,  utiliza las cuatro patas de la tortuga para representar cuatro preguntas sobre un proceso: con quién, con qué, cómo, con qué criterios (los indicadores de desempeño que indican el éxito o fracaso del proceso), y la cabeza y la cola para representar las preguntas sobre las entradas del proceso y las salidasdel proceso. 

  Para más información de cómo identificar los procesos en el diagrama de tortuga vea los siguientes materiales: 

  - The importance of the process approach: https://advisera.com/9001academy/blog/2015/12/01/iso-9001-the-importance-of-the-process-approach/

  - Curso fundamentos de la norma ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/

  - Libro - Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/