Search results

Life cycle and environmental aspects matrix integration

In your environmental aspect’s matrix, you may have a column indicating where, in your organization’s activities, product or services, the environmental aspect is generated. You can also include there, activities done by suppliers or subcontractors or by interested parties downstream, like users.

In the following example:

The first activity is done by a subcontractor that electroplates metal poles for solar public lighting.

The second activity is done by the user at the end of lifetime of the battery that stores solar energy for night use.

Please check this information below with more detailed answer:

• How does product life cycle influence environmental aspects according to ISO 14001:2015? - https://advisera.com/14001academy/blog/2016/03/21/how-does-product-life-cycle-influence-environmental-aspects-according-to-iso-140012015/
• Free webinar on demand - How to use a Documentation Toolkit for the implementation of ISO 14001 - https://advisera.com/14001academy/webinar/how-to-use-a-documentation-toolkit-for-the-implementation-of-iso-14001-free-webinar-on-demand/
• Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
• Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/
   

Risk management process overview

Risk management has four elements:

Risk Determination – determine risks about the system as a whole, about the processes and about the products or services delivered.

Prioritize Risks - Risks do not all have the same importance. Some will be more serious than others. It is necessary to arrange criteria for classifying and distinguishing the most serious risks from the least serious ones.

Mitigate Risks – Develop actions that minimize the consequences of the risks and or the likelihood of their occurrence.

Measure Effectiveness – Evaluate if the actions were effective in handling the priority risks.

Please check this free webinar on demand where I explain risk scope and risk management with examples. Free webinar – How to implement risk management in ISO 9001:2015 - https://advisera.com/9001academy/webinar/how-to-implement-risk-management-in-iso-90012015-free-webinar-on-demand//

The following material will provide you more information:

• Risk-based thinking replacing preventive action in ISO 9001:2015 – The benefits - https://advisera.com/9001academy/knowledgebase/risk-based-thinking-replacing-preventive-action-in-iso-90012015-the-benefits/
• How to address risks and opportunities in ISO 9001 - https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
• How to identify risk significance in ISO 9001:2015 - https://advisera.com/9001academy/blog/2019/01/14/how-to-identify-risk-significance-in-iso-90012015/
• How to identify risk controls in ISO 9001:2015 - https://advisera.com/9001academy/blog/2019/01/21/how-to-identify-risk-controls-in-iso-90012015/
• Methodology for ISO 9001 Risk Analysis - https://advisera.com/9001academy/blog/2015/09/01/methodology-for-iso-9001-risk-analysis/
• ISO 9001:2015 Risk Management Toolkit - https://advisera.com/9001academy/iso-90012015-risk-management-toolkit/
• Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
   

ISO in a Public Transportation agency

First step is to determine the scope of the quality management system. Then, determine the interested parties with whom the agency interacts to meet its purpose. Then, design a model of how the organization works based on the process approach. Please check this free webinar on demand - The Process Approach - What it is, why it is important, and how to do it - https://advisera.com/9001academy/webinar/iso-9001-process-approach-free-webinar-on-demand/

Now, you can develop your quality management system based on two main vectors:

Characterize each process
Determine context, define policy, objectives, risks and opportunities and action plans

Then, implement, audit and perform a management review.

You can find detailed information about how to plan and implement a quality management system in the following links:

• Checklist of ISO 9001 implementation & certification steps - https://advisera.com/9001academy/knowledgebase/checklist-of-iso-9001-implementation-certification-steps/
• ISO 9001 Implementation diagram - https://info.advisera.com/9001academy/free-download/iso-9001-implementation-diagram
• Free webinar on demand - Overview of ISO 9001 implementation steps - https://advisera.com/9001academy/webinar/overview-of-iso-9001-implementation-steps-free-webinar-on-demand/
• Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

Scaling implementation of ISO 22301 to facilitate implementation

First of all, implementing a certification in multiple geographic locations is a complex task and you should go for it only if it is really necessary for business strategies and objectives. Instead, you should consider the prioritization of locations and implementing the certification one location at a time.

In case there is a need for simultaneous implementation across multiple sites, a good approach would be:

1. evaluate sites to identify interrelationships and dependencies between them
2. define groups with similar characteristics, like size, business stream, interrelationships and dependencies
3. define how to fulfill the standard's requirements considering two levels: the first level covering what is common for all defined groups (e.g., most aspects of business continuity policy, document control procedure, management review, Business Impact Analysis Methodology, etc.), and the second level covering what needs to be defined by each group, or unique location (e.g., continuity objectives, business continuity strategy, business continuity plan, etc.)
4. Develop the general documents in a global way and after those are developed, then coordinate the development of specific documents in the other sites

For further information, see:

• 17 steps for implementing ISO 22301 https://advisera.com/27001academy/knowledgebase/17-steps-for-implementing-iso-22301/22301/iso-22301/

ISO 9001 A process interaction diagram

Creating a process interaction diagram is about modeling how an organization works using the process-based approach. Please check this free webinar on demand - The Process Approach - What it is, why it is important, and how to do it - https://advisera.com/9001academy/webinar/iso-9001-process-approach-free-webinar-on-demand/ that explains how to develop the model, how to characterize each process and how to use it to support competency, for example.

The following material will provide you more information:

• Article – ISO 9001: The importance of the process approach - https://advisera.com/9001academy/blog/2015/12/01/iso-9001-the-importance-of-the-process-approach/
• Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
• I base this book in the process approach - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

ISO 9001 Internal Auditor

Unfortunately, Advisera has no case study for e-commerce industry.

Any audit is based on comparing reality with criteria:

So, first determine scope, objective and criteria for your audit.

When studying the criteria think about risks, what can go wrong.

Then, design a checklist considering these topics and prepare an agenda.

Please check this information below with more detailed answer:

• Internal Audits in the EMS: Five Main Steps - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/internal-audits-in-the-ems-five-main-steps/
• Free webinar on demand - How to perform an ISO 9001:2015 internal audit -https://advisera.com/9001academy/webinar/how-to-perform-an-iso-9001-2015-internal-audit-free-webinar-on-demand/
• Please find in this free webinar on demand - How to perform an internal audit remotely -https://advisera.com/9001academy/webinar/remote-internal-audit-free-webinar-on-demand/
• Enroll for free in ISO 14001:2015 Internal Auditor Course - https://advisera.com/training/iso-14001-internal-auditor-course/
• Book - ISO internal audit: A plain English guide: https://advisera.com/books/iso-internal-audit-plain-english-guide/
   

ISO 9001 Effectively auditing training and skills development

How to effectively audit training and skills development?

Answer:

You can have two kinds of audits: conformance or performance audits.

With conformance audits you want to check if the standard and or internal procedures are followed.

With performance audits you want to check if the training and skills development investments are effective. For example, your organization may provide training to reduce product nonconformity or improve productivity. Your performance audit can check if actually training had any impact on product nonconformity levels or productivity levels.

What would be the audit criteria?

Answer:

For conformance audits you have as audit criteria, the standard and your organization’s internal procedures. For performance audits you have as audit criteria the training objectives.

Should there be a training plan in addition to training records?

Answer:

Although not mandatory according to ISO 9001:2015 it is a good practice that I recommend

The following material can provide more information

• ISO 9001 internal auditor training: Is it for me? - https://advisera.com/9001academy/blog/2015/06/02/iso-9001-internal-auditor-training-is-it-for-me/
• Free online training ISO 9001:2015 Internal Auditor Course: https://advisera.com/training/iso-9001-internal-auditor-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
   

ISMS scope - IT admins out of the scope?

1. We want to restrict the scope to one software support service only. There are about 100 employees working on this support service with customers. Could we define the Scope as a service?

 ISO 27001 ISMS scope can be defined in terms of locations, information, business units, of processes to be protected, so you can define a single software support service as your ISMS scope.

For further information, see:

• How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/

2. There are 5 office locations. Should we name exact addresses or just cities?

 You need to identify the exact addresses of each office location from where the software support service is provided.

3. There are two servers in the cloud for the service, they are administered by our IT admins, so they are asset owners for them. The question is: can IT system administrators be not in the scope? Or should all the assets/asset owners be in the scope?

You can define the IT system administrators as out of scope, but you need to evaluate if this separation is worth the effort (since they administrate assets that are part of the service, you would need to treat them as an external supplier for your ISMS scope).

For further information, see:

• Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/