Search results

ISO 14001 Wastage of resources

You can start with clause 6.1.2, when you determine environmental aspects and impacts and you realize that, more than consumption, you have wastage of water. Then you can have clause 6.1.4 where you have an action plan to address that significant environmental aspect. That action plan may be translated into rules, good practices for operational control, clause 8.1.

Please check this information below with more detailed answer:

• 4 steps in identification and evaluation of environmental aspects - https://advisera.com/14001academy/knowledgebase/4-steps-in-identification-and-evaluation-of-environmental-aspects/
• What makes an environmental aspect significant in ISO 14001? - https://advisera.com/14001academy/blog/2015/03/09/what-makes-environmental-aspect-significant-in-iso-14001/
• Defining and implementing operational control in ISO 14001:2015 - https://advisera.com/14001academy/blog/2016/04/11/defining-and-implementing-operational-control-in-iso-140012015/140012015/
• Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
• Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/

ISO27001 - How to meet the requirement of A.17.1 and A.17.1.2

I'm assuming you are referring to controls A.17.1.1 and A.17.1.2.

Considering that, controls from ISO 27001 Annex A section A.17 (Information security aspects of business continuity management) aims to minimize risks that, in case of an event that disrupts business operations, the information will be kept protected, and operations that rely on them will be resumed as quickly as possible.

To show compliance with control A.17.1.1, an organization needs to identify and include information security requirements in its reparations for business continuity. To do that the organization should ensure that the information security requirements are included when planning for business continuity and disaster recovery. One way to do that is by performing a business impact analysis for information security aspects to verify if the information security requirements being covered in adverse situations.

To show compliance with control A.17.1.2, an organization needs to ensure processes, procedures, and controls required for information security are documented, implemented, and maintained. To do that the organization should:

• put in place a management structure to prepare for, mitigate and respond to a disruptive event using proper resources and competence;
• nominate competent personnel to manage incidents
• documented and approve plans, response and recovery procedures to handle incidents

This article will provide you a further explanation about business continuity for ISO 27001:

• How to use ISO 22301 for the implementation of business continuity in ISO 27001 https://advisera.com/27001academy/blog/2015/06/15/how-to-use-iso-22301-for-the-implementation-of-business-continuity-in-iso-27001/

This material will also help you regarding business continuity for ISO 27001:

• ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/

Affixing ISO 13485 mark on product

Rules and obligations of how to manage a certification mark, where you can all put a mark for ISO 13485 you must get from your certification body.

ISO 14001 Internal and external issues

Internal issues are about events or products and services that may affect an organization’s environmental performance. For example, a transport company with a very old and inefficient truck fleet.

External issues are about legal, economic, social, or political issues. For example, government may impose more demanding limits to emissions or customers may decide to reward companies with better environmental performance.

As examples of measurable environmental targets, we may have:

• Reducing waste sent to landfills in %
• Reduce hazardous waste production in %
• Increasing waste recycling in %
• Reduce water consumption per unit produced
• Reduce CO2 emissions from transport used per unit produced 

You just have to add a specific target, time frame and responsible.

As examples of risks we may have:

As examples of opportunities we may have:

• A local government help fund to support truck fleet renovation.

You can find more information below:

• Determining the context of the organization in ISO 14001 https://advisera.com/14001academy/knowledgebase/determining-the-context-of-the-organization-in-iso-14001/
• ISO 14001 risks and opportunities vs. environmental aspects - https://advisera.com/14001academy/blog/2016/03/21/how-does-product-life-cycle-influence-environmental-aspects-according-to-iso-140012015/
• Risks and opportunities in ISO 14001:2015 – What they are and why they are important - https://advisera.com/14001academy/blog/2016/03/07/risks-and-opportunities-in-iso-140012015-what-they-are-and-why-they-are-important/
• ISO 14001 document template: Procedure for Identification and Evaluation of Environmental Aspects and Risks - https://advisera.com/14001academy/documentation/procedure-for-identification-and-evaluation-of-environmental-aspects/
• Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
• Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/

ISO 9001 Common quality risks in IT functions

Start with the purpose of the IT function.

What are the expected results of the work of the IT function?

When working with ISO 9001:2015, the risk is the effect of uncertainty on objectives – or anything which may impact upon meeting objectives or expected results.

I can think of the following negative outcomes:

• Lose privacy data from customers
• Lose access to data from customers or operations due to virus attack
• Inability to operate due to IT down

More important than the examples is having a methodology.

The following material will provide you more information about risks and opportunities:

• How to address risks and opportunities in ISO 9001 - https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
• Please check this free webinar on-demand - Free webinar – How to implement risk management in ISO 9001:2015 - https://advisera.com/9001academy/webinar/how-to-implement-risk-management-in-iso-90012015-free-webinar/
• Enroll for the free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

Life cycle perspective

ISO 14001:2015 states that organizations when determining environmental aspects and impacts should consider the lifecycle of its products and services. ISO 14001:2015 uses the word “consider” because each organization must be aware of its context. A small organization has little power or impact over suppliers. A small organization has little influence over its customers and/or customers’ customers. So, considering your organization’s power and influence and the set of suppliers and customers and other participants until final disposal of your products or services, evaluate where significant environmental aspects and impacts are and where your power and influence can help reduce or minimize environmental impacts. Then, invite your suppliers and customers to work with you in order to develop action plans that can improve the relationship with the environment.

You can find more detailed information below:

• Article - How does product life cycle influence environmental aspects according to ISO 14001:2015: https://advisera.com/14001academy/blog/2016/03/21/how-does-product-life-cycle-influence-environmental-aspects-according-to-iso-140012015/
• Article - Lifecycle perspective in ISO 14001:2015: what does it mean: https://advisera.com/14001academy/blog/2017/02/20/lifecycle-perspective-in-iso-140012015-what-does-it-mean/
• Enroll for free online training - ISO 14001:2015 Foundations Course: https://advisera.com/training/iso-14001-internal-auditor-course/
• Book – The ISO 14001:2015 companion: https://advisera.com/books/the-iso-14001-2015-companion/
   

OEM during COVID

What are OEM doing during Covid?

OEM customers are in the process of COVID-19; They stopped production for 2 to 3 months. Some companies still work at home, with the exception of the manufacturing process. Production capacities are also low. They also took many measures to protect against COVID 19.

What are the plans for internal audit?

Internal audits are often postponed, some process internal audit (except for the production process) were done online, in online environments such as zoom or skype. After the COVID process, internal audit plans will be prioritized according to risk and importance.

ISO 27001 statutory requirements

To fulfill ISO 27001 mandatory requirements (e.g., defining the ISMS scope, the Information security policy, performing an internal audit, etc.) and keep required controls to a minimum, you should follow these principles:

• create only the documents you really need
• avoid unnecessary content in required documents (let the documents be written by the employees who will be using those documents in day-to-day operations)
• keep all people in the scope aware of the ISMS and its importance
• keep documentation updated
• measure regularly the results to be sure you achieved your goals (or to implement needed adjustments)

These articles will provide you a further explanation about ISO 27001 implementation:

• 5 ways to avoid overhead with ISO 27001 (and keep the costs down) https://advisera.com/27001academy/blog/2012/06/19/5-ways-to-avoid-overhead-with-iso-27001-and-keep-the-costs-down/
• ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
• Where to start from with ISO 27001 https://advisera.com/27001academy/knowledgebase/iso-27001-where-to-start-most-important-materials/

These materials will also help you regarding ISO 27001 implementation:

• Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
• ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/