Search results

Control measure for material handling

The OH&S control measures that need to be put in place for material handling will vary greatly depending on the type of materials handled and the machines used; additionally, the legal requirements for the areas in question need to be taken into account as this can dictate the controls needed.

For instance, if a lift truck is used then the safety considerations of training the driver may need to be considered, as well as the safety considerations for the fuel used (such as propane storage). If, on the other hand, you use only hand powered trucks to move your material then these safety controls would be different, such as PPE for foot injury.

You can learn more about the levels of control that can be considered in the article: 5 levels of hazard controls in ISO 45001 and how they should be applied, https://advisera.com/45001academy/blog/2015/09/02/5-levels-of-hazard-controls-in-iso-45001-and-how-they-should-be-applied/

Numbering documents

According to ISO 9001:2015 clause 7.5.2 a) you do not need to number the documents; you need to have a methodology to identify each document. You can use numbers or titles, for example.

The following material will provide you more information:

• Some tips to make Document Control more useful for your QMS - https://advisera.com/9001academy/blog/2014/05/20/tips-make-document-control-useful-qms/
• Procedure for Document and Record Control - https://advisera.com/9001academy/documentation/procedure-document-record-control/
• Free online training ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
• Book - Managing ISO Documentation: A Plain English Guide - https://advisera.com/books/managing-iso-documentation-plain-english-guide/

Defining risk and opportunities

When you consider desired or expected results and due to uncertainty, you realize that you might not meet those results you are considering the influence of risks. Positive risks, also known as opportunities, help you meet or surpass desired results. Negative risks, risks, hinder your ability to meet those desired results.

ISO 9001:2015 does not require documenting risks and opportunities. So, organizations are free to decide if they document and how to document. I recommend organizations develop a register for risks and opportunities. That register can be global or per product/service, or per process, or per department.

For example, in the purchasing department you can identify risks such as:

• Selecting a bad supplier
• Receiving ordered material too late
• Receiving ordered material with quality problems

For example, in the purchasing department you can identify opportunities such as:

• Selecting a supplier with know-how that helps us develop innovative products
• Selecting a supplier that allows us to manufacture small amounts with fast response.

The following material will provide you more information:

• Risk-based thinking replacing preventive action in ISO 9001:2015 – The benefits - https://advisera.com/9001academy/knowledgebase/risk-based-thinking-replacing-preventive-action-in-iso-90012015-the-benefits/
• How to address risks and opportunities in ISO 9001 - https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
• How to identify risk significance in ISO 9001:2015 - https://advisera.com/9001academy/blog/2019/01/14/how-to-identify-risk-significance-in-iso-90012015/
• How to identify risk controls in ISO 9001:2015 - https://advisera.com/9001academy/blog/2019/01/21/how-to-identify-risk-controls-in-iso-90012015/
• Methodology for ISO 9001 Risk Analysis - https://advisera.com/9001academy/blog/2015/09/01/methodology-for-iso-9001-risk-analysis/
• ISO 9001:2015 Risk Management Toolkit - https://advisera.com/9001academy/iso-90012015-risk-management-toolkit/
• Please check this free webinar on-demand - Free webinar – How to implement risk management in ISO 9001:2015 - https://advisera.com/9001academy/webinar/how-to-implement-risk-management-in-iso-90012015-free-webinar/
• Enroll for the free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

ISO 9001 maintenance

Two recommendations:

• Improving the quality management system, making it more natural, and less an extra-work thing, simplifying it;
• Improving performance to provide additional motivation to keep and maintain the quality management system.

The following material will provide you more information:

• Focus your management system on the benefits - Six Key Benefits of ISO 9001 Implementation - https://advisera.com/9001academy/knowledgebase/six-key-benefits-of-iso-9001-implementation/ and What are the benefits of ISO 9001 for your employees? - https://advisera.com/9001academy/blog/2016/06/14/what-are-the-benefits-of-iso-9001-for-your-employees/
• In this free webinar on-demand you can find an invitation to develop and use relevant performance metrics for the business - Measurement, analysis, and improvement according to ISO 9001:2015 - https://advisera.com/9001academy/webinar/measurement-analysis-and-improvement-according-to-iso-9001-2015-free-webinar/
• Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
• Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

Nonconformities and corrections identified during and audit

ISO 27001 does not prescribe how to develop documents, so you can record nonconformities and corrections in the same document that you are using to capture risks, but we do not recommend such an approach.

The reason is that, if nonconformities and risks are in the same document, persons looking for one type of information would have unnecessary access to the other and this can compromise confidentiality.

Moreover, risks and nonconformities are very different types of information, and this is also why it makes sense to keep them separate. 

This article will provide you a further explanation about records management:

• Records management in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/11/24/records-management-in-iso-27001-and-iso-22301/

These materials will also help you regarding records management:

• Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/

Environmental Objectives

As far as I understand your question, you are asking for examples of environmental objectives.

For example, for a Construction company you can think about:

• Reducing waste sent to landfills
• Reduce hazardous waste production
• Increasing waste recycling
• Reduce water consumption at each construction site
• Reduce CO2 emissions from transport used for each construction site 

For each objective you have to set clear targets and time frame. For example: Reducing waste sent to landfills, can become – Reuse at least 50% of demolition waste during the year of 2021. – Responsibility – Person A

Please check this information below with more detailed answers:

• How to Use Good Environmental Objectives - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/how-to-use-good-environmental-objectives/
• Examples of ISO 14001 objectives based on the different company sizes - https://advisera.com/14001academy/blog/2019/10/22/iso-14001-objectives-examples-for-different-company-sizes/
• Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
• Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/
   

Clause 6.1

Clause 6.1 is about determining risks and opportunities and evaluate its importance to decide about the need to develop action plans.

For example, an organization while updating the context analysis (clause 4.1) determined some internal and external issues with positive and negative connotations:

Then, they started to make combinations between:

1. Strengths and Opportunities
2. Strengths and Threats
3. Weaknesses and Opportunities
4. Weaknesses and Threats 

They determined

1. Develop innovative products to take advantage of the premium market less influenced by after pandemic economic crisis
2. Develop innovative products to minimize competition in commoditized products
3. Difficulty in finding a product engineer may hinder the ability to take advantage of the premium market
4. Difficulty in finding a product engineer may hinder the ability to by-pass price competition

You may realize that:

1. Is an opportunity
2. Is an opportunity
3. Is a risk
4. Is a risk 

You may evaluate these risks and opportunities based on probability and importance (severity or gain)

I use the interested parties’ point of view to evaluate the importance of risks and opportunities.

For example, one interested party are the owners of the organization. What do they want, what do they need, what do they expect?

• Profit
• Brand awareness
• Market share

So, based on this interested party point of view you can determine if each risk and opportunity is important. For example, because profit is relevant for the owners, you may conclude that all those risks and opportunities are critical to maintain or improve profits during a downturn.

Hope this tip can help you with your clients.

The following material will provide you more information:

• How to identify the context of the organization in ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/how-to-identify-the-context-of-the-organization-in-iso-90012015/
• How to determine interested parties and their requirements according to ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/11/10/how-to-determine-interested-parties-and-their-requirements-according-to-iso-90012015/
• Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
• Book – Discover ISO 9001:2015 Through Practical Examples –https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
   

First steps towards ISO 27001

First is important to note that ISO 27001 does note require gap analysis, and we do not recommend it for small organizations (i.e., up to 100 employees), because due to this size it is easier to go directly to the implementation of the standard.

Broadly speaking, after getting support for your project (through approval of the ISMS project plan) and approval of the Procedure for Document and Record Control, you should consider these steps:

1. defining ISMS basic framework (e.g., scope, objectives, organizational structure), by understanding the organizational context and requirements of interested parties;
2. development of risk assessment and treatment methodology;
3. perform a risk assessment and define the risk treatment plan;
4. controls implementation (e.g., policies and procedures documentation, acquisitions, etc.);
5. people training and awareness;
6. controls operation;
7. performance monitoring and measurement;
8. perform an internal audit;
9. perform management critical review; and
10. address nonconformities, corrective actions, and opportunities for improvement.

To see how documents compliant with ISO 27001 look like, I suggest you take a look at the free demo of our ISO 27001 Documentation Toolkit at this link: https://advisera.com/27001academy/iso-27001-documentation-toolkit/

This article will provide you a further explanation about ISMS implementation:

• ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/

These materials will also help you regarding ISO 27001 implementation:

• Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
• ISO 27001 Foundations Course at this link: https://advisera.com/training/iso-27001-foundations-course/ 

Information security in project management

In short, you can think about the inclusion of information security in project management as if you are going to implement a small ISMS that will fit the project's needs and be proportional to the project's lifetime and budget.

Considering that, these are some evidence you should consider:

• definition of information security objectives and include them in the project objectives, the same way you define information security objectives for an ISMS aligned with the organization's objectives, the only difference is that these objectives are restricted to the scope of the project.
• initial and regular information risk assessment in the project and identification of applicable legal requirements, like you would do it with other business processes, to identify necessary controls (the controls you mentioned should be based on this step)
• evidence related to the implemented controls (e.g., backup media, in the control A.12.3.1 Information backup is implemented).

This article will provide you a further explanation about Information security in project management:

• How to manage security in project management according to ISO 27001 A.6.1.5 https://advisera.com/27001academy/what-is-iso-27001/

Auditing Extrusion

As you know, your control plan starts with the incoming inspection process and shows all the stages of the shipment process to the customer. Therefore, all these processes should be audited as manufacturing process audits according to your control plan. In fact, these processes should be audited until the shift they work, and auditors should audit shift changes. Because all these processes play a critical role in providing products to the customer and in case of deficiency, they will return to you as a customer complaint and as you know the 8D process starts.

For more information, please read the following articles:

• Five Main Steps in an IATF 16949:2016 Internal Audit  https://advisera.com/16949academy/knowledgebase/five-main-steps-in-an-iatf-169492016-internal-audit/
• How to make an Internal Audit checklist for IATF 16949:2016 https://advisera.com/16949academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iatf-16949/