Search results

Meaning of "Log" in Contingency Plan

As you know, the effectiveness of contingency action plans should be checked by testing or simulation methods according to risk level to customers. When testing and/or simulation is done or when a real event occurs, details should be recorded in the "log" line with the date, time, etc. You can use the ‘’log’’ line for this reason.

A.8.3 Media handling

Please note that in ISO 27001, the word "media" refers to both electronic and paper, so all these controls can be applied to paper media.

This article will provide you a further explanation about paper media:

• Why is ISO 27001 applicable also for paper-based information? https://advisera.com/27001academy/blog/2019/01/21/why-is-iso-27001-applicable-also-for-paper-based-information/

This material will also help you regarding ISO 27001 controls:

• ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/

Designing management system by business processes vs clauses

Because the process approach describes your organization and how it works every day in a way that people understand. Normally, in an organization, people do not know ISO 9001 clauses. It is easier to visualize the flow of work than memorize the clauses:

• Identify materials and components need;
• Select suppliers and place an order (clause 8.4)
• Control quality on reception (clauses 8.4 and 8.6)
• Use measurement resources you can trust (clause 7.1.5)
• Treat nonconformities on reception (clause 8.7)
• Identify materials and lot number (clause 8.5.2)
• Store materials and components at the warehouse (clause 7.1.4)
• Use competent people in this process with clear responsibilities and authorities (clauses 5.3, 7.1.6 and 7.2)

I became a fan of the process approach before the ISO 9001:2000 version because I used to work based on the clauses of the standard. When working with a service company, an interim work company, I had to always explain the standard to people. One day I decided to do a major flow of how they worked and it was a miracle, they understood it and I've never had to explain the standard content again.

The following material will provide you more information:

• Article – ISO 9001: The importance of the process approach - https://advisera.com/9001academy/blog/2015/12/01/iso-9001-the-importance-of-the-process-approach/
• Free webinar on-demand - The Process Approach - What it is, why it is important, and how to do it - https://advisera.com/9001academy/webinar/iso-9001-process-approach-free-webinar-on-demand/
• Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
• I base this book in the process approach - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

Control measure for material handling

The OH&S control measures that need to be put in place for material handling will vary greatly depending on the type of materials handled and the machines used; additionally, the legal requirements for the areas in question need to be taken into account as this can dictate the controls needed.

For instance, if a lift truck is used then the safety considerations of training the driver may need to be considered, as well as the safety considerations for the fuel used (such as propane storage). If, on the other hand, you use only hand powered trucks to move your material then these safety controls would be different, such as PPE for foot injury.

You can learn more about the levels of control that can be considered in the article: 5 levels of hazard controls in ISO 45001 and how they should be applied, https://advisera.com/45001academy/blog/2015/09/02/5-levels-of-hazard-controls-in-iso-45001-and-how-they-should-be-applied/

Numbering documents

According to ISO 9001:2015 clause 7.5.2 a) you do not need to number the documents; you need to have a methodology to identify each document. You can use numbers or titles, for example.

The following material will provide you more information:

• Some tips to make Document Control more useful for your QMS - https://advisera.com/9001academy/blog/2014/05/20/tips-make-document-control-useful-qms/
• Procedure for Document and Record Control - https://advisera.com/9001academy/documentation/procedure-document-record-control/
• Free online training ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
• Book - Managing ISO Documentation: A Plain English Guide - https://advisera.com/books/managing-iso-documentation-plain-english-guide/

Defining risk and opportunities

When you consider desired or expected results and due to uncertainty, you realize that you might not meet those results you are considering the influence of risks. Positive risks, also known as opportunities, help you meet or surpass desired results. Negative risks, risks, hinder your ability to meet those desired results.

ISO 9001:2015 does not require documenting risks and opportunities. So, organizations are free to decide if they document and how to document. I recommend organizations develop a register for risks and opportunities. That register can be global or per product/service, or per process, or per department.

For example, in the purchasing department you can identify risks such as:

• Selecting a bad supplier
• Receiving ordered material too late
• Receiving ordered material with quality problems

For example, in the purchasing department you can identify opportunities such as:

• Selecting a supplier with know-how that helps us develop innovative products
• Selecting a supplier that allows us to manufacture small amounts with fast response.

The following material will provide you more information:

• Risk-based thinking replacing preventive action in ISO 9001:2015 – The benefits - https://advisera.com/9001academy/knowledgebase/risk-based-thinking-replacing-preventive-action-in-iso-90012015-the-benefits/
• How to address risks and opportunities in ISO 9001 - https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
• How to identify risk significance in ISO 9001:2015 - https://advisera.com/9001academy/blog/2019/01/14/how-to-identify-risk-significance-in-iso-90012015/
• How to identify risk controls in ISO 9001:2015 - https://advisera.com/9001academy/blog/2019/01/21/how-to-identify-risk-controls-in-iso-90012015/
• Methodology for ISO 9001 Risk Analysis - https://advisera.com/9001academy/blog/2015/09/01/methodology-for-iso-9001-risk-analysis/
• ISO 9001:2015 Risk Management Toolkit - https://advisera.com/9001academy/iso-90012015-risk-management-toolkit/
• Please check this free webinar on-demand - Free webinar – How to implement risk management in ISO 9001:2015 - https://advisera.com/9001academy/webinar/how-to-implement-risk-management-in-iso-90012015-free-webinar/
• Enroll for the free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

ISO 9001 maintenance

Two recommendations:

• Improving the quality management system, making it more natural, and less an extra-work thing, simplifying it;
• Improving performance to provide additional motivation to keep and maintain the quality management system.

The following material will provide you more information:

• Focus your management system on the benefits - Six Key Benefits of ISO 9001 Implementation - https://advisera.com/9001academy/knowledgebase/six-key-benefits-of-iso-9001-implementation/ and What are the benefits of ISO 9001 for your employees? - https://advisera.com/9001academy/blog/2016/06/14/what-are-the-benefits-of-iso-9001-for-your-employees/
• In this free webinar on-demand you can find an invitation to develop and use relevant performance metrics for the business - Measurement, analysis, and improvement according to ISO 9001:2015 - https://advisera.com/9001academy/webinar/measurement-analysis-and-improvement-according-to-iso-9001-2015-free-webinar/
• Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
• Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

Nonconformities and corrections identified during and audit

ISO 27001 does not prescribe how to develop documents, so you can record nonconformities and corrections in the same document that you are using to capture risks, but we do not recommend such an approach.

The reason is that, if nonconformities and risks are in the same document, persons looking for one type of information would have unnecessary access to the other and this can compromise confidentiality.

Moreover, risks and nonconformities are very different types of information, and this is also why it makes sense to keep them separate. 

This article will provide you a further explanation about records management:

• Records management in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/11/24/records-management-in-iso-27001-and-iso-22301/

These materials will also help you regarding records management:

• Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/

Environmental Objectives

As far as I understand your question, you are asking for examples of environmental objectives.

For example, for a Construction company you can think about:

• Reducing waste sent to landfills
• Reduce hazardous waste production
• Increasing waste recycling
• Reduce water consumption at each construction site
• Reduce CO2 emissions from transport used for each construction site 

For each objective you have to set clear targets and time frame. For example: Reducing waste sent to landfills, can become – Reuse at least 50% of demolition waste during the year of 2021. – Responsibility – Person A

Please check this information below with more detailed answers:

• How to Use Good Environmental Objectives - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/how-to-use-good-environmental-objectives/
• Examples of ISO 14001 objectives based on the different company sizes - https://advisera.com/14001academy/blog/2019/10/22/iso-14001-objectives-examples-for-different-company-sizes/
• Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
• Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/
   

Clause 6.1

Clause 6.1 is about determining risks and opportunities and evaluate its importance to decide about the need to develop action plans.

For example, an organization while updating the context analysis (clause 4.1) determined some internal and external issues with positive and negative connotations:

Then, they started to make combinations between:

1. Strengths and Opportunities
2. Strengths and Threats
3. Weaknesses and Opportunities
4. Weaknesses and Threats 

They determined

1. Develop innovative products to take advantage of the premium market less influenced by after pandemic economic crisis
2. Develop innovative products to minimize competition in commoditized products
3. Difficulty in finding a product engineer may hinder the ability to take advantage of the premium market
4. Difficulty in finding a product engineer may hinder the ability to by-pass price competition

You may realize that:

1. Is an opportunity
2. Is an opportunity
3. Is a risk
4. Is a risk 

You may evaluate these risks and opportunities based on probability and importance (severity or gain)

I use the interested parties’ point of view to evaluate the importance of risks and opportunities.

For example, one interested party are the owners of the organization. What do they want, what do they need, what do they expect?

• Profit
• Brand awareness
• Market share

So, based on this interested party point of view you can determine if each risk and opportunity is important. For example, because profit is relevant for the owners, you may conclude that all those risks and opportunities are critical to maintain or improve profits during a downturn.

Hope this tip can help you with your clients.

The following material will provide you more information:

• How to identify the context of the organization in ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/how-to-identify-the-context-of-the-organization-in-iso-90012015/
• How to determine interested parties and their requirements according to ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/11/10/how-to-determine-interested-parties-and-their-requirements-according-to-iso-90012015/
• Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
• Book – Discover ISO 9001:2015 Through Practical Examples –https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/