Search results

Strategies for training employees in ISO 9001

Try small blocks of time with very specific objectives linked to business results or business benefits.

Use different approaches: classroom training; games that people play and simultaneously test topics related with ISO 9001 – ISO 9001 comes as answer to a problem and not as something pushed; on-job training where you start with what people do, with the purpose of what they do, with what can go wrong and how ISO 9001 can help minimize wrongs and increase rights.

The following material will provide you more information:

• Article - How to ensure competence and awareness in ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/how-to-ensure-competence-and-awareness-in-iso-90012015/
• Article - What are the benefits of ISO 9001 for your employees? - https://advisera.com/9001academy/blog/2016/06/14/what-are-the-benefits-of-iso-9001-for-your-employees/
• Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

Technical requirements for a physico-chemical lab

Thank you a lot for this answer. The links are also very useful for implementation.

Requirement for laboratory recognition scheme in BIS

1. What is the requirement for laboratory recognition scheme in BIS?

The National Standards Body of India, the Bureau of Indian Standards (BIS), specifies the requirements for their laboratory recognition scheme on their website, available at https://bis.gov.in/wp-content/uploads/2020/06/LRS_23062020.pdf. This scheme recognizes laboratories in India or outside India as suitable for carrying out testing activities assign to it, performed on behalf of Bureau. This includes accreditation to ISO 17025:2017, along with other statutory provisions. For example, there are additional prescriptive requirements for impartiality, in addition to ISO 17025 where the laboratory has to submit a signed undertaking and a code of ethics a prescribed format that they supply.

2. Which way it has to be aligned with BIS?"

The national Indian standard (BIS) IS/ISO/IEC 17025:2017 General Requirements for the Competence of Testing and Calibration Laboratories is identical to ISO/IEC 17025:2017. It is a mandatory requirement of the BIS laboratory recognition scheme that a laboratory is accredited to  ISO 17025:2017. All the test parameters of interest, prescribed in National Indian Standards must be included in the ISO 17025 scope of accreditation.

For further information on ISO 17025, these links may be of interest:

• The article What is ISO 17025? at https://advisera.com/17025academy/what-is-iso-17025/
• The Comparison matrices for ISO/IEC 17025 implementation solutions at https://advisera.com/17025academy/comparison/
• Diagram of ISO 17025 Implementation Process at https://info.advisera.com/17025academy/free-download/diagram-of-iso-17025-implementation-process
• The Advisera ISO/IEC 17025:2017 Documentation Toolkit at https://advisera.com/17025academy/iso-17025-documentation-toolkit/
• The Free webinar – What are the steps in the ISO 17025 accreditation process? at https://advisera.com/17025academy/webinar/what-are-the-steps-in-the-iso-17025-accreditation-process-free-webinar-on-demand/

Organizational context question

What is correlation about organization context & needs and expectations with environmental aspect?

Answer:

For example, an organization has determined these environmental aspects:

When that organization determined its internal issues registered this one:

• our wastewater treatment facility is becoming more and more incapable of treating all the wastewater due to strong production increase.

When that organization determined its interested parties and their needs and expectations registered these two:

• neighbors from the local community are a relevant interested party and they expect, they hope that the river beach can continue to be used and not be harmed by polluting discharges
• local authorities expect than environmental legislation is complied. 

Can you see a risk emerging from that internal issue here? Can you see how the interested parties make that risk critical? And all that related with environmental aspects.

It is mandatory to synchronize? If yes, how to synchronize it?

Answer:

No, it is not mandatory to synchronize, only if you found relevant interactions that can affect your relationship with the environment in significant ways. I hope I demonstrated above how to do it.

And how about risk & opportunity? What is difference with environmental aspect?

I hope the example and figure above showed the difference. Environmental aspects is about how your organization interacts with the environment. Risks and opportunities are about a potential deviation from the expected due to the presence of uncertainty.

Does a risk and opportunity have to assessed (quantitative)? 

Risks and opportunities should be evaluated but it is not mandatory to do it through a quantitative scale

Please check this information below with more detailed answers:

• Environmental aspect identification and classification - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/environmental-aspect-identification-and-classification/
• Catalogue of environmental aspects - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/catalogue-of-environmental-aspects/
• ISO 14001 risks and opportunities vs. environmental aspects - https://advisera.com/14001academy/blog/2016/03/21/how-does-product-life-cycle-influence-environmental-aspects-according-to-iso-140012015/
• Risks and opportunities in ISO 14001:2015 – What they are and why they are important - https://advisera.com/14001academy/blog/2016/03/07/risks-and-opportunities-in-iso-140012015-what-they-are-and-why-they-are-important/
• Free webinar - ISO 14001: Identification and evaluation of environmental aspects - https://advisera.com/14001academy/webinar/iso-14001-identification-and-evaluation-of-environmental-aspects-free-webinar-on-demand/
• ISO 14001 document template: Procedure for Identification and Evaluation of Environmental Aspects and Risks - https://advisera.com/14001academy/documentation/procedure-for-identification-and-evaluation-of-environmental-aspects/
• Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
• Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/
   

Individual or global aspect register

As far as I understand your question, it is preferable to keep an aspect and impact register per individual site. ISO 14001:2015 definition of environmental aspect states, “element of an organization’s activities or products” and when organizations want to evaluate the significance of a particular aspect and impact it is important to be aware of the specific situation. Different individual sites may have the same environmental aspects, but their significance can be very different.

Please check this information below with more detailed answers:

• Article - Environmental aspect identification and classification - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/environmental-aspect-identification-and-classification/
• Article - Catalogue of environmental aspects - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/catalogue-of-environmental-aspects/
• Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
• Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/
   

ISO 14001 questions

If I want to implement ISO 14001, how many % I need to have in legal requirements?

Answer:

Getting certification against ISO 14001:2015 requires complying with all applicable legal requirements?

Every single environmental aspect shall determine if can control or can influence?

Answer:

Yes, for every single environmental aspect an organization must determine if can control or influence.

Please check this information below with more detailed answers:

• Demystification of legal requirements in ISO 14001 - https://advisera.com/14001academy/blog/2014/10/01/demystification-legal-requirements-iso-14001/
• Environmental aspect identification and classification - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/environmental-aspect-identification-and-classification/
• Catalogue of environmental aspects - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/catalogue-of-environmental-aspects/
• Free webinar - ISO 14001: Identification and evaluation of environmental aspects - https://advisera.com/14001academy/webinar/iso-14001-identification-and-evaluation-of-environmental-aspects-free-webinar-on-demand/
• ISO 14001 document template: Procedure for Identification and Evaluation of Environmental Aspects and Risks - https://advisera.com/14001academy/documentation/procedure-for-identification-and-evaluation-of-environmental-aspects/
• Enroll for free in this course – ISO 14001:2015 Lead Auditor Course - https://advisera.com/training/iso-14001-lead-auditor-course/
• Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/
   

Benefits of ISO 9001 for food ingredients distributor

Yes, your company can apply ISO 9001 and be certified. Some of the benefits that normally accrue from certification and that are usually mentioned by organizations are: improvement of credibility and image; improvement of customer satisfaction and reducing costs due to unwanted variability.

The following material will provide you more information:

• Article - Six Key Benefits of ISO 9001 Implementation - https://advisera.com/9001academy/knowledgebase/six-key-benefits-of-iso-9001-implementation/
• Article - Gaining employee buy-in for your ISO 9001:2015 implementation - https://advisera.com/9001academy/blog/2015/12/15/gaining-employee-buy-in-for-your-iso-90012015-implementation/
• Article - What are the benefits of ISO 9001 for your employees? - https://advisera.com/9001academy/blog/2016/06/14/what-are-the-benefits-of-iso-9001-for-your-employees/
• Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
   

Risks and opportunities vs environmental aspects

Determining environmental aspects is determining how an organization interacts with the environment. For example:

Determining risks and opportunities of an organization, according to ISO 14001:2015, is based on its environmental aspects, compliance obligations, and context and interested parties.

For example, concerning environmental aspects we can have:

Since organizations have to consider the lifecycle of its products and services, do not forget to consider risks and opportunities around your products and services during use or final disposal.

For example, concerning compliance obligations, and context and interested parties we can have for example, the above organization can realize that neighbors (an interested party) are pressuring local authorities to not allow its expansion (an external issue) due to non-compliance with wastewater discharging legislation (compliance obligations) translated into river pollution.

Please check risk definition (3.2.10) on ISO 14001:2015 (effect of uncertainty). With environmental aspects and impacts we are considering normal, expected situations, like startup and closing down operations, but also abnormal and emergency situations. Whenever there is uncertainty there is risk or opportunities, there is a potential deviation from the expected.

About determining risks based on environmental aspects and compliance obligations I see that different organizations follow different approaches:

1. There are organizations that determine their environmental aspects and use a risk and opportunities assessment to determine its significant environmental aspects. (Please see the end of the second paragraph of Annex A.6.1.1 of ISO 14001:2015)

2. There are organizations that determine their environmental aspects evaluate them and determine the significant ones and use a risk and opportunities assessment to determine which ones need an action plan, and which ones need only to be monitored.

3. There are organizations that only apply the risk-based approach to the context part. In a certain way they are following the same approach as 1 without explicitly mentioning it.

Please check this information below with more detailed answers:

• Environmental aspect identification and classification - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/environmental-aspect-identification-and-classification/
• Catalogue of environmental aspects - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/catalogue-of-environmental-aspects/
• ISO 14001 risks and opportunities vs. environmental aspects - https://advisera.com/14001academy/blog/2016/03/21/how-does-product-life-cycle-influence-environmental-aspects-according-to-iso-140012015/
• Risks and opportunities in ISO 14001:2015 – What they are and why they are important - https://advisera.com/14001academy/blog/2016/03/07/risks-and-opportunities-in-iso-140012015-what-they-are-and-why-they-are-important/
• Free webinar - ISO 14001: Identification and evaluation of environmental aspects - https://advisera.com/14001academy/webinar/iso-14001-identification-and-evaluation-of-environmental-aspects-free-webinar-on-demand/
• ISO 14001 document template: Procedure for Identification and Evaluation of Environmental Aspects and Risks - https://advisera.com/14001academy/documentation/procedure-for-identification-and-evaluation-of-environmental-aspects/
• Enroll for free in this course – ISO 14001:2015 Lead Auditor Course - https://advisera.com/training/iso-14001-lead-auditor-course/
• Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/

Legal, regulatory, and contractual requirements

We are not legal experts, so our recommended approach is indeed for organizations to hire local expert advice to identify legal requirements that must be fulfilled to be compliant with the ISO 27001 and EU GDPR. An online search can help at the beginning of your work (for an overview), but local expert advise is highly recommended.

This article will provide you a further explanation about the identification of requirements:

• How to identify ISMS requirements of interested parties in ISO 27001 https://advisera.com/27001academy/blog/2017/02/06/how-to-identify-isms-requirements-of-interested-parties-in-iso-27001/

Risk assessment question

1. Pls correct me if my process is wrong, I have identified one risk title and risk level (High) after done risk assessment on one application, then this risk is treated by risk acceptance by risk owner in the period of acceptance time. Thus the risk level after this treatment I keep same level (High) and status close for the period of acceptance time then will be open again after period of acceptance time is over.

Your thinking process is correct (but instead of risk title you should consider call it risk statement). After accepting the risk, since you will not apply any control, you need to keep the risk level as high, until the next assessment.

But please note that to accept a high risk you need to have a robust justification, such as the effort and resources required to reduce the risk to an acceptable level is greater than the impact if the risk materializes.

For further information see:

• 4 mitigation options in risk treatment according to ISO 27001 https://advisera.com/27001academy/blog/2016/05/16/4-mitigation-options-risk-treatment-according-iso-27001/

2. Risk level of same risk title could be different or not after done risk assessment on different applications?
I do appreciate for your kind comment and support.

The same risk statement can be of different levels for different applications if they have different values for the organization.

For example, the risk of data loss due to malware can have different values if it occurs in a local inventory application and if it occurs in the payroll application.

This article will provide you a further explanation about risk assessment:

• ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/