Search results

Internal and external issues in a recycling company

Internal and external issues are relevant topics that can influence the future of an organization. For example, governments can issue legislation that will affect the activity of a recycling company. Socials trends can influence how consumers and households react to recycling practices. About internal issues you can have, for example, experienced workforce, inflexible machinery or lack of capacity.

You can find more examples in this free webinar on demand - ISO 9001:2015 clause 4 - Context of the organization, interested parties, and scope - https://advisera.com/9001academy/webinar/iso-90012015-clause-4-context-of-the-organization-interested-parties-and-scope-free-webinar-on-demand/ (it is about ISO 9001 but I think it may be useful)

The following material will provide you more information:

• Determining the context of the organization in ISO 14001 - https://advisera.com/14001academy/knowledgebase/determining-the-context-of-the-organization-in-iso-14001/
• How to determine interested parties according to ISO 14001:2015 - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/how-to-determine-interested-parties-according-to-iso-140012015/
• Understanding the needs & expectations of interested parties in ISO 14001 - https://advisera.com/14001academy/blog/2017/04/03/understanding-the-needs-expectations-of-interested-parties-in-iso-14001/
• Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
• Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/

Safety culture

Providing a safety culture is critical to implementing ISO 45001, and the crucial step is in the example of top management. There is a saying that “management leads whether they mean to or not”, and this is equally important to a safety culture. If there is a rule that safety glasses need to be worn, but the president of the company never wears them in the area, then this tells people that the safety rules are not important; if top management tries to say safety is important in words, but not in actions, they the culture of safety will not happen. A culture of safety will only occur when the rules are known, understood, and equally applied to everyone; then you can work on maintaining and improving safety.

You can find out more about convincing top management about the OHSMS that are still applicable to ISO 45001 in the article: 4 crucial techniques for convincing your top management to implement OHSAS 18001, https://advisera.com/45001academy/blog/2017/08/30/4-crucial-techniques-for-convincing-your-top-management-to-implement-ohsas-18001/

Guidelines for getting a record retention policy

Considering ISO 13485:2016, in requirement 4.2.5 Control of records is stated that organization will keep records for at least the lifetime of the medical device, or as specified by applicable regulatory requirements, but not less than two years. It means that if a lifetime of your medical device is six months or one year, you need to keep records for at least two years. 

For more information, please read the following article:

• Common mistakes with ISO 13485:2016 documentation control and how to avoid them https://advisera.com/13485academy/blog/2018/03/14/common-mistakes-with-iso-134852016-documentation-control-and-how-to-avoid-them/

You can also check out our book for more information:

• Managing Iso Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/

• Filling templates

  Data Transfer Agreement template (Referenced in Cross Border Transfer Procedure):
  DTA for Controller -> Controller
  DTA for Controller -> Processor
  When to use which one?

• OHSAS to OHSMS

  OHSAS is the acronym for Occupational Health and Safety Assessment Series. This is from a series of standards that were issued by the British Standards Institute (BSI) in 1999, which included 2 standards; OHSAS 18001:1999 & OHSAS 18002:1999. On the other hand, OHSMS is the acronym for Occupational Health & Safety Management System. The OHSMS is all of the rules, policies, processes and procedures that an organization puts in place to continually improve OH&S performance, fulfil legal and other OH&S requirements and achieve OH&S objectives for the company. While OHSAS 18001:2007 previously provided the requirements for an OHSMS, now that ISO 45001:2018 has been released as the internationally recognized requirements for an OHSMS, it will replace OHSAS 18001:2007.

  You can find out more in the article: OHSAS vs. OHSMS: What is the difference, https://advisera.com/45001academy/blog/2019/10/16/ohsas-vs-ohsms-what-is-the-difference/

• Service as a Scope?

  Thanks for your answer!

• ISMS documents

  What formats should I use to comply with the clauses and controls of ISO27001. (For example, registration of the scope of the ISMS, SWOT - to know where the company is headed and determine its objectives and align them with the ISMS)

  ISO 27001does not prescribe the format to be used to elaborate documents, so organizations are free to develop them as better fits their needs, provided the clauses and controls statements are fulfilled.

  To see how documents compliant with ISO 27001 looks like, I suggest you take a look at the free demo of our ISO 27001 Documentation Toolkit at this link: https://advisera.com/27001academy/iso-27001-documentation-toolkit/

  These articles will provide you a further explanation about developing documents:

  • List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
  • 8 criteria to decide which ISO 27001 policies and procedures to write https://advisera.com/27001academy/blog/2014/07/28/8-criteria-to-decide-which-iso-27001-policies-and-procedures-to-write/
  • How to structure the documents for ISO 27001 Annex A controls https://advisera.com/27001academy/blog/2014/11/03/how-to-structure-the-documents-for-iso-27001-annex-a-controls/
  • Where to start from with ISO 27001 https://advisera.com/27001academy/knowledgebase/iso-27001-where-to-start-most-important-materials/

  These materials will also help you regarding developing documents:

  • Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/
  • ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

• Risk treatment options

  Please note that "risk transfer" is the general approach to treat risk, and according to ISO 27001 you need to specify which controls you will apply to implement this option (e.g. controls from section A.15 for suppliers and control A.13.2.2 Agreements on information transfer for third parties in general).

  These articles will provide you a further explanation about risk treatment:

  • 4 mitigation options in risk treatment according to ISO 27001 https://advisera.com/27001academy/blog/2016/05/16/4-mitigation-options-risk-treatment-according-iso-27001/
  • ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/

  This material will also help you regarding risk treatment:

  • Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/

• ISO 27701

  Up to this moment, ISO 27701 is not mandatory, and as with any new standard, it remains to be seen if it will become popular, i.e. useful.

  This article will provide you a further explanation about ISO 27701:

  • Relationship between ISO 27701, ISO 27001, and ISO 27002 https://advisera.com/27001academy/blog/2019/12/10/relationship-between-iso-27701-iso-27001-and-iso-27002/

• Can the certified auditor train others in the company?

  As per IATF 16949: 2016 standard; all system internal auditors must competent in the following.

  • ISO 9001:2015 standard requirements
  • IATF 16949:2016 standard requirements
  • Internal Auditors requirement with automotive process approach and  risk-based thinking
  • Core Tools (APQP, PPAP, FMEA, SPC, MSA requirements)

  If your current internal auditor is trained, competent, and your automotive customers do not have a special requirement in this regard; your internal auditor may provide this training to other employees.