Search results

Documentation storage

ISO 9001:2015, clause 7.5.2 b) states that documents and records can be in any media, paper or digital.

Some organizations keep digital documents and records on digital form and simultaneously keep in paper form all those that at some moment during its life cycle have to be in a paper, for signatures for example. More than ISO 9001:2015 requirements I would check if is there any legal obligation in your country of keeping signed contracts in paper form.

The following material will provide you more information:

• Article - How to set up document approval/withdrawal within your QMS based on ISO 9001:2015 - https://advisera.com/9001academy/blog/2016/04/12/how-to-set-up-document-approvalwithdrawal-within-your-qms-based-on-iso-90012015/
• Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
   

Complaint on ISO certified company

Yes, you can. Anyone who feels that an organization, while certified, is not meeting the requirements of the standard, can always formally complain to the certification body that issued the certificate. Normally, they can have a lot of authority over the company and they don’t want to see their certificate being badmouthed.

Can Risk Assessment be automated?

Risk assessment requires a lot of analysis and evaluation work to be done, and today most of these activities cannot be simply automated, because some decisions require a human feeling and perception of the business environment that a machine cannot properly evaluate. However, some activities you can make use of automated tools are:

• collect data from existing databases (e.g. to help identity assets if an asset-threat-vulnerability risk assessment approach is used)
• compare data gathered with risk level limits to warn about risks that require further analysis
• organize and present data for decision making.

This article will provide you a further explanation about the use of tools:

• When to use tools for ISO 27001/ISO 22301 and when to avoid them https://advisera.com/conformio/blog/2021/06/24/toolkit-vs-conformio-which-is-more-applicable-for-my-company/

Distance between server sites

Most regulations and industry practices do not define any specific distance to recovery sites, because many factors can affect what would be considered a “safe” distance (e.g., type of disaster, access to public services, risk level, etc.). From our experience, we suggest you start a discussion suggesting a distance between 30 miles (50 kilometers) and 100 miles (160 kilometers) away from your primary location and from that analyze your organization's context (a geographic situation, available resources, required investment, etc.).

This article will provide you a further explanation about the distance of recovery site:

• Disaster recovery site – What is the ideal distance from primary site? https://advisera.com/27001academy/knowledgebase/disaster-recovery-site-what-is-the-ideal-distance-from-primary-site/

This material will also help you regarding the distance of the recovery site:

• Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/

ISO 9001 punto del diseño y desarrollo

Si realiza algún tipo de diseño y desarrollo, entonces esta cláusula sí que aplica a su organización. Por ejemplo, en el caso de la capacitación, sí que aplicaría la cláusula 8.3 - Diseño y desarrollo si su empresa elabora el material de capacitación o la metodología de aprendizaje. No aplicaría si recibiesen los materiales de capacitación que van a impartir, por ejemplo en el caso de que un organismo gubernamental sea el encargado de suministrar los contenidos que van a utilizar.  

En el caso de validación de equipos probablemente no aplique el numeral, ya que su organización se estará basando en una metodología ya establecida para tal fin.

Para más información sobre la aplicabilidad de la cláusula de diseño y desarrollo, vea los siguientes materiales:

- What clauses can be excluded in ISO 9001:2015: https://advisera.com/9001academy/blog/2015/07/07/what-clauses-can-be-excluded-in-iso-90012015/2015/

- ISO 9001 design process explained: https://advisera.com/9001academy/blog/2013/11/05/iso-9001-design-process-explained/

- Curso de fundamentos de la norma ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/

- Libro - Discover ISO 90001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

Which tool to use for unstructured data?

Yes, the email address is considered personal data when refers to an individual (i.e. name@domain.com, name.surname@domain.com). Email can also contain other personal data, like the signature, or information in the text box. However, GDPR requires to comply with its requirements for every personal data you process either electronically or not (paper-based documents, phone calls, etc.).

If you need to learn how GDPR works, I suggest you follow our online free foundation course:

• EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

We also developed a Toolkit to help you to implement GDPR requirements inside your activity.

• EU GDPR Documentation Toolkit: https://advisera.com/eugdpracademy/eu-gdpr-documentation-toolkit/ 

• Selection and approval criteria for new suppliers according to IATF 16949

  We certainly have a very robust and multidisciplinary selection process in place as you mentioned. This question was entirely asked for the sub-dealers or representatives working with our approved suppliers. It is pleasing to see that we share the same views on every detail you mentioned. Thank you very much.Best regards

   

• Global background checks

  Guidelines for background checks as you requested require legal expertise, which are out of our line of business (expertise in ISO management systems).

  What we can offer you is a list of some legal requirements per country in this post:

  • Laws and regulations on information security and business continuity https://advisera.com/27001academy/knowledgebase/laws-regulations-information-security-business-continuity/

  Please note that this list does not cover all countries nor is fully up-to-date because it depends on voluntary contributions from our readers. To make sure you have the latest list of laws and regulations related to background checks,  it would be best to hire a local legal adviser.

  Regarding the impact of such background checks in complying with the certification, if they are done under the applicable legal requirements that are relevant to the ISMS scope, they will not negatively impact the certification process

  This article will provide you a further explanation about the background checks:

  • How to perform background checks according to ISO 27001 https://advisera.com/27001academy/blog/2018/03/26/how-to-perform-background-checks-according-to-iso-27001/

• Compliance with ISO 45001

  ISO 45001 has some mandatory procedures and records that need to be kept, and these are indicated in the standard with the use of the term “documented information”. When ISO 45001 uses this term, it means you need to document this information; with the additional requirement that when you determine you will have a nonconformance if you don’t document, then you need to document. It is important to remember that Iso 45001 is not just about writing documents though, the important thing is to have the necessary processes for your OHSMS to prevent injury and ill health.

  You can find our full assessment of the mandatory documents in the whitepaper: Checklist of Mandatory Documentation Required by ISO 45001, https://info.advisera.com/45001academy/free-download/checklist-of-mandatory-documentation-required-by-iso-45001

• Principles of Quality Management System

  Try to see the world from their point of view: What is in it for me? What can I gain from it? What present pain could be removed? What future success could be attained?

   

  The following material will provide you more information:

  • Article - Gaining employee buy-in for your ISO 9001:2015 implementation - https://advisera.com/9001academy/blog/2015/12/15/gaining-employee-buy-in-for-your-iso-90012015-implementation/
  • Article - What are the benefits of ISO 9001 for your employees? - https://advisera.com/9001academy/blog/2016/06/14/what-are-the-benefits-of-iso-9001-for-your-employees/
  • Article - Six Key Benefits of ISO 9001 Implementation - https://advisera.com/9001academy/knowledgebase/six-key-benefits-of-iso-9001-implementation/
  • Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
  • Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/