Search results

Importance of ISO 9001 for Senior Management

What Senior Management wants to hear (and does understand) is profit, market share, client satisfaction, cost cutting, business strategy, and business risks. So, if you want to sell ISO 9001 implementation to Senior Management you should consider translating ISO 9001 benefits into a language that they understand. Consider this article - Six Key Benefits of ISO 9001 Implementation - https://advisera.com/9001academy/knowledgebase/six-key-benefits-of-iso-9001-implementation/ and try to translate each benefit into tangible results:

• Extra revenue from winning new customers that require ISO 9001 certification or implementation;
• Reducing costs due better efficiency;
• Less lost clients due to quality problems and complaints

You can find more information about ISO 9001 below:

• How to budget an ISO 9001 implementation project - https://info.advisera.com/9001academy/free-download/how-to-budget-an-iso-9001-implementation-project?utm_source=script-for-iso-9001-lead-implementer-course&utm_medium=downloaded-content&utm_content=lang-en&utm_campaign=free-downloads-9001
• Free webinar on demand - Overview of ISO 9001 implementation steps - https://advisera.com/9001academy/webinar/overview-of-iso-9001-implementation-steps-free-webinar-on-demand/
• Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
• ISO 9001:2015 Documentation Toolkit - https://advisera.com/9001academy/iso-9001-documentation-toolkit/ may be useful
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
   

Internal audit against all clauses of the standard

 During the certification audit, you need to provide evidence that you are fulfilling all standard requirements (from sections 4 to 10), and has implemented all controls stated as applicable in the Statement of Applicability.

Considering that, by not performing a full internal audit before the certification audit you are not fulling clause 9.2 b), because you are not ensuring all elements of the ISMS are effectively implemented and maintained.

After certification, you only need to align the internal audit activities according to the schedule of the surveillance audits, because the schedule will define what will be audited each year before the next certification audit.

These articles will provide you a further explanation about internal audit:

• Infographic: The brain of an ISO auditor – What to expect at a certification audit https://advisera.com/articles/infographic-the-brain-of-an-iso-auditor-what-to-expect-at-a-certification-audit/
• Surveillance visits vs. certification audits https://advisera.com/27001academy/knowledgebase/surveillance-visits-vs-certification-audits/

These materials will also help you regarding internal audit:

• ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
• Free online training ISO 27001:2013 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/

How does IT prioritize the individual systems within each activity that IT has to enable?

Please note that after finishing the analysis you have activities prioritized and impacted assets, but you still did not decide on the strategy on how to provide those resources, so it is not possible to go directly to definition of resources to support the continuity and recovery plans.

For example, to support an 8 hour RTO, an organization can go for its own alternative site or work with a third-party provider, each option will have different resources to be allocated.

In another scenario, to ensure data availability, alternatives may be backup copies kept in another site, or outsource backup.

The main solution, i.e., the strategy, is decided by the top management, with support of business continuity staff, and only after that, you can start to think about resources to be allocated.

This article will provide you a further explanation about business continuity strategy:
- Can business continuity strategy save your money? https://advisera.com/27001academy/blog/2010/03/15/can-business-continuity-strategy-save-your-money/

This material will also help you regarding business continuity strategy:
- Developing the business continuity strategy according to ISO 22301 [free webinar on demand] https://advisera.com/27001academy/webinar/developing-the-business-continuity-strategy-according-to-iso-22301-free-webinar-on-demand/

Advantages and disadvantages of certification against ISO 27001 standard

I loved how you said that ISO 27001 certification can give you an enhanced competitive edge. My sister was at my house last night for dinner, and she was wondering what she could do to make her company. I'll pass this information along to her so that she can look into getting ISO 27001 certified.

Fire exit plan and ISO 14001

No, it is not mandatory, according to ISO 14001:2015, to have a written fire exit plan in a manufacture. Please check clause 0.5 where it states that ISO 14001:2015 does not include requirements specific for occupational health and safety.

Has a fire been identified as a relevant abnormal possible situation? Were environmental aspects and impacts related with fire determined and evaluated? Were they considered significant? If yes, the only requirement from ISO 14001:2015 is an action plan to prevent or mitigate the environmental impacts.

Please check below information about ISO 14001:2015:

• Article - Environmental aspect identification and classification - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/environmental-aspect-identification-and-classification/
• Article - Catalogue of environmental aspects - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/catalogue-of-environmental-aspects/
• Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
• Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/

Levels of ISO standards

There are no ISO 9001:2015 prescribed levels to determine the quality of raw materials, product, process and service. Each organization has the authority to determine the required levels based on complexity, experience of employees, past performance of suppliers, ability to detect problems and their impact on customer satisfaction or internal costs.

You can design the flow of activities from raw materials reception until product delivery to customers and then, based on the risk-based approach, you can ask:

• What can go wrong in this step?
• What can be the consequences?
• How easy it is to detect that wrong?

From here one can design a quality control plan. Don’t expect getting everything right at the first attempt. Use monitoring and measurement to fine tune frequency, sample size and verifications in the quality control plan.

You can find more information below:

• Article - Making the best out of ISO 9001 Quality Plan - https://advisera.com/9001academy/blog/2015/12/08/making-the-best-out-of-iso-9001-quality-plan/
• Free webinar on demand - Measurement, analysis, and improvement according to ISO 9001:2015 - https://advisera.com/9001academy/webinar/measurement-analysis-and-improvement-according-to-iso-9001-2015-free-webinar/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
   

Addressing nonconformities in ISO 9001

Let us look at ISO 9001:2015 clause 9.2.2 e)

As a good practice, after completing an internal audit the results should be reported to relevant managers, those with more knowledge and authority about the areas or processes audited. Not all nonconformities have the same importance. Some are minor failures and only deserve a correction. Others are more relevant and represent a systemic or major failure of the quality management system. So, major nonconformities require both a correction, the elimination of the nonconformity, and a corrective action, an action to eliminate the cause(s) of the nonconformity.

You can find more information below:

• Article - ISO 9001 – Difference between correction and corrective action - https://advisera.com/9001academy/blog/2016/02/09/iso-9001-difference-between-correction-and-corrective-action/
• Article - How to use root cause analysis to support corrective actions in your QMS - https://advisera.com/9001academy/blog/2016/03/01/how-to-use-root-cause-analysis-to-support-corrective-actions-in-your-qms/
• Article - How to proceed once a QMS corrective action is defined? - https://advisera.com/9001academy/blog/2016/09/20/how-to-proceed-once-qms-corrective-action-is-defined/
• Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
   

Launching environmental management programs

ISO 14001:2015 no longer mentions “environmental management programs”. However, organization scan still use the concept.

Based on strategic orientation and on its significant environmental aspects and impacts, organizations write an environmental policy with a set of commitments. Policy commitments are just words. Words that must be translated into a set of environmental objectives. Meeting the environmental objectives demands transforming the organization with a set of action plans. One can say that an environmental management program is a set of action plans in order to meet the environmental management system objectives.

For example, last year I worked with an organization that had two noncompliance concerning legislation:

• No monitoring of air emissions and non-approved version of chimney;
• No monitoring of environmental sound

Each one of these noncompliance situations gave origin to a specific action plan. The set of those two action plans could be called an environmental management program to deal with legislation. Another was about dealing with wastes, with two major individual action plans, one for wastes, and another for hazardous wastes.

Please check below information about ISO 14001:2015:

• Article How to Use Good Environmental Objectives - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/how-to-use-good-environmental-objectives/ (based on the previous version of ISO 14001)
• Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
• Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/
   

Importance of data quality and data protection

1. Why are data quality and data protection important in the organization?
2. When considering information data management as a business resource that needs to be governed. What should this governance ensure?
3. Using data from your data lake what do you need to consider related to GDPR?