Search results

How does IT prioritize the individual systems within each activity that IT has to enable?

Please note that after finishing the analysis you have activities prioritized and impacted assets, but you still did not decide on the strategy on how to provide those resources, so it is not possible to go directly to definition of resources to support the continuity and recovery plans.

For example, to support an 8 hour RTO, an organization can go for its own alternative site or work with a third-party provider, each option will have different resources to be allocated.

In another scenario, to ensure data availability, alternatives may be backup copies kept in another site, or outsource backup.

The main solution, i.e., the strategy, is decided by the top management, with support of business continuity staff, and only after that, you can start to think about resources to be allocated.

This article will provide you a further explanation about business continuity strategy:
- Can business continuity strategy save your money? https://advisera.com/27001academy/blog/2010/03/15/can-business-continuity-strategy-save-your-money/

This material will also help you regarding business continuity strategy:
- Developing the business continuity strategy according to ISO 22301 [free webinar on demand] https://advisera.com/27001academy/webinar/developing-the-business-continuity-strategy-according-to-iso-22301-free-webinar-on-demand/

Advantages and disadvantages of certification against ISO 27001 standard

I loved how you said that ISO 27001 certification can give you an enhanced competitive edge. My sister was at my house last night for dinner, and she was wondering what she could do to make her company. I'll pass this information along to her so that she can look into getting ISO 27001 certified.

Fire exit plan and ISO 14001

No, it is not mandatory, according to ISO 14001:2015, to have a written fire exit plan in a manufacture. Please check clause 0.5 where it states that ISO 14001:2015 does not include requirements specific for occupational health and safety.

Has a fire been identified as a relevant abnormal possible situation? Were environmental aspects and impacts related with fire determined and evaluated? Were they considered significant? If yes, the only requirement from ISO 14001:2015 is an action plan to prevent or mitigate the environmental impacts.

Please check below information about ISO 14001:2015:

• Article - Environmental aspect identification and classification - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/environmental-aspect-identification-and-classification/
• Article - Catalogue of environmental aspects - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/catalogue-of-environmental-aspects/
• Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
• Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/

Levels of ISO standards

There are no ISO 9001:2015 prescribed levels to determine the quality of raw materials, product, process and service. Each organization has the authority to determine the required levels based on complexity, experience of employees, past performance of suppliers, ability to detect problems and their impact on customer satisfaction or internal costs.

You can design the flow of activities from raw materials reception until product delivery to customers and then, based on the risk-based approach, you can ask:

• What can go wrong in this step?
• What can be the consequences?
• How easy it is to detect that wrong?

From here one can design a quality control plan. Don’t expect getting everything right at the first attempt. Use monitoring and measurement to fine tune frequency, sample size and verifications in the quality control plan.

You can find more information below:

• Article - Making the best out of ISO 9001 Quality Plan - https://advisera.com/9001academy/blog/2015/12/08/making-the-best-out-of-iso-9001-quality-plan/
• Free webinar on demand - Measurement, analysis, and improvement according to ISO 9001:2015 - https://advisera.com/9001academy/webinar/measurement-analysis-and-improvement-according-to-iso-9001-2015-free-webinar/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
   

Addressing nonconformities in ISO 9001

Let us look at ISO 9001:2015 clause 9.2.2 e)

As a good practice, after completing an internal audit the results should be reported to relevant managers, those with more knowledge and authority about the areas or processes audited. Not all nonconformities have the same importance. Some are minor failures and only deserve a correction. Others are more relevant and represent a systemic or major failure of the quality management system. So, major nonconformities require both a correction, the elimination of the nonconformity, and a corrective action, an action to eliminate the cause(s) of the nonconformity.

You can find more information below:

• Article - ISO 9001 – Difference between correction and corrective action - https://advisera.com/9001academy/blog/2016/02/09/iso-9001-difference-between-correction-and-corrective-action/
• Article - How to use root cause analysis to support corrective actions in your QMS - https://advisera.com/9001academy/blog/2016/03/01/how-to-use-root-cause-analysis-to-support-corrective-actions-in-your-qms/
• Article - How to proceed once a QMS corrective action is defined? - https://advisera.com/9001academy/blog/2016/09/20/how-to-proceed-once-qms-corrective-action-is-defined/
• Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
   

Launching environmental management programs

ISO 14001:2015 no longer mentions “environmental management programs”. However, organization scan still use the concept.

Based on strategic orientation and on its significant environmental aspects and impacts, organizations write an environmental policy with a set of commitments. Policy commitments are just words. Words that must be translated into a set of environmental objectives. Meeting the environmental objectives demands transforming the organization with a set of action plans. One can say that an environmental management program is a set of action plans in order to meet the environmental management system objectives.

For example, last year I worked with an organization that had two noncompliance concerning legislation:

• No monitoring of air emissions and non-approved version of chimney;
• No monitoring of environmental sound

Each one of these noncompliance situations gave origin to a specific action plan. The set of those two action plans could be called an environmental management program to deal with legislation. Another was about dealing with wastes, with two major individual action plans, one for wastes, and another for hazardous wastes.

Please check below information about ISO 14001:2015:

• Article How to Use Good Environmental Objectives - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/how-to-use-good-environmental-objectives/ (based on the previous version of ISO 14001)
• Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
• Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/
   

Importance of data quality and data protection

1. Why are data quality and data protection important in the organization?
2. When considering information data management as a business resource that needs to be governed. What should this governance ensure?
3. Using data from your data lake what do you need to consider related to GDPR?

Using customer's data from the questionnaire

Thank you. Am I permitted to create this privacy policy myself?

Yes, you can create it by yourself. Advisera has developed some templates to make it easy to develop your own privacy notice.

You can check out our document template here: EU GDPR document template: Privacy Notice https://advisera.com/toolkit-documents/eu-gdpr/privacy-notice/

Should individuals receive this privacy policy if they've chosen to share their contact details with me?

Individuals should read and consent to your privacy policy when filling your questionnaire. You can insert a link on a questionnaire to allow individuals to read your privacy notice.

Environmental management manual

What is the purpose of an environmental management manual?

Answer:

ISO 14001:2015 does not require an environmental management manual. Organizations may decide having one or not. So, if one organization decide to have an environmental management manual it is free to determine a purpose for it. Working with organizations, I advise the creation of an environmental management manual as a document to present the environmental management system, its policy, its main processes, its documents and main responsibilities.

why language is so important in writing operating procedures?

Answer:

Language is important while writing operating procedures because we want a document to be clear, to be precise, to be able to be understood by those who will read and apply it.

Please check below information about ISO 14001:2015:

• What is an environmental management system manual? - https://advisera.com/14001academy/knowledgebase/what-is-an-environmental-management-system-manual/
• How to structure ISO 14001 documentation - https://advisera.com/14001academy/blog/2016/11/28/how-to-structure-iso-14001-documentation/
• Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
• Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/