Search results

SoA and selection of control A.11.2.9 Clear desk and clear screen policy

1. How much there is room for modifying the procedure concerning the control, if there is only need for the clear screen policy but no need for a clear desk policy?

The templates are fully editable, so you can modify them freely to fulfill your needs.

2. Can one select the control as applicable on SoA and then write procedure concerning only the clear screen policy (or if required adapt the clear desk policy only concerning specific areas such as conference rooms, reception area, etc.?

In a situation where you do not have relevant risks or legal requirements (e.g., laws, regulations, or contracts) related to the clear desk, you can write a procedure only related to a clear screen.

You also can adapt the policy to have only a separate clear desk policy covering specific areas.

But please note that separating the clear desk and clear screen in different policies does not make much sense and may add unnecessary administrative work to maintain both policies (most probably the places where you have information on both electronic and physical media will have sensitive information on both media, which can be treated by a single policy).

This article will provide you a further explanation about the clear desk and clear screen:

• Clear desk and clear screen policy – What does ISO 27001 require? https://advisera.com/27001academy/blog/2016/03/14/clear-desk-and-clear-screen-policy-what-does-iso-27001-require/

How to become ISO/IEC 17025 certified and cost associated

I do not know who can and how much it is to become certified 

Please note that the correct term is accredited, not certified; as it involves formal recognition of competence.

The process involves implementation of ISO/IEC 17025:2017 by establishing systems, processes and documentation; followed by evidence of implementation and maintenance in order to apply for accreditation.

Accreditation involves contacting your national accreditation body or selecting one if you have a choice; application and then a competency assessment. The costs will depend on the accreditation body. You will need to request a quotation. In awarding accreditation, the accreditation body attests to your laboratory’s competence to provide consistently valid results through meet the requirements of 17025. An accreditation certificate, which details your scope of accreditation is then issued.

how often we will need to be re-certified.

There is an accreditation cycle of 4 to 5 years, with a number of followup assessments. The first is 6 to 12 months after initial accreditation is awarded. At the end of the cycle, a full re-assessment is made again (as if you were applying for the first time).

Have a look at our free webinar on demand - What are the steps in the ISO 17025 accreditation process? It includes explanation of the application process, and the accreditation cycle, and is available at https://advisera.com/17025academy/webinar/what-are-the-steps-in-the-iso-17025-accreditation-process-free-webinar-on-demand/ 

EMS for wastewater treatment

If you have a wastewater treatment that is operating effectively and complying with legislation and permits then develop an environment management system should be relatively straightforward.

Start with a self-assessment compliance checklist to list the initial gaps between ISO 14001:2015 requirements and your organization’s current environmental practices and performance. As long as you have top management support, any sound environmental management system starts with a clear identification of environmental aspects and impacts and its evaluation, and with an identification of any compliance obligations. Then, you have to plan your implementation project about how to improve environmental aspects situations and meet your environmental objectives aligned with an environmental policy. For a wastewater treatment plant that is operating effectively your organization may have already implemented procedures for operation and control, for monitoring performance, for communicating performance to relevant interested parties, for preventing and responding to emergency situations.

Please check this information concerning specifically wastewater treatment:

• How ISO 14001 implementation helps wastewater treatment - https://advisera.com/14001academy/blog/2019/07/01/iso-14001-and-wastewater-treatment-required-processes/
• Guideline for Wastewater & Sewage Management - https://advisera.com/14001academy/documentation/guideline-for-wastewater-sewage-management/ 

If you are in a hurry to implement your environmental management system, perhaps our ISO 14001:2015 Documentation Toolkit - https://advisera.com/14001academy/iso-14001-documentation-toolkit/ can be useful.

Please check this information below relevant for implementing an environmental management system::

• How to use an ISO 14001 self-assessment compliance checklist - https://advisera.com/14001academy/blog/2019/12/04/iso-14001-self-assessment-checklist-how-to-use-it/
• List of ISO 14001 implementation steps - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/list-of-iso-14001-implementation-steps/
• Project checklist for ISO 14001 implementation - https://info.advisera.com/14001academy/free-download/project-checklist-for-iso-14001-implementation
• ISO 14001:2015 Implementation diagram - https://info.advisera.com/14001academy/free-download/iso-14001-2015-implementation-diagram
• Article - Environmental aspect identification and classification - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/environmental-aspect-identification-and-classification/
• Article - Catalogue of environmental aspects - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/catalogue-of-environmental-aspects/
• Free webinar on demand - How to use a Documentation Toolkit for the implementation of ISO 14001 - https://advisera.com/14001academy/webinar/how-to-use-a-documentation-toolkit-for-the-implementation-of-iso-14001-free-webinar-on-demand/
• Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
• Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/
   

ISO 14001 for all industries

Yes, it is. According to ISO organization, ISO 14001:2015 is applicable to any organization, regardless of size, type and nature, and applies to the environmental aspects of its activities, products and services that the organization determines it can either control or influence considering a life cycle perspective.

Please check below information about ISO 14001:2015:

• What is ISO 14001? - https://advisera.com/14001academy/what-is-iso-14001/
• Evolution of ISO 14001: The history of the leading environmental management standard - https://advisera.com/14001academy/blog/2020/01/21/history-of-iso-14001-why-is-it-so-popular/
• 6 Key Benefits of ISO 14001 - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/6-key-benefits-of-iso-14001/
• Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
• Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/

Preparation to comply with ISO 27001:2018

Please note that ISO 27001:2013 was last reviewed and confirmed in 2019, so the 2013 version remains current, without alterations.

The document released in 2018 was ISO 27000, which is a supporting standard, covering Information Security vocabulary.

Regarding preparation for ISO 27001 compliance, after getting support for your project (normally through approval of an ISMS project plan) and approval of a Procedure for Document and Record Control, you should consider these steps:

1. defining ISMS basic framework (e.g., scope, objectives, organizational structure), by understanding the organizational context and requirements of interested parties;
2. development of risk assessment and treatment methodology;
3. perform a risk assessment and define the risk treatment plan;
4.  controls implementation (e.g., policies and procedures documentation, acquisitions, etc.);
5. people training and awareness;
6. controls operation;
7. performance monitoring and measurement;
8. perform an internal audit;
9. perform management critical review; and
10. address nonconformities, corrective actions, and opportunities for improvement.

This article will provide you a further explanation about ISMS implementation:

• ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/

To see how documents compliant with ISO 27001 looks like, I suggest you take a look at our ISO 27001 Documentation Toolkit at this link: https://advisera.com/27001academy/iso-27001-documentation-toolkit/

These materials will also help you regarding ISO 27001 implementation:

• Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
• ISO 27001:2013 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

Labeling Instruments with calibration information

As far as I know, this requirement is from ISO/IEC 17025:2005(en) General requirements for the competence of testing and calibration laboratories.

Since I am not the expert for this standard, for more information please see the following article:

• What is ISO 17025? https://advisera.com/17025academy/what-is-iso-17025/

Also, you can see how some of the templates considering maintenance and calibration look like in our toolkit on the following link:

• Equipment and Calibration Procedure https://advisera.com/17025academy/documentation/equipment-and-calibration-procedure// 

For even more details, you can ask the ISO/IEC 17025 expert here: https://advisera.com/17025academy/free-consultation/

Clauses on document revisions and history

As you know IATF 16949:2016 standard also covers ISO 9001:2015 requirements.

ISO 9001: 2015 standard covers this subject. It is stated in section 7.5.2 Creating and Updating and 7.5.3.2 in the subparagraph c of control of changes section (e.g. version control).

It is not necessary to keep the document history, but in practice, companies are applied for convenience.

For more information, you can check out our IATF 16949:2016 Documentation Toolkit https://advisera.com/16949academy/iatf-16949-2016-documentation-toolkit/

Environmental aspects and impact vs risk assessment

Is evaluating aspects and its impact on environment and using a meaningful ranking system to identify the significant aspect and focus on taking actions to eliminate or mitigate the impacts on environment caused by the significant aspects same as identifying the risks that adversely affect the outcome of a Quality Management System and putting actions in place or in reserve to eliminate or mitigate its impact on QMS?

Control of External Providers

Thank you!