Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Non-Conformity 10.1 and 10.2

    1. Since we already have the Templates for the Topic “Non-Conformity 10.1 and 10.2” in our Toolkit, Could you please give some examples of kinds of Non-Conformity.

    A good non-conformity statement has three topics:

    • observed fact
    • requirement not fulfilled
    • objective evidence

    An example of non-conformity statement may be:

    Changes that can affect information security are not being properly controlled, compromising the effectiveness of the control A.12.1.2- Change management Control, and clause 8.2 - Information security risk assessment. Evidence: "The serial number of server *** in the production environment is ABC1234, while the serial number recorded for the same server in the inventory of assets is FGH6789," or "The change made on the server *** at DD/MM/YYYY, according to maintenance schedule plan from Jan-2018 does not identify the change request that authorized the change," and "there is no evidence that a risk assessment was performed for the server change."

    • observed fact: Changes that can affect information security are not being properly controlled
    • requirement not fulfilled: control A.12.1.2- Change management Control, and clause 8.2 - Information security risk assessment
    • objective evidence: "change made on server *** at DD/MM/YYYY" and the lack of risk assessment

    You should note that writing a non-conformity requires some level of knowledge of the standard and practice of performing audits.

    I suggest you take a look at our free ISO 27001:2013 Internal Auditor Course to know more about audits at this link: https://advisera.com/training/iso-27001-internal-auditor-course/

    2. Can the Main Deviations marked by the Lead Auditor in Pre-Audit be taken as Non-Conformities?

     A non-conformity is something not performed as planned, or result not expected, which would be a deviation, so you can consider the deviations marked by the Lead Auditor in Pre-Audit as non-conformities

  • ISO 9001 Process Approach

    ISO 9000:2015 about the process approach states that consistent and predictable results are achieved more effectively and efficiently when activities are understood and managed as interrelated processes that function as a coherent system. 

    What motivates your Directors? Getting results!

    So, why not using the need to meet desired results or avoid undesirable results to start using the process approach and start showing results? Last week I used the process approach in a company with a problem of financial fines imposed by a client because of late deliveries. This week I used the process approach in a company with a big complaint from an important client. You can start using the process approach as a tool to solve performance challenges, that way you will be getting future allies in the use of the process approach not in a reactive but in a proactive way.

    I use the process approach to reduce variability, as a lever to meet objectives, to design competency requirements, to determine job descriptions with sound responsibilities and authorities, to determine risks and opportunities.

     

    You can find more information about the process approach below:

  • EU GDPR Readiness Assessment - Supervisory Authority

    "On Q23, of EU GDPR Readiness Assessment

    23) Is a process in place to ensure the appropriate supervisory authority is notified within 72 hours of a confirmed data breach?

    Who would the "Supervisory Authority" be? If in US, who? If in EU who?

    Supervisory Authority is your own country Data Protection Authority as established in article 51 GDPR.

    You can find the full list of Data Protection Authorities in the following link.

    If you are based in the US, you may have a representative in the EU and therefore you will notify the Data Protection Authority of the country where your EU representative under article 27 GDPR is located.

    If you do not have an EU representative (i.e. your data processing is occasional), and you are based in the US, you should, in any case, follow the Federal Trade Commission’s guidelines on data breach: https://www.ftc.gov/tips-advice/business-center/guidance/data-breach-response-guide-business

    Useful resources for complying with EU GDPR: https://advisera.com/eugdpracademy/knowledgebase/useful-links/

     

    Basically, who is to be notified within 72 hours of confirmed data breach?"

    According to article 33 GDPR, the data controller must notify the data breach to its own country data protection authority without undue delay and within 72 hours. If there is a risk for freedom and rights of data subjects, it may be requested to notify the data breach to data subjects in order to allow them to take precautions. Paragraph 86 of the Preamble of GDPR states that such notification shall be made without undue delay within 72 hours or in accordance with the Supervisory Authority instructions.

    Here you can find some useful resources about Data protection Authorities:

    You may also consider enrolling in this online EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

  • ISO/IEC 17025:2017 accreditation timeline

    We are vetting an opportunity to expand our lab for Heavy Metal testing and pathogen testing (salmonella). What type of timeline would you suggest after a lab is fully operational including ISO/IEC 17025:2017 accreditation?   Best guess in getting a lab certification set up? I’m assuming some amount of time before lab is operational to get application data submitted and then some amount of time after the lab is operational to validate procedures, processes, etc. and then finally third party validation. Is this a fair assessment?

    I would not be able to accurately predict a timeframe. This will depend on your situation and resources. Processes, including technical competencies for people and equipment need to be established; validations and calibrations performed; procurement of materials made, including reference materials; and enrolment and participation in an interlaboratory proficiency scheme need to be complete. If all is available and implementation is efficient, typically it would take a minimum of 3 months to implement and then on the application for accreditation, it is typically another 3 months at least before assessment.

    Accreditation assessment starts with a document review by the accreditation body, so it may be possible to complete certain activities, such a complete your audit program, and perhaps management review between applying and the initial assessment.

    The effective implementation of an ISO 17025 provides the grounding to achieve consistency. It is a balance between urgency and thoroughness.

    Have a look at the free Diagram of ISO 17025 Implementation Process https://info.advisera.com/17025academy/free-download/diagram-of-iso-17025-implementation-process

    We also have a Free webinar – What are the steps in the ISO 17025 accreditation process? at https://advisera.com/17025academy/webinar/what-are-the-steps-in-the-iso-17025-accreditation-process-free-webinar-on-demand/

    Other recommendations? I noticed that the site mentions familiarity training. Are you all an approved certified body for ISO17025 audits?"

    The toolkit can be purchased with varying amount of support and review of documents. This you can use as part of your internal audits. Performing third-party audits is not within the scope of the ISO 17025 Academy. A Pre-audit check workshop (1-hour training on audit preparation) is available.

    See the ISO 17025 toolkit at https://advisera.com/17025academy/iso-17025-documentation-toolkit/, in the Compare Toolkit Options Section for more detail.

  • Marco de gestión para la calidad de servicios

    Los requisitos para cumplir con la norma ISO 9001:2015 son los mismos. Es decir, debe comenzar haciendo un análisis GAP que va a ayudarle a detectar los requisitos de la norma con los que aún no cumple. Esta herramienta puede encontrarla de forma gratuita en nuestra web - Herramienta de análisis de brecha ISO 9001:  https://advisera.com/9001academy/es/herramienta-analisis-de-brecha-iso-9001/

    Posteriormente puede comenzar determinando las cuestiones internas y externas de su organización, es decir, el contexto de la organización. Esto va a ayudarle a definir el alcance de su sistema de gestión de calidad. Luego ya podría seguir escribiendo la política de calidad, los objetivos de calidad, abordar los riesgos y oportunidades, etc. En este artículo puede encontrar cada uno de los pasos necesarios para implementar la norma - Checklist of ISO 9001 implementation and certification steps: https://advisera.com/9001academy/knowledgebase/checklist-of-iso-9001-implementation-certification-steps/

    La gran diferencia de una empresa de tecnologías de la información con el resto de organizaciones es que una vez que el producto está diseñado, ya no requiere del proceso de producción como en la industria manufacturera, por lo que el diseño y desarrollo es la producción y el proceso debe cumplir con los requisitos de ambas cláusulas 8.3 (diseño y desarrollo de productos y servicios) y 8.5 (provisión de productos y servicios) al mismo tiempo.

    Para más información sobre la gestión para la calidad de servicios de tecnologías de información, vea los siguientes materiales:

    - Artículo - Case study: Design and development in the software industry: https://advisera.com/9001academy/blog/2017/02/08/case-study-design-and-development-in-the-software-industry/

    - Curso gratuito en línea - Fundamentos de ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/

    - Libro - Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

     

  • ISO 14001 importance

    ISO 14001 is the one that is certifiable. The other environmental standards are mostly about specific topics, not about a whole environmental management system. Many organizations, while implementing an ISO 14001 environmental management system use other standards as an aide.

    Here - STANDARDS BY ISO/TC 207 Environmental management - https://www.iso.org/committee/54808/x/catalogue/p/1/u/0/w/0/d/0 - you can see the whole ISO 14000 family of standards.

    Please, check also this article - List of Environmental Management Standards and Frameworks - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/list-of-environmental-management-standards-and-frameworks/

  • ISO 9001 scope

    An organization with multiple functional sites (similar functions) can have the same scope for all sites. For example, a certified organization can have one certification and include in the same certificate with one scope a list of the different locations included.

    The following material will provide you more information about the scope:

  • ISO 14001 benefits for mining companies

    Benefits that miners and mining enterprises have found from implementing a certified ISO 14001 EMS include:

    • ISO 14001 registration for market recognition, and stakeholder and regulatory appreciation 
    • Gain a capital of goodwill and trust from the neighborhood and local authorities 
    • Reduced environmental risk and liability, an advantage over competitors 
    • Cost savings through waste reduction, recycling, energy and water conservation 
    • Effective management practices to achieve and improve environmental performance 
    • Continual, progressive improvement to reap economic benefits 
    • Increased recognition of environmental issues for timely prevention 
    • Awareness of individual roles and environmental protection responsibilities 
    • Improved personnel awareness of sharing environmental management responsibility
    • Lower insurance costs; lesser fines or fines avoided altogether.

    You can find more information about ISO 14001 benefits below:

  • Environmental Management system benefits

    Benefits that miners and mining enterprises have found from implementing a certified ISO 14001 EMS include:

    • ISO 14001 registration for market recognition, and stakeholder and regulatory appreciation
    • Gain a capital of goodwill and trust from the neighborhood and local authorities
    • Reduced environmental risk and liability, an advantage over competitors
    • Cost savings through waste reduction, recycling, energy and water conservation 
    • Effective management practices to achieve and improve environmental performance 
    • Continual, progressive improvement to reap economic benefits 
    • Increased recognition of environmental issues for timely prevention 
    • Awareness of individual roles and environmental protection responsibilities 
    • Improved personnel awareness of sharing environmental management responsibility 
    • Lower insurance costs; lesser fines or fines avoided altogether.
       

    You can find more information about ISO 14001 benefits below:

  • How to define authorities

    Authority is about the power of decision, the power of command. Responsibility is about obligation. For example, an operator may have the responsibility to perform quality control and identify the nonconforming product (he or she has the obligation to do it, he or she is expected to do it), and may not have the authority to decide what to do with the identified nonconforming product.

    An organization can be modeled as a set of interrelated processes. Each process can be described through a flowchart:

    https://www.screencast.com/users/ccruz5284/folders/Default/media/f3c7f757-6356-4d5b-83e4-bcec5c23d474

    Responsibilities are those activities that someone has to perform without alternatives.

    Authorities are those activities where someone has the power to stop the process, has the power to make decisions about the process. For example, in the flowchart above the Production operator has the authority, has the power to decide when is the process ready to start normal production. For example, in a commercial context someone has the responsibility to write a proposal, and someone has the authority to approve the proposal before sending to the customer. For example, in a warehouse context someone has the responsibility to identify the need to order a component, and someone has the authority to approve that need, and another person may have the authority to choose the supplier.

    The following material will provide you with information about roles and responsibilities:
Page 385-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +