Search results

The best way to calculate the carbon footprint

It should be noted that ISO 14001 does not discuss carbon footprint, but only requires that you identify issues and legal requirements that affect the EMS, and ensure you meet them. So, if carbon footprint is an external issue you need to address, or you have a legal requirements around calculating your carbon footprint, then this is not a required part of the EMS.

That being said, if you have a legal requirements on calculating your carbon footprint, and this legal requirement defines how you need to do so, then you should follow this. The same goes for any industry practices around calculating the carbon footprint, so that you can easily compare with others in your industry.

If these requirements do not exist, there is an ISO standard that gives guidelines on how to do carbon footprint; ISO 14067:2018, “Greenhouse gases — Carbon footprint of products — Requirements and guidelines for quantification” which will give some internationally recognized guidance on applying this practice.

For more information please see this article. While this article is about the previous version of this standard, it will give some good information on what the standard is about: What is ISO 14067:2013 and why is it useful for carbon footprint?, https://advisera.com/14001academy/blog/2017/05/30/what-is-iso-14067-2013-and-why-is-it-useful-for-carbon-footprint/

How comprehensive and specific should we describe the implementation methods in SoA?

Thank you for your question.

We answered it through Experta - you can find the answer here: https://experta.com/shared-post/076e2772-3efb-4557-8a6d-9558333d7e5d

Non-mandatory documents

Most of the non-mandatory documents on our website come from our experience in helping organizations comply with ISO 22301. These non-mandatory documents were identified by organizations as being helpful in implementing and operating their BCMS.

For example, ISO 22301 does not require organizations to document how they control documents and records, but having a procedure for that can facilitate communication and keep documents in a default format.   

This article can provide you with further information:

• 8 criteria to decide which ISO 27001 policies and procedures to write https://advisera.com/27001academy/blog/2014/07/28/8-criteria-to-decide-which-iso-27001-policies-and-procedures-to-write/

What do we do when our existing policies do not match Conformio's policies?

In terms of the standard, the question here would be: 
 
"What do we do if our guidelines and Conformio's do not match?"
 
In this case, the customer should choose the document that best complies with the standard. Sometimes the user's document is more strict than the one provided by Conformio, and this is not a problem as the user can upload the PDF version of their own document to Conformio and use it instead of the Conformio template. 
 
An alternative can be that the user includes the link to the page where the document is published in the Conformio template and explains to the customer that if he fulfills the requirements for document management in their Wiki platform it wouldn't be a problem. However, this means they would have to manage updating two different documents (the Wiki page, and the Conformio document), so it might be too complicated.

Teleworking Policy and IT Security Policy

Thank you for your question!

You can do that, but it is advisable that you mark the control that lists the Teleworking Policy as inapplicable in the Statement of Applicability so the step for Teleworking Policy is then hidden.

Risk treatment plan

Thank you for your question.

We answered it through Experta - you can find the answer here: https://experta.com/shared-post/356983f7-e736-474d-b864-81cb855154a8

CQI 17

For reference informed

3.4. Handling classified information

Thank you for your question.

We answered it through Experta - you can find the answer here: https://experta.com/shared-post/fdc70116-07a2-4725-b1ab-b81cd698870c

Custom Edit Documents

Thank you for your question.

We answered it through Experta - you can find the answer here: https://experta.com/shared-post/a195a94d-9059-4e02-ab72-90480d32fce6

Multiple scope in one certification

Our company is certified for meeting ISO 13485 requirements for the scope of design, development, manuafcture and sales of product for brand A. Our Parent company has requested to get certified for their brand (i.e Brand B) with the scope of manufacture aand sales of products. Would this be treated as a spearate certification and would require both stages of audits? or can be integrated with existing one as an extension of scope