Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Corrective action

    Corrective action is about identifying the cause(s) of a nonconformity and eliminate them.

     

    Cause(s) are normally hidden and have to be investigated. So, developing a corrective action requires:

    • Analyzing the symptoms – collect information, facts, numbers, about the problem. For example, you can start with a problem called “Reduce customers complaints” and after this symptoms analysis you realize that you should concentrate on “broken bags” the main motive of complaints
    • Develop hypothesis – develop a list of potential causes behind broken bags. Select the most promising hypothesis. Find a way to test the validity of the most promising hypothesis. For example, complaints about broken bags are mostly about bags kept at the warehouse for long time
    • Develop a solution that will remove the confirmed hypothesis. For example, introducing First In, First Out rule at the warehouse. For example, improving production planning to avoid long stays at the warehouse.
    • Implement the solution and monitor its effectiveness.
       

    We can find more information below:

  • Quality culture

    Each retail clothing company has its own strategic orientation. Different techniques and methodologies may be used as a function of a particular strategic orientation. For example, for a company that is betting on the relationship with the customer, many studies conclude that everything starts with satisfied and happy employees, they will the corner stone for making customers return. Second topic is to model the target-customer. Include as much as possible every people of the company answering to these questions:

    • Who is our target customer?
    • What is that she or he is looking for and values more?
    • How can we improve what we offer in our stores?
    • How can we improve how we display what we offer in our stores?
    • How can we improve how we interact with consumers in our stores?
       

    Quality is about managing and leading an organization focused on consistently meeting customer requirements and enhancing their satisfaction.

    The following material will provide you information about culture:

  • Indicators for a process

    According to ISO 9001:2015 you must have at least one indicator per process. When one think about process indicators, one can think of three types:

    • Effectiveness indicators;
    • Efficiency indicators;
    • Quantity indicators.

    For me, the most important are the effectiveness indicators, they measure if the purpose of the process is being met.

    For example, for a company that has a strategic direction around innovation and has a process called “Develop new products” one can ask:

    - What is the purpose of such process?
    - Quickly develop new products that are market hits.

    Effectiveness indicators will measure “Quickly” and “hits”. For example:

    • Average time to market
    • Revenue from new products
    • Average price of new products

    Efficiency indicators are the classic QCD indicators:

    • Quality
    • Cost
    • Delivery

    For example, for a company that installs wireless networks for telecom companies, with a process called “Install network”, efficiency indicators can be:

    • Number of daily nonconformities raised by the customer
    • Actual network installation costs versus budgeted costs
    • On-time delivery percentage

    Quantity indicators give information about the need to manage resources accordingly. For example, number of incoming calls at a call center is a way of evaluating the need to contract more people to handle more calls without raising waiting time.

    Please consider our free webinar on demand - Measurement, analysis, and improvement according to ISO 9001:2015 - https://advisera.com/9001academy/webinar/measurement-analysis-and-improvement-according-to-iso-9001-2015-free-webinar/ There you can find the rationale for developing effectiveness indicators and a monitoring plan.

    On our free webinar on demand – The Process Approach - What it is, why it is important, and how to do it - https://advisera.com/9001academy/webinar/iso-9001-process-approach-free-webinar-on-demand/ you can find an example of a flowchart that describes the flow of activities, very useful to define efficiency indicators.

    The following material will provide you information about indicators:

  • ISO 13485 Manufacturing

    ISO 13485, Manufacturing of Thermometer, Ventilator, BP Measurement apparatus - what are the applicable regulatory requirements?

  • Determination of OH&S objectives

    While Iso 45001 does not use the term standard operating procedure (SOP), OH&S objectives and plans is often its own process in the OHSMS. In fact, clause 6.2 does not require that you document the process for OH&S objectives at all, only that you have documented the objectives and plans to achieve them. As long as you have written objectives and plans, how you determine them can be determined by top management without documentation.

    To find out more on the OH&S objectives, see the article: How to define ISO 45001 objectives and plans, https://advisera.com/45001academy/blog/2018/12/04/how-to-define-iso-45001-objectives-and-plans/

    While Iso 45001 does not use the term standard operating procedure (SOP), OH&S objectives and plans is often its own process in the OHSMS. In fact, clause 6.2 does not require that you document the process for OH&S objectives at all, only that you have documented the objectives and plans to achieve them. As long as you have written objectives and plans, how you determine them can be determined by top management without documentation.

    To find out more on the OH&S objectives, see the article: How to define ISO 45001 objectives and plans, https://advisera.com/45001academy/blog/2018/12/04/how-to-define-iso-45001-objectives-and-plans/

  • Risk treatment plan vs Statement of applicability

    Please note that the statement of applicability presents a summary of which controls are necessary, the justification for their inclusions, whether they are implemented or not, and the justification for exclusions of controls from Annex A, while the risk treatment plan documents which actions are necessary to implement the security controls you need, who is responsible for them, what are the deadlines, and which resources are required.

    In short, the purpose of the SoA is to describe the security profile of a company, while the purpose of the RTP is to define implementation responsibilities. 

    These articles will provide you a further explanation about the Statement of Applicability and Risk Treatment Plan:

    These materials will also help you regarding Statement of Applicability and Risk Treatment Plan:

  • ISO 27001-13 114 control

    There is no definitive answer about how many documents are "good enough" when we talk about ISO management systems because this depends on the unique context of each organization, results of risk assessment, and legal requirements.

    Our toolkits contain an optimum number of documents for companies of up to 200 employees, so you normally would not need any additional documents, but an organization may have legal requirements demanding additional documents not directly related to standard's requirements, or most common controls adopted by organizations.

    For example, the procedure for a penetration test is not commonly used, so it is not part of the toolkit, but you may have a contract with a customer requiring this specific document

    This article will provide you a further explanation about developing documents:

  • Documentation versioning

    ISO 27001 does not prescribe version control of documents, only that changes must be controlled (as applicable).

    Considering that, version control is one way to fulfill these requirements, but if you can fulfill this control of changes by other means (e.g. track change feature), you do not need to implement version control.

    This material will also help you regarding document management:

  • SoA justification for selection (of control)

    First is important to note that before you elaborate the SoA you need to perform the risk assessment and risk treatment steps, because these are required by the standard.

    The second topic of notice is that, broadly speaking, justifications to apply or not control are based on:

    • results of risk assessment
    • legal requirements (e.g., laws, contract, or regulations)
    • top management decision

    Considering that, if you do not have relevant risks or legal requirements to justify applying a control, you can state that the control is considered relevant to be applied by top management, as a good practice.

    These articles will provide you a further explanation about risk management and SoA:

  • ISO 27001 PCI DSS mapping

    We're not experts in PCI DSS, but this article from ISACA can provide you a comparison between ISO 27001 and PCI DSS: https://www.isaca.org/resources/isaca-journal/issues/2016/volume-1/comparison-of-pci-dss-and-isoiec-27001-standards

    These articles will provide you a further explanation about ISO 27001 and PCI DSS:
Page 400-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +