Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Implementation of ISO 27001

    Hello Rhand Leal

    Thank you for your reply. I just wrote one policy. But thanks for your advise and further comments on the subject. Our problem is that the auditor already raised the nonconformity and I don't want to argue with him about this particular policy.

  • Preventive action

    Yes, you can say so.

    For example, risk-based thinking is seen as replacing preventive action in ISO 9001:2015. How does the risk-based approach work? Bearing in mind the objectives to be achieved, we ask: What can go wrong? What can prevent us from meeting them? So, we are not answering to a specific problem, we are answering to a potential non-conformity.

    You can get much more information in the following links:

  • Pricing a consultancy

    To do costing as a project you need to have as much information about the business processes as possible, to avoid an undetailed project that may cause you to underprice your service. The main problem here is not the tasks to be performed and documents to be created, but the effort required to perform them, since as greater the number of processes involved, the greater the effort and the number of documents.

    My suggestion is for you to make a mixed approach:

    • Elaborate a project with the information you have
    • In the tasks you are not sure about the total effort, state an assumption about the effort you expect to have (e.g., elaborate BC plans for 3 business process, interview 2 employees, etc.)
    • Define an hourly rate for additional hours considering all the hours you have for the planned project (normally this will be greater than the project's hourly rate)

    This way, if your assumptions are right, your project is well priced. In case you do not have all the needed information, the higher hourly rate will compensate for your additional effort, and as a bonus, your customers will have more incentive to help you detail the project because additional hours will cost them more than if they are executed as part of the project.

    To help you in your consulting career, I suggest you take a look at our ISO 27001 & ISO 22301 Consultant Toolkit at this link: https://advisera.com/27001academy/consultants/

    These materials will provide you a further explanation about elaborating a project:

  • Equipment Sitting and Protection A.11.2.1

    I am implementing this as we required by our customer, who are Banks. They advise we must adhere to the policies they do as we process their data. Yes we are a small business, only doing small home insurance repairs, however if fulfilling all their requirements means we become one of their preferred suppliers we will do it.

  • Backup policies

    ISO 27001 has a control specific for Information backup (control A.12.3.1 ), but it does not provide details about its implementation. For that, you should consider ISO 27002, a supporting standard that defines guidelines for information backup, such as definitions o backup periodicity, backup test, etc.

    To see how a backup policy compliant with ISO 27001 looks like, I suggest you see the free demo of our Backup Policy at this link: https://advisera.com/27001academy/documentation/backup-policy/

    This article will provide you a further explanation about backup:

  • Question about documents

    1. Most incoming documents, contracts, etc would be online. However, if they were to be paper only, how do we handle these?  Can we just scan?

     If you do not have any relevant risk or legal requirement preventing you to have this documentation only in electronic format, then you can scan them and use only an online version.

    For further information about handling paper documents, see:

    2. Also, what if an employee were to print a document?  Should we note that they are responsible for ensuring they are always referring to the latest version and that they must shred when a new one is available?

    Considering that your main document environment is electronic when there is a need to print a document, common practices are:

    • if this document is for temporary use only (e.g., for a couple of days, to be sent to external parties, etc.), it should be identified as a non controlled copy
    • if the document must be available for use in the workplace, it must have a responsible person identified for it, that has the responsibility to ensure the printed document is always in the current version and that obsolete versions are properly disposed of, or identified as obsolete if there is a need to keep such versions.

    This material will also help you regarding document management:

  • Directive legislation and rules in EMS

    ISO 14001:2015 requires compliance with compliance obligations (clauses 6.1.3 and 9.1.2). Different organizations belonging to different economic sectors in a same country have to comply with different compliance obligations. Different organizations belonging to the same economic sectors in different countries have to comply with different compliance obligations. The most common compliance obligations are legislation and regulation.

    You can find more information about ISO 14001 below:

  • Key Performance Indicators for a QMS

    I will give you some examples, but you must be aware that Key Performance Indicators (KPIs) should be aligned with the strategic orientation of an organization. A fast fashion retail organization may have some KPIs very different from those applicable to a luxury retail organization. And even about those that are common, they may be followed with a different set of priorities and mindset.

    • Gross profit, sales and cost of goods sold are the basic three
    • You can have average sales per purchase, sales per square foot, sales per visitors
    • You can have inventory to sales, return rate, backorder rate
    • You can have employee satisfaction.

    You can find more information below:

  • Cambio del alcance del servicio

    Para realizar un cambio en el alcance del Sistema de Gestión de Calidad debe tener en cuenta la revisión de cada uno de los procesos que lo integran, empezando por el contexto de la organización, por ejemplo: ¿el cambio en los límites del SGC implica una modificación en la determinación de las cuestiones externas e internas de la organización?. Por otro lado, deberá de revisar si hay modificaciones en las partes interesadas del SGC así como en sus necesidades y expectativas. A su vez, y ligado al contexto de la organización deberá de revisar los riesgos y oportunidades asociados al nuevo alcance definido y llevar a cabo las acciones necesarias para abordar los nuevos riesgos y oportunidades. 

    En resumen, la implementación de un cambio en el SGC tiene que realizarse sin afectar la integridad del mismoy debe llevarse a cabo con un plan de implantación del cambio . Por otro lado, es necesario que se informe al líder de gestión de los cambios para que ponga el cambio en conocimiento de las personas relevantes y puedan programarse las acciones necesarias. 

    Finalmente al cambiar el alcance debe de ponerse en contacto con la entidad de certificación para llegar a un acuerdo y obtener su confirmación

    Para más información sobre cambios en el alcance de la organización, puede ver los siguientes materiales:

    - Artículo - Cómo definir el alcance del SGC de acuerdo con la ISO 9001:2015: https://advisera.com/9001academy/pt-br/kit-de-documentacao-da-iso-9001/nowledgebase/como-definir-el-alcance-del-sgc-de-acuerdo-a-la-iso-90012015/

    - Artículo - QMS change management in 7 steps: https://advisera.com/9001academy/blog/2016/11/29/qms-change-management-in-7-steps/

    - Formación gratuita online - Curso de Fundamentos ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/

    - Libro - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Quality audit steps

    Describe the steps in conducting a quality audit, key inputs, activities and outcomes in each step..??
Page 404-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +