Search results

Marketing in QMS

ISO 9001:2015 is not about departments. ISO 9001:2015 promotes the process approach. So, while modelling your organization as a set of processes you may decide to not include the Financial or the Marketing departments. The only requirement is that applicable ISO 9001:2015 clauses are treated in your processes and procedures or instructions.

• Please check our free webinar on demand – The Process Approach - What it is, why it is important, and how to do it - https://advisera.com/9001academy/webinar/iso-9001-process-approach-free-webinar-on-demand/
• Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/ 
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ 

ITIL vs ISO 20000

ITIL Expert is highest personal certification (according to the, previous, v3). ISO 20000 is international standard for IT Service Management aimed for the organizations (although, individuals can be also educated and certified in ISO 20000). So, if you are an ITIL Expert, that doesn't mean your organization is ready to be ISO 20000 certified. But, being ITIL Expert can help a lot if you are implementing ISO 20000.

This article can help you clarify differences (and similarities) between ITIL and ISO 20000 " ITIL vs. ISO/IEC 20000: Similarities and Differences & Process Mapping" https://info.advisera.com/20000academy/free-download/itil-vs-iso-iec-20000-similarities-and-differences-process-mapping

Effectiveness of the EMS

First, what does effectiveness stand for? Effectiveness is about achieving planned results.
What are the main planned results for an environmental management system? Its environmental objectives.

So, does your organization have good environmental objectives? Are those environmental objectives in line with the environmental policy commitments (Continual improvement, Prevention of pollution, compliance with legal and other requirements)? Are those environmental objectives about the most significant environmental aspects and impacts of your organization? Fuel consumption? CO2 emissions? Used lubricant oils? Used tires and other wastes?
Are your environmental objectives being met?

The following material will provide you information about environmental management systems:

• How the transportation business can benefit from identifying environmental aspects according to ISO 14001 - https://advisera.com/14001academy/blog/2016/05/09/how-the-transportation-business-can-benefit-from-identifying-environmental-aspects-according-to-iso-14001/
• Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
• Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/

Standard changes under ITIL

Acctually, ITIL defines standard changes as low cost - low risk changes. So, for example, if you have routine software update (usually low cost / low risk task) - you need to define roles and responsibilities, flow of activities but you don't need to approach it like you described (many successfull updates and than it's - standard change).

Here is more about standard changes "Tips and tricks for using the ITIL standard change mechanism" https://advisera.com/20000academy/blog/2017/06/27/tips-and-tricks-for-using-the-itil-standard-change-mechanism/

BCP

According to ISO 22301, a Business Continuity Plan must contain:

• Purpose, scope, and users
• Reference documents
• Assumptions
• Roles and responsibilities
• Key contacts
• Plan activation and deactivation
• Communication plan
• Incident response
• Physical sites and transportation
• Order of recovery for activities
• Recovery plans for activities
• Disaster recovery plan
• Required resources
• Restoring and resuming activities from temporary measures

This article will provide you further explanation about BCP content:

• Business continuity plan: How to structure it according to ISO 22301 https://advisera.com/27001academy/knowledgebase/business-continuity-plan-how-to-structure-it-according-to-iso-22301/

This material will also help you regarding BCP content:

• Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/

Clause for Context of Organization

ISO 45001 includes clause 4 for context of the organization, and this entire clause asks you to identify the organization that you are creating an OHSMS for through 4 sub-clauses. In the sub-clauses, 4.1 asks that you identify the internal and external issues that could affect your OHSMS (this is also calluses context of the organization), clause 4.2 asks you to identify interested parties and their needs and expectations, clause 4.3 asks that you identify the scope of your OHSMS (where the OH&S rules will apply) and finally clause 4.4 includes overall requirements to establish, implement, maintain and improve the OHSMS.

You can learn more about some of these sub-clauses in the following articles:

Defining the context of the organization according to ISO 45001, https://advisera.com/45001academy/blog/2016/02/03/defining-the-context-of-the-organization-according-to-iso-45001/

Determining interested parties according to ISO 45001, https://advisera.com/45001academy/blog/2018/03/14/determining-interested-parties-according-to-iso-45001/

How to determine scope of the OH&SMS, https://advisera.com/45001academy/blog/2015/12/09/how-to-determine-scope-of-the-ohsms/

Framework and performance

ISO 14001 sets out the requirements for an environmental management system. It helps organizations improve their environmental performance through more efficient use of resources, like raw materials and energy, and reduction of waste, gaining a competitive advantage.

The following material will provide you information about environmental management systems:

• 6 Key Benefits of ISO 14001 - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/6-key-benefits-of-iso-14001/
• Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
• Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/

Statement of acceptance document

You should get some kind of acknowledgement from your staff that they have read your company internal security documentation - this can be done by signing Statement of acceptance, or by e.g. tracking their activities through a document management system, or by simply confirming they have read the documentation through email. This should be done by all people who need to read the security documents.

ISO 27001 re-certification

Due to accreditation bodies definition, certifications bodies must conclude the re-certification process before the expiration date. If it is not concluded by this date, the certification will expire and the organization will have to start the certification process all over again (i.e. it will lose its certificate number).

Considering that, certification bodies recommend the re-certification audit to be performed on a date that will give time for organizations to handle the event they don’t pass the renewal audit (e.g., because of a major non-conformity). This date is normally tow at most months before the expiration date.

A.12.5.1 Vs A.12.6.2

No separate document is required.

Please note that control A.12.5.1 only requires a procedure for software installation to be implemented, but it does not require you to be specific about which users can install software. If you require restriction for users (e.g., only IT staff can install software or end-users only have install rights under specific conditions), you will need to complement procedure with recommendations of control A.12.6.2.