Search results

Home / Search

Category:
Select
Select

11277 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Product vs Service

    Yes, ISO 9000:2015 defines product as the output of an organization that can be produced without any interaction taking place between the organization and the customer. The same ISO 9000:2015 defines service as the output from an organization where at least one activity is necessarily between the organization and the customer.

    By the way, this theme is a theme that I follow with some attention. I prefer the approach of some marketing scholars that invite us to consider that everything is service. There is even a phrase that I like very much: "Everything is service. A product is an avatar of a service". More and more we see organizations that bet on co-development, co-production, co-creation with customers. When we receive in the mail a simple T-shirt with a message ordered by us. Is it a service or a product?

    The following material will provide you information about ISO 9001:

  • ISO 27K Competences

    ISO 27001 does not prescribe the CISO role, neither the competencies required to run an ISMS, but considering the requirements o the standard, if you have a CISO in your organization, you should consider at least these areas of competencies:
    - Standard: knowledge of ISO 27001 standard
    - Compliance: to identify interested parties and their requirements
    - Documentation: for the development of policies and procedures
    - Risk Management: to teach and guide employess during risk assessment and risk treatment process
    -Human resources management: to provide awareness and training activities

    These articles will provide you further explanation about CISO role and competencies:
    - Chief Information Security Officer (CISO) – where does he belong in an org chart? https://advisera.com/27001academy/blog/2012/09/11/chief-information-security-officer-ciso-where-does-he-belong-in-an-org-chart/
    - What is the job of Chief Information Security Officer (CISO) in ISO 27001? https://advisera.com/27001academy/knowledgebase/what-is-the-job-of-chief-information-security-officer-ciso-in-iso-27001/

  • Electronic signatures

    Certain procedures in our ISO 13485:2016 toolkit have described workflows (eg. customer complaint process, sales process, evaluation of suppliers). Workflows are not mandatory according to the ISO 13485:2016. 

    Advisera does not provide software for ISO 13845, therefore we do not have electronic signatures. The ISO 13485 Documentation Toolkit is only a set of documentation templates, this is not a software.

  • EU GDPR DPO Course - Retention Schedule - Module 4

    The data retention schedule helps the data controller and data processor to comply with the principle of minimization and to be accountable.

    Data controller and data processor need to evaluate how long they will need the data. Specifications may be inside laws (i.e. many tax and accounting law requires to keep records of transactions, bills, invoices up to ten years), inside contracts (especially for data processors who have instructions on how to handle data processed on behalf of the data controller inside the appointment as a data processor or inside instruction). The data retention schedule should be in line with all these requirements. Balancing the principle of minimization with the risks of data breach (which can be considered as data destruction based on a wrong data retention schedule).

    In your data retention schedule, you should also decide how to deal with data not covered by laws and regulations (i.e. applicants CVs) by establishing a principle in line with the period the data controller may need those data (i.e. until the job position has been covered).Therefore, specifications for data retention schedules may vary from case to case depending on the data processing.

    You can find more information here:- The role of the DPO in light of the General Data Protection Regulation: https://advisera.com/eugdpracademy/knowledgebase/the-role-of-the-dpo-in-light-of-the-general-data-protection-regulation/- How the GDPR could impact your HR department: https://advisera.com/eugdpracademy/blog/2018/02/22/how-the-gdpr-could-impact-your-hr-department/- Implementing 3 main accountability principles under the EU GDPR: https://advisera.com/eugdpracademy/blog/2017/09/27/implementing-3-main-accountability-principles-under-the-eu-gdpr/- Understanding 6 key GDPR principles: https://advisera.com/eugdpracademy/knowledgebase/understanding-6-key-gdpr-principles/

  • Definición y evaulación de indicadores

    Efectivamente el indicador clave de desempeño debe ser algo medible por sí mismo, si se evalúa desde 33 perspectivas distintas se convierte en algo complejo de medir y que puede dar lugar a resultados difíciles de interpretar. 

    Para definir los indicadores clave de desempeño o KPIs es necesario saber cuáles son los procesos existentes dentro del SGC y más tarde, definir sus elementos mas relevantes, ya que éstos serán el principal objetivo a medir por los indicadores clave de desempeño. Por ejemplo, en una empresa de producción, uno de los factores más relevantes será que los pedidos sean entregados en el tiempo establecido. Por ello, el tiempo que se tarda en realizar un producto podría ser considerado un indicador clave de desempeño. 

    Para más información sobre los indicadores clave de desempeño puede ver los siguientes materiales: 

    - Artículo - How to define Key Performance Indicators for a QMS based on ISO 9001: https://advisera.com/9001academy/24/define-key-performance-indicators-qms-based-iso-9001/-iso-9001/

    - Libro - Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

    - Curso de Fundamentos ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/

  • Product safety

    Yes, the issue of product safety is related to special characteristics and product safety characteristics are very important for the design and production of the product. These important requirements are determined during the product and production design process.

    For example, material hardness and tensile stress are very important safety characteristics for the durability of brake parts. These characteristics come from product design specifications, product drawing, and design FMEA.

    In addition, the hardness of the material is also affected by the heat treatment conditions in production, parameters such as temperature and time. Thus, production parameters such as temperature and time of heat treatment are the subject of product safety and they are also special characteristics related to safety for brake parts.

    Critical characteristics of the product and production process; it is defined by legal regulations, security and significant important critical characteristics.  All these characteristics have different symbols as ‘’R/S’’,’CC’,’’ SC’’ according to customer-specific requirements.

    All these characteristics; It comes from legal regulations, product drawings, product specifications, and production parameters that affect the health of production operators and the durability of the product.

    According to the IATF 16949 standard, Product Safety is relating to the design and manufacturing of products to ensure they do not represent harm or hazard to customers. As you know customers are Regulations, end-users (driver and passenger), OEM plants, the other manufacturing plants and production operators. 

    The customer should not be at risk of affecting the safety of the product. These special characteristics related to product safety is determined by regulation, product drawing  and which have to be monitored and controlled at the production point affecting the safety of the product.

    All these requirements must be transfer via product drawing, material specification, etc to the entire supply chain, and the entire supply chain must comply with the product and production-specific characteristics for product safety.

    For more information, please read the following article:

  • Ensuring product safety according to IATF 16949 https://advisera.com/16949academy/blog/2017/09/20/ensuring-product-safety-according-to-iatf-16949/

  • ISO 9001 y codificación del sistema

    La norma ISO 9001:2015 no exige ninguna forma obligatoria de codificación. Corresponde a la organización la elección de un sistema para el control de los documentos y registros, que es un requisito obligatorio de la norma aunque no especifica cómo hacerlo.

    Respecto al requisito de la cláusula 7.4 - comunicación de la norma ISO 9001:2015, no requiere ser documentado, por lo que depende de la organización si registrar o no la comunicación interna y externa y cómo hacerlo. 

    Para más información sobre la codificación y la comunicación en el SGC, vea los siguientes materiales: 

    - Articulo - Communication  requirements according to ISO 9001:2015: https://advisera.com/9001academy/blog/2016/11/01/communication-requirements-according-to-iso-9001-2015/

    - Artículo - Some tips to make document control more useful for your QMS: https://advisera.com/9001academy/blog/2014/05/20/tips-make-document-control-useful-qms/

    - Libro - Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

    - Libro - Gestión de documentación ISO: una guía en un lenguaje sencillo: https://advisera.com/books/gestion-de-documentacion-iso-una-guia-en-un-lenguaje-sencillo/

    - Curso de Fundamentos ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/

  • Risk Analysis

    I am creating documentation for Risk Management, The documentation says risk assessment, I want to know which GAP is missing or we are talking about the same. The requirement to be met is: Implement a formal information risk management process that includes the identification and classification of information assets, risk impact, risk probability and risk scores with quantitative definitions, risk treatments, definition of plans treatment, formal follow-ups, implementation of steering committee meetings and cycle re-visit in accordance with ISO-27005 and execute the first annual risk assessment

     I'm assuming you are referring to the ISO 27001/ISO 22301 Risk Assessment Toolkit when you say "La documentación dice evaluación de riesgo" (The documentation says risk assessment).

    Considering that, the toolkit covers all requirements for risk assessment and treatment defined by ISO 27001, which also recommends the adoption of ISO 27005 (there are no GAPs in the documentation). In the toolkit, you will find the following documents:

    • Risk Assessment and Risk Treatment Methodology
    • Risk Assessment Table
    • Risk Treatment Table
    • Risk Assessment and Treatment Report
    • Statement of Applicability
    • Risk Treatment Plan

    To see how the documents look like, please access the free demo at this link: https://advisera.com/27001academy/iso-27001-22301-risk-assessment-toolkit/

    This article will provide you further explanation about risk management for ISO 27001:

  • Audit checklist points

    Considering ISO 27001, please note that the activities users can perform remotely from home is based primarily on the management decision/business need, while the safeguards are determined according to the results of the risk assessment - the audit checklist must take all of these into account.

    Normally you should consider at least these points for an audit checklist:
    - who may telework (e.g., IT staff, sellers, managers on travel, etc.)
    - which services are available for teleworkers (e.g., development environment, invoicing systems, etc.)
    - which information can be accessed through telework (e.g., performance dashboards, list of customers, etc.); for more information, see: Information classification according to ISO 27001.
    - which access controls shall be applied before access to information and resources is granted (e.g., password, two-factor authentication, use of VPN on communication channels, etc.); for more information, see: How to manage the security of network services according to ISO 27001 A.13.1.2.
    - how devices and remote sites should be configured, protected, and used (e.g., devices with cryptography, no use of shared rooms to work, information backup, etc.)

    These articles will provide you further explanation about developing this checklist:
    - How to make an Internal Audit checklist for ISO 27001 / ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/
    - How to apply information security controls in teleworking according to ISO 27001 https://advisera.com/27001academy/blog/2021/10/27/how-to-use-iso-27001-to-secure-data-when-working-remotely/
    - What to include in an ISO 27001 remote access policy https://advisera.com/27001academy/blog/2019/04/23/iso-27001-remote-access-policy-how-to-develop-it/

  • Examples of environmental objectives for the painting department

    Good environmental objectives stem from the environmental policy. A good environmental policy includes the three commitments from ISO 14001:2015 (Continual improvement, Prevention of pollution, Compliance with legal and other requirements) and sets priorities for environmental improvement.

    What are the environmental improvement priorities? After the initial environmental survey is made, what are the most significant environmental aspects? In some organizations it may be the amount of hazardous waste they generate, in others it may be air emissions and its quality, in others it may be energy consumption.

    For example, in the last EMS implementation project where I worked, the first version of the environmental policy had 4 vectors:

    1. Improve air emissions;
    2. Reduce environmental noise;
    3. Reduce consumption of raw materials per unit produced; and
    4. Increase energy efficiency. 

    When the EMS reached certification, emissions and noise already complied with the legislation and the environmental policy was updated to focus on points 3 and 4

    Goal- general orientation – Example – Improve air emissions 

    Objective – more detailed information – Example – Reduce organic volatile compounds in our painting department

    Target - clear success criteria, how much, and when – Example - Reduce organic volatile compounds in our painting department by 20% in the next 12 months.

    The following material will provide you information about environmental policy and objectives:
Page 426-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +