Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Internal auditor qualification

    Assessor qualification for CQI-9 Heat Treatment process audit are;

  • Be an experinced quality management system internal auditor (IATF 16949:2016 and ISO 9001:2015)
  • Assessor shall have a heat treatment process knowledge. Minimum 5 years experince' in heat treatment or combination of normal metallurgical education and heat treating experince totalling a minmum 5 years.
  • Assessor shall have a process knowledge and be famillar of automotivge core tools including APQP,PPAP,FMEA,SPC,MSA 

Fore more information, please read the following article

  • Requirements of competence of IATF 16949:2016 internal auditors https://advisera.com/16949academy/blog/2017/10/19/requirements-for-competence-of-iatf-16949-internal-auditors/

  • ISO 9001 procedures for forwarding and organizational context

    I want to ask about what procedures that i need for forwarding (logistic and transportation) should fill for the certification?

    Answer:

    ISO 9001:2015 does not require any procedure as mandatory. Please check clause 4.4.2, it is up to each organization to decide what procedures are needed based on complexity and competence of people, for example. 

    and how about the organizational context?

    Answer:

    Again it is not mandatory. I, as a consultant recommend developing a procedure for the context, interested parties and risk.

    You can find more information about mandatory documents below:

    - List of mandatory documents required by ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/
    - Remember, procedures and processes are not the same thing - ISO 9001:2015 process vs. procedure – Some practical examples - https://advisera.com/9001academy/blog/2016/01/19/iso-90012015-process-vs-procedure-some-practical-examples/
    - How to structure quality management system documentation - https://advisera.com/9001academy/knowledgebase/how-to-structure-quality-management-system-documentation/
    - Free on-line training – ISO 9001:2015 Foundations: https://advisera.com/training/iso-9001-foundations-course/
    - Book - Managing ISO Documentation: A Plain English Guide - https://advisera.com/books/managing-iso-documentation-plain-english-guide/
     

  • ISO/IEC 27001:2013 ISMS Document Implementation

    I need to write up a draft an ISMS document that meets the ISO 27001 requirement for an SME. Could someone please guide me on where I can find a template of one? Otherwise, can someone provide the headings that I should include in the document, please.

  • ISO 45001 procedures

    There are many procedures within the ISO 45001 OHSMS, and although the ISO 45001 standard gives requirements of what needs to be included, each company or organization needs to tailor the procedures they create to their unique situation. The ISO 45001 standard give descriptive requirements of what needs to be included in processes, but not prescriptive requirements that tell you how you must apply the requirements or write procedures as these differ from company to company and country to country.

    You can find out more about the required documentation of ISO 45001, including explanation of each, in the whitepaper: Checklist of Mandatory Documentation Required by ISO 45001, https://info.advisera.com/45001academy/free-download/checklist-of-mandatory-documentation-required-by-iso-45001

  • ISO 9001 implementation time

    2 people with 50 hours each is the same as saying 2 people full time on the project. There are several variables to consider in determining the duration of an implementation project. Please test our – ISO 9001 Implementation Duration Calculator - https://advisera.com/9001academy/iso-9001-duration-calculator/

    As a rule of thumb consider that small organizations up to 50 employees could implement ISO 9001:2015 in 6-8 months.

    You can find more information about ISO 9001 implementation below:

    - How long does it take to implement an ISO 9001-based QMS? - https://advisera.com/9001academy/blog/2016/07/05/how-long-does-it-take-to-implement-an-iso-9001-based-qms/
    - Free webinar on demand - Overview of ISO 9001 implementation steps - https://advisera.com/9001academy/webinar/overview-of-iso-9001-implementation-steps-free-webinar-on-demand/
    - Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
    - Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
     

  • Assets of Threats Diagram

    If I understood correctly, you want a diagram to show the relationship between assets and threats.

    Considering that, first is important to note that for certification purposes ISO 27001 does not require such a diagram. By including it in the toolkit, it would only make it unnecessarily complex.

    If you need this diagram for other purposes, you can find an example on how to build such a diagram in this link: https://info.advisera.com/27001academy/free-download/diagram-of-iso-270012013-risk-assessment-and-treatment-process

    This diagram shows the ISO 27001 Risk Assessment and Treatment process, considering an asset – threat – vulnerability approach.

  • Risk treatment plan

    Good evening, I am drafting a security plan for the information assurance of an institution's computer platform. I would like to know the correct way to generate the necessary studies and the reports of recommendation and applicability for the respective assurance.

    I'm assuming you are elaborating a risk treatment plan. Considering ISO 27001, the process to create a risk treatment plan is:

    • develop a risk assessment and risk treatment methodology
    •  perform risk assessment
    • perform risk treatment
    • develop the risk assessment and risk treatment report
    • develop the statement of applicability
    • develop the risk treatment plan

    These articles will provide you further explanation about Risk assessment and treatment:

    To see how documents used in a risk assessment and risk treatment process look like, I suggest you take a look at the free demo of our ISO 27001/ISO 22301 Risk Assessment Toolkit at this link: https://advisera.com/27001academy/iso-27001-22301-risk-assessment-toolkit/

    These materials will also help you regarding Risk assessment and treatment:

  • Certification requirements

    Acceptable evidence of competence for ISO 27001 are based on experience, training or education.

    Considering that, an internal audit certification is not required if you can provide other evidences, like statements of previous employers about internal audits performed by this person, or it is visible from the CV that the person has experience both in ISO 27001 and auditing.

    This article will provide you further explanation about internal auditor:

    This material will provide you further explanation about internal auditor:

  • Service Management Plan in ISO20000-2018

    Hi Branimir,

    Thanks for the information! This helps a lot!

    Regards,

    Rene

  • Questions about ISO 27001

    1. Do I need to put a justification if I didn't choose any of Annex A controls?

    ISO 27001 requires a justification not only for every control from Annex A deemed as applicable but also for not applying controls. This is so to ensure that all controls where considered and that there are conscious reasons to not use controls deemed as not applicable.

    For further information, see:

    2. If one of control is applicable but some of that control content are not, Does I need to put justification on each point? Example: in code of practice, A.9.1.1 there's points from a to k if point J, K are not applicable shall I need to add a justification for not choosing them?

    If I understood you correctly, you are mentioning the content of ISO 27002, a supporting standard for implementation of ISO 27001.

    Considering that, please note that justifications are only related to ISO 27001 Annex A, which mentions only control objectives and a general description of the control (not details from ISO 27002). This way, you do not need to justify if only part of the recommendations from ISO 27002 are applied.

    For further information, see:

    3. if I wrote the access control policy and my scope is cloud and applications running on the cloud, and there is point in the policy applicable to some of the applications but not applicable to the rest should I add a justification for this?

    Please note that the risk assessment results will provide the necessary justification for applying an access control policy to some applications and not for others (i.e., risks for some applications are deemed unacceptable and will be treated by means of an access control policy, while other applications will not have risks requiring the application of this control).

    For further information, see:

    4. how can I identify controls and consequences in Risk identification?

    Please note that controls are identified during risk treatment after you have identified the risks.

    Regarding the identification of consequences, when using the asset-threat-vulnerability approach, you should consider the participation of personnel with knowledge on the asset, in the environment where it operates, and which depends on the asset. These are the most capable people to identify what can happen if the asset is compromised.

    For further information, see:

    These materials will also help you regarding risk assessment and risk treatment:

     
    • Page 434-vs-13485 of 1127 pages

    Didn’t find an answer?

    Start a new topic and get direct answers from the Expert Advice Community.

    CREATE NEW TOPIC +