Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11269 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
ISO 9001 pasos de certificación
Los pasos a seguir en la implementación y certificación son los siguientes:
1. Obtener el apoyo de la alta dirección que proporcione los recursos necesarios.
2. Identificar los requisitos de ISO 9001:2015 con los que tiene que cumplir la organización.
3. Definir el alcance de la organización, es decir los límites del sistema de gestión de calidad.
4. Definir los procesos y procedimientos necesarios para cumplir con la norma ISO 9001:2015 y asegurar resultados coherentes y adecuados con respecto a la calidad.
5. Implementar esos procesos y procedimientos que se han definido.
6. Llevar a cabo programas de formación y concienciación.
7. Elegir una entidad certificadora.
8. Operar el sistema de gestión de calidad y llevar a cabo las mediciones necesarias.
9. Llevar a cabo la auditoria interna
10. Realizar la revisión por la dirección.
11. Llevar a cabo las acciones correctivas pertinentes.
12. Realizar la auditoria de certificación, primero la fase 1 donde principalmente se revisa la documentacióny después la fase 2, que puede llevar varios días, donde se revisan los registros, procesos, etc..
En este artículo puede encontrar más información sobre los pasos a seguir - Checklist of ISO 9001 implementation and certification steps: https://advisera.com/9001academy/knowledgebase/checklist-of-iso-9001-implementation-certification-steps/
Para llevar a cabo el proyecto de implementación de la norma le recomiendo que primeramente atienda algún curso, como por ejemplo el de curso de Fundamentos ISO 9001:15 u otro más completo, como el de Implementador Líder (sólo disponible en inglés) - ISO 9001 Lead Implementer Course: https://advisera.com/training/iso-9001-lead-implementer-course/
Además estos materiales pueden ayudarle en la implementación y certificación de ISO 9001:2015:
- Libro - Descubra ISO 9001:2015 a través de ejemplos prácticos: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Curso de Fundamentos ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/ -
ISO 9001 Support Documents for Business Continuity Management
ISO 9001:2015 does not require Business Continuity Management. However, due to an explicit customer requirement or due to a risk analysis outcome an organization can decide to do Business Continuity Management.
Some years ago, working as a consultant for a subcontractor of an electric power company, we had to apply Business Continuity Management to minimize disruption during and after important storms. We used as a basis for work ISO ISO 22301. In this article - The basics of ISO 22301 - https://advisera.com/27001academy/what-is-iso-22301/ - you can see that the 2019 version has a similar structure to ISO 9001:2015. Although not mandatory, as you can see in the article, a good disruption risk determination register and its assessment and business continuity plans seem to me very important for learning and improvement. Perhaps this other article could be useful for you - 17 steps for implementing ISO 22301 - https://advisera.com/27001academy/knowledgebase/17-steps-for-implementing-iso-22301/22301/iso-22301/
-
ISO 27001 helping in implementing ISO 22301
ISO 27001 and ISO 22301 are quite compatible, so that risk management, document control, internal audit, management review, corrective action, human resource management and measurement can be used in common for both of these standards.
These materials will help you:
- ISO 27001 & ISO 22301: Why is it better to implement them together? https://advisera.com/27001academy/es/webinar/iso-27001-iso-22301-why-is-it-better-to-implement-them-together-free-webinar-on-demand/
- Can ISO 27001 risk assessment be used for ISO 22301? https://advisera.com/27001academy/blog/2013/03/11/can-iso-27001-risk-assessment-be-used-for-iso-22301/
- ISO 27001 & ISO 22301 Premium Documentation Toolkit https://advisera.com/27001academy/iso-27001-22301-premium-documentation-toolkit/
-
ISO 13486:2016 certification for a machine
You have to see that with the manufacturer of that device. There is no any restriction from the standard to do this, but you will need to seek permission from the manufacturer itself for this.
-
Ways to define ISMS scope
Here are the answers:
What are the concrete methods and ways to define a good ISMS scope
You need to identify in which part of your company is your most valuable information - see the details here: How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
what steps need to be taken while identifying the risk
Here's the article that will help you: ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
and while writing the policies itself
Here are the articles that will help you:
- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
- List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
- Seven steps for implementing policies and procedures https://advisera.com/27001academy/knowledgebase/seven-steps-for-implementing-policies-and-procedures//
These materials will also help you regarding ISO 27001 implementation:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your
Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course
https://advisera.com/training/iso-27001-foundations-course/ -
Copyright notice
This relates to the copyright notice in the footer of the document(s) as well as copyright notice in properties of the particular document.
-
Position and Function of an information security specialist
I assume that by "graduate" you mean a student that has graduated from an university.
ISO 27001 has no requirements in this respect - usually, people with less experience could be a part of a security team, but not lead the security team.
Here are some articles that can help you:
- Roles and responsibilities of top management in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/06/09/roles-and-responsibilities-of-top-management-in-iso-27001-and-iso-22301/
- Who should be your project manager for ISO 27001/ISO 22301? https://advisera.com/27001academy/blog/2014/12/01/who-should-be-your-project-manager-for-iso-27001-iso-22301/
These materials will also help you on how to position yourself in ISO 27001 implementation:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your
Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course
https://advisera.com/training/iso-27001-foundations-course/ -
ISO certification code
You can ask an organization a copy of their certificate. Check the name of the certification body and verify if its name is in any list of an accreditation body recognized by the International Accreditation Forum (IAF). If that certification body is working with an accreditation body recognized by the IAF you can contact them and confirm if their certificate is valid or not. Sometimes certification bodies issue lists with the name of certified organizations. In that case you can search the name there.
The following material will provide you more information about solving doubts around a certificate validity:
- How to know whether ISO 9001 certificate is valid? – https://advisera.com/9001academy/blog/2018/05/23/how-to-know-whether-iso-9001-certificate-is-valid/- Free webinar – ISO 9001:2015 clause 4 – Context of the organization, interested parties, and scope – https://advisera.com/9001academy/webinar/iso-90012015-clause-4-context-of-the-organization-interested-parties-and-scope-free-webinar-on-demand/- Enroll for free course – ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/- Book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
-
SaaS products
Basically, you need to include in the ISMS scope the cloud elements you can control - this article will provide you with details: Defining the ISMS scope if the servers are in the cloud https://advisera.com/27001academy/blog/2017/05/22/defining-the-isms-scope-if-the-servers-are-in-the-cloud/
-
GDPR & CE Mark
Would you recommend for a medical device company that maintains a QMS system (under CE mark) to incorporate all GDPR changes inside the QMS?
QMS is established to certify quality and compliance of products to legal requirements.
A QMS system under CE mark may be related to product safety which can affect data protection if personal data are acquired by the medical device.
Certification process is encouraged by European Authorities and Member States under article 42 GDPR.
Are there subjects or areas that you would not want to be checked by the CE/QMS audit that relate to GDPR?
CE mark or QMS audit can be helpful to demonstrate accountability to GDPR requirements. However, depending on QMS audit that you implement in your company some areas may be not covered. Employee data processing and its storage or the transfer of data outside the EU may be not covered, if your QMS is focused only on product safety, it can be an example. Also, compliance of the data processor to GDPR provision should be checked.
Please consider that according to paragraph 4 article 42 GDPR “certification does not reduce the responsibility of the controller or the processor for compliance with this Regulation and is without prejudice to the tasks and powers of the supervisory authorities”.