Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11272 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Maintaining ISMS Certifications from a merging company
It seems to me the change in your case is in location, but also in the legal entity.
For other information it is best that you consult with your certification body, I wouldn't like to speculate without detailed insight.
-
Benefits of ITIL implementation
Incident and Problem Management are always a good start, so you can't miss with them.
Regarding Servide Design - well, that depends on the situation inside your organization (e.g. do you have some form of Service Catalogue, how many services you have, how different are they, how many users do you have, what's their level of IT skills, etc.). But, Service Catalogue is must have and it's better to implement it as soon as possible.
Here is the article with more details
Ready, steady… go – Starting ITIL implementation https://advisera.com/20000academy/blog/2014/06/10/ready-steady-go-starting-itil-implementation/
-
ISO 9001 implementación
Lo primero que debe de hacer es contar con el apoyo de la alta dirección, que es quién va a proporcionar los recursos tanto económicos como de personal para llevar a cabo el proyecto de implantación.
Posteriormente realizar un análisis GAP o análisis de brecha en su organización para saber con qué requisitos cumple ya y con cuáles debe de cumplir. Aquí puede llevar a cabo ese análisis - Herramienta de análisis de brecha para ISO 9001: https://advisera.com/9001academy/es/herramienta-analisis-de-brecha-iso-9001/
Para que tenga claro cada uno de los requisitos de la norma le recomiendo que lea el siguiente informe gratuito, que le ayudará a entender cada una de las cláusulas de ISO 9001 - Clause by Clause explanation of ISO 9001:2015: https://info.advisera.com/9001academy/free-download/clause-by-clause-explanation-of-iso-90012015
Cuando ya cuenta con esta información puede empezar a escrbir un Plan de Proyecto, donde establezca cada uno de los hitos de la implantación del sistema de gestión de calidad, así como los plazos, responsabilidades, etc. Aquí puede descargar un ejemplo gratuito de Plan de Proyecto - Plan de Proyecto para la implementación de ISO 9001: https://info.advisera.com/9001academy/es/descarga-gratuita/plan-de-proyecto-para-la-implementacion-de-iso-9001-ms-word
Una vez que ya tiene definido el Plan de Proyecto ya puede empezar a definir cómo va a llevar a cabo el control de documentos y registros del SGC. Luego ya puede determinar la política y los objectivos de calidad, el alcance del SGC... así hasta llegar a la auditoría interna y la revisión por la dirección. Puedes descargar este Diagrama de Implementación de ISO 9001;2015 que indica todos los pasos en la implementación de ISO 9001:2015: https://info.advisera.com/9001academy/es/descarga-gratuita/diagrama-de-implementacion-iso-90012015
Estos materiales también pueden ayudarle en la implementación de la norma ISO 9001:2015
- Inscríbase gratis en este curso - Curso de Fundamentos de la norma ISO 9001:2015 - https://advisera.com/es/formacion/curso-fundamentos-iso-9001/
- Libro – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
-
Advance QMS from ISO 9001:2015 to IATF 16949:2016
For project plan steps please consider our project plan for IATF 16949: https://info.advisera.com/16949academy/free-download/project-plan-for-iatf-16949-implementation-presentation
And also, implementation diagram https://info.advisera.com/16949academy/free-download/iatf-16949-implementation-diagramThe difference between ISO 9001 and IATF 16494 is described in our article: ISO 9001 vs IATF 16949 What is the difference: https://advisera.com/16949academy/blog/2019/11/19/iso-9001-vs-iatf-16949-what-is-the-difference/
Please consider the following materials that may help:
I recommend the IATF 16949 Documentation Toolkit: https://advisera.com/16949academy/iatf-16949-2016-documentation-toolkit/
Checklist of IATF 16949:2016 implementation steps: https://advisera.com/16949academy/knowledgebase/checklist-of-iatf-16949-2016-implementation-steps/
List of mandatory documents required by IATF 16949:2016 https://advisera.com/16949academy/knowledgebase/list-of-mandatory-documents-required-by-iatf-16949-2016/
How to structure IATF 16949:2016 documentation https://advisera.com/16949academy/knowledgebase/how-to-structure-iatf-16949-2016-documentation/
-
Transition from ISO 17025:2005 to ISO 17025:2017
As ISO 17025 is a general guideline for a testing laboratory management system, the amount of documentation needed for your laboratory’s transition from ISO 17025:2005 to ISO 17025:2017 will depend on what you already have in place.
Referring to a mandatory document checklist will help you identify the gaps in your current system and identify the new or changed processes, procedures, and records that you will need to put in place. I suggest you also refer to your accreditation body for any specific requirements.
Download the useful complimentary white paper (PDF) Checklist of mandatory documents required by ISO 17025:2017; available at https://info.advisera.com/17025academy/free-download/checklist-of-mandatory-documents-required-by-iso-17025;
Please read the following articles for more information:
- ISO/IEC 17025:2005 vs. ISO/IEC 17025:2017 revision: What has changed? at https://advisera.com/17025academy/blog/2019/11/13/iso-17025-2017-vs-iso-17025-2005-key-changes-infographic/
- List of mandatory documents required by ISO 17025:2017 at https://advisera.com/17025academy/blog/2019/08/30/list-of-mandatory-documents-required-by-iso-170252017/
Note that accreditation to ISO/IEC 17025:2005 will be invalid after the 30 November this year (ILAC Resolution GA 20.15). Your laboratory will need to complete the transition and be assessed by your accreditation body before that date. The use of the ISO 17025:2017 toolkit, available at https://advisera.com/17025academy/iso-17025-documentation-toolkit/ could be a suitable tool to help meet the deadline.
-
OHS Risks and Opportunities
Your explanation is quite apt. Very precise and accurate.
-
Sampling and analysis of Measurement uncertainty
The 2002 version of the ILAC document, ILAC G17 (Introducing the Concept of Uncertainty of Measurement in Testing in Association with the Application of the Standard ISO/IEC 17025) is still under revision. Accreditation bodies should acknowledge that even ILAC states that there is currently not enough guidance and a lack of rules for implementing Uncertainty in sampling, i.e. reporting separately as sMU (see https://www.eurachem.org/images/stories/workshops/2019_11_MU/pdf/P1-09_ILAC_UfS_guidance_Oehlenschlaeger.pdf).
I would say that until the ILAC decision is communicated after the March 2020 Beijing meeting, there is justification to merely interpret and comply with the ISO 17025:2017 requirements for measurement uncertainty evaluation (as discussed in the ILAC presentation). Besides the latest Eurachem guideline Measurement uncertainty arising from sampling, 2nd edition (2019), available at https://www.eurachem.org/index.php/publications/guides/musamp; the primary normative ISO standards are the ISO 98 series, including- ISO/IEC GUIDE 98-1:2009 [JCGM/WG1/104] Uncertainty of measurement - Part 1: Introduction to the expression of uncertainty in measurement;
- ISO/IEC Guide 98-3:2008(en) Uncertainty of measurement - Part 3: Guide to the expression of uncertainty in measurement (GUM:1995);
- ISO/IEC Guide 98-4:2012 Uncertainty Of Measurement - Part 4: Role Of Measurement Uncertainty In Conformity Assessment
Then for Microbiology, there is the recently revised ISO 19036:2019 Microbiology of the food chain - Estimation of measurement uncertainty for quantitative determinations. Trust this is of some assistance.
-
Toolkit selection
If you do not have any specific requirements (e.g., laws or contracts) for cloud security nor privacy in the cloud, the ISO 27001 Documentation Toolkit is the best option. In case you have specific requirements for cloud security or privacy in the cloud, then the ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit is the best option.
Below you have a list of some documents in the ISO 27001 Documentation Toolkit cover your needs:
1. Encryption key management and 12. Encryption at Rest: Policy on the Use of Encryption https://advisera.com/27001academy/documentation/policy-on-the-use-of-encryption/
2. Network segregation, 3. Audit logging, 4. Patch and vulnerability management program, 6. Physical and environmental security, 7. Operational procedures and responsibility, and 13. Security Monitoring Practices: Security Procedures for IT Department https://advisera.com/27001academy/documentation/procedures-for-working-in-secure-areas/
Please note that in responsibilities are defined in a high level in the Information Security Policy, and in more specific terms in each policy and procedure defined in the toolkit.
5. Information security awareness, education, and training: Training and awareness plan https://advisera.com/27001academy/documentation/training-and-awareness-plan/
8. System acquisition, development, and maintenance – including secure coding practices: Secure Development policy https://advisera.com/27001academy/documentation/secure-development-policy/
Please note that ISO 27001 does not cover specifics related to secure coding practices.
9. System access control: Access control policy https://advisera.com/27001academy/documentation/access-control-policy/
10. Personnel security: Statement of Acceptance of ISMS Documents https://advisera.com/27001academy/documentation/statement-of-acceptance-of-isms-documents/
11. Backup: Backup policy https://advisera.com/27001academy/documentation/backup-policy/
For more detailed information about which documents cover which clauses of ISO 27001, and to see how these documents look like, please access the free demo of the toolkit in this link: https://advisera.com/27001academy/iso-27001-documentation-toolkit/
-
Control application
For this decision, you have to verify the ISMS scope document. Since the ISMS scope defines what is part of your ISMS and what is not, it will help you define what to include in the Disaster Recovery plan.
These articles will provide you further explanation about scope definition and disaster recovery:
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
- Defining the ISMS scope if the servers are in the cloud https://advisera.com/27001academy/blog/2017/05/22/defining-the-isms-scope-if-the-servers-are-in-the-cloud/
- Disaster recovery vs Business continuity https://advisera.com/27001academy/blog/2010/11/04/disaster-recovery-vs-business-continuity/ -
Physical penetration testing
ISO 27001 does not prescribe specifics about how to perform physical penetration testing, but you can use controls objectives and recommendations from section A.11 from ISO 27001 Annex A (Physical and environmental security), to identify points you should check in your penetration test.
These articles will provide you further explanation about physical security:
- Physical security in ISO 27001: How to protect the secure areas https://advisera.com/27001academy/blog/2015/03/23/physical-security-in-iso-27001-how-to-protect-the-secure-areas/
- How to implement equipment physical protection according to ISO 27001 A.11.2 – Part 1 https://advisera.com/27001academy/blog/2016/04/18/how-to-implement-equipment-physical-protection-according-to-iso-27001-a-11-2-part-1/
- How to implement equipment physical protection according to ISO 27001 A.11.2 – Part 2 https://advisera.com/27001academy/blog/2016/04/26/how-to-implement-equipment-physical-protection-according-to-iso-27001-a-11-2-part-2/
- How to protect against external and environmental threats according to ISO 27001 A.11.1.4 https://advisera.com/27001academy/blog/2016/01/25/how-to-protect-against-external-and-environmental-threats-according-to-iso-27001-a-11-1-4/