Search results

Home / Search

Category:

Sort by:

Select

Types of user:

Select

11272 results

Guest

Create New Topic As guest or Sign in

Business department* About business* Organization size*

Title *

Body *

HTML tags are not allowed

Category *

Select

Assign topic to the user

Select user

Design and development

what type of documents do I need to fulfil the requirements of clause 8.3

Answer:

Please check this article about the mandatory documents required by ISO 9001:2015 - List of mandatory documents required by ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/ there you can check that only records are mandatory. However, I recommend that organizations develop a procedure about the good design and development practices that need to be followed and authorities and responsibilities.

can I have any such formats for Planning, input, controls, outputs and changes?"

Answer:

Yes, you can have a format for each topic, or for two or more topics simultaneously.

The following material will provide you more information about design and development:

- The ISO 9001 Design Process Explained - https://advisera.com/9001academy/blog/2013/11/05/iso-9001-design-process-explained/
- Procedure for Design and Development - https://advisera.com/9001academy/documentation/procedure-design-development/
- Free online training ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- Book – (where I use the process approach this way) - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
Supplier Security

Based in your attached document, I'm assuming you are referring to a document similar to a "Confidentiality Statement" (the term “Order data protection agreement” does not exist in the standard, nor it is a common term).

Considering that, please note that for ISO 27001, you only have to implement a "Confidentiality Statement", or similar document like the ”Order Data Protection Agreement”, or any other type of control, if:
- the results of risk assessment require the implementation of such document
- there are legal requirements (e.g., laws and contracts) which require the implementation of such document
- there is a top management decision for implementation of such document

If none of the above mentioned situations occur, then you do not need to implement a "Confidentiality Statement", or ”Order Data Protection Agreement”.

Considering our toolkit, we have a "Confidentiality Statement" template, located on folder 08 Annex A Security Controls >> A.7 Human Resource Security, that you can evaluate if it can fulfill your needs. It contains the minimum required for compliance with the standard (for further security you should consider seeking expert legal advice because we are not legal experts).

Regarding your document, it seems fine as a "Confidentiality Statement", with more clauses than our "Confidentiality Statement", but again we recommend you to seek legal advice.

Another way to handle this situation is by including a security clause in your service agreement with those parties working with you.

This article will provide you a further explanation about control selection and security clauses:
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
- What to consider in security terms and conditions for employees according to ISO 27001 https://advisera.com/27001academy/blog/2018/05/23/what-to-consider-in-security-terms-and-conditions-for-employees-according-to-iso-27001/
Quality control statement

I don’t know if I understand correctly your question. Organizations have the authority to decide what makes sense to include in a SOP. So, there is no compulsory requirement to add a quality control statement.

The following material will provide you more information about documentation:

- How to structure quality management system documentation - https://advisera.com/9001academy/knowledgebase/how-to-structure-quality-management-system-documentation/
- List of mandatory documents required by ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/
- Free online training ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- Book - Managing ISO Documentation: A Plain English Guide - https://advisera.com/books/managing-iso-documentation-plain-english-guide/
Identification of justifications for SoA

https://advisera.zendesk.com/attachments/token/0Sa3NH86A9WJA1S9njTfJrTuc/?name=image001.png

When the justification for control applicability is related to risk assessment results, you can identify the Id of the related risks (e.g., results of last risk assessment ID 32, ID 17, and ID 23). As for contractual or legal obligation, you can identify the name of the obligation (e.g., name of the law or ID of the contract), and the clauses related to the control.

Included in the toolkit you bought you also have access to a video tutorial that can help you fill the Statement of Applicability.

This article will provide you a further explanation about Statement of Applicability:
- The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/
ISO 9001 and non-conformities

No, the non-conformity can only be closed after checking a representative sample, after the closing date of your project and concluding that the non-conformity was removed.

The following material will provide you more information about the closing nonconformities:

- How to deal with nonconformities in an ISO 9001 certification audit - https://advisera.com/9001academy/blog/2015/06/09/how-to-deal-with-nonconformities-in-an-iso-9001-certification-audit/
- Free online training ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- Book – (where I use the process approach this way) - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
Service-Only Providers and ISO 13485

Thanks for taking the time to respond in detail. I appreciate it.
ISO 9001 clause 4.4 requrements

ISO 9001:2015 promotes the use of the process approach. Please consider watching this free webinar on demand about the process approach - The Process Approach - What it is, why it is important, and how to do it - https://advisera.com/9001academy/webinar/iso-9001-process-approach-free-webinar-on-demand/

Slide 12 is about determining a set of interrelated processes that model how an organization works. (4.4.1 b))

Slide 13 is about the characterization of each process (4.4.1 a); c) d) e) f) g) and h))

Slide 14 is about risks and processes (4.4.1 f))

Slide 15 is about (4.4.1 e))

I consider the process approach one of the best tools to manage and improve an organization.

The following material will provide you more information about the process approach:

- ISO 9001 – ISO 9001: The importance of the process approach - https://advisera.com/9001academy/blog/2015/12/01/iso-9001-the-importance-of-the-process-approach/
- free online training ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- book – (where I use the process approach this way) - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
Implementation cutoff dates

Both standards are currently in effect, and a company can become certified to them right now, however, below is the information on transitioning from other standards and when these previous standards become obsolete as this is what is normally viewed as the cut off for implementation.

ISO 45001:2018 was released in March 2018, and as such will replace OHSAS 18001 in March 2021. At this point all companies who were registered to OHSAS 18001 will need to be transitioned over to ISO 45001, any certification will not be renewed, and the OHSAS standard will be made obsolete. This is confirmed in the BSI website, the organization that controlled the OHSAS 18001 standard, here: https://www.bsigroup.com/en-CA/BS-OHSAS-18001-Occupational-Health-and-Safety/

ISO 22000:2018 was published in June 2018, and if you had the ISO 22000:2005 standard in place you will have 3 years until June 2021 to make your transition. More about this standard can be found on the ISO website here: https://www.iso.org/standard/65464.html
Personal data definition

Personal data is defined by the GDPR as “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.

Assuming that by EMI you refer to “equated monthly installment” the EMI is not personal data as it is not unique to a specific person and the same EMI would be applicable to multiple borrowers.

If you want to find out more about personal data check out this EU GDPR Foundations Course (https://advisera.com/training/eu-gdpr-foundations-course//)
Inquiries on Transition to ISO 45001

1. We are currently in the process of assessing our documentation in preparation for our transition to ISO 45001 from OHSAS 18001. What other documentation do we need to produce?

If you are transitioning over from OHSAS 18001, much of the OHSMS is fully transferable, with only a few additions to the requirements such as consultation and participation of workers. As for documentation, there is not much additional documentation required by the new ISO standard.

For more on the documentation necessary or ISO 45001, see the whitepaper; Checklist of Mandatory Documentation Required by ISO 45001, https://info.advisera.com/45001academy/free-download/checklist-of-mandatory-documentation-required-by-iso-45001

2. Are Risk and Opportunity associated with OH&S the same with Hazard and Risk?

Risk and opportunity are not the same as OH&S hazards and risks. Risks and opportunities are considering he top level risks for the OHSMS, and are captured in clause 6.1.2.2 and 6.1.2.3, whereas, the OH&S hazards are in 6.1.2.1.

For more on the new risks and opportunities requirements, see the article; What are the new requirements for risks and opportunities according to ISO 45001?, https://advisera.com/45001academy/blog/2018/04/25/what-are-the-new-requirements-for-risks-and-opportunities-according-to-iso-45001/

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +

Search results

11272 results

Create New Topic As guest or Sign in

Assign topic to the user

Want to vote?

Design and development

Supplier Security

Quality control statement

Identification of justifications for SoA

ISO 9001 and non-conformities

Service-Only Providers and ISO 13485

ISO 9001 clause 4.4 requrements

Implementation cutoff dates

Personal data definition

Inquiries on Transition to ISO 45001

Didn’t find an answer?