Search results

QMS benefit

Let me first recommend two articles about the benefits for organizations: 

• Benefits of ISO 9001 implementation for small businesses - https://advisera.com/9001academy/blog/2018/09/17/benefits-of-iso-9001-implementation-for-small-businesses/ 
• Six Key Benefits of ISO 9001 Implementation - https://advisera.com/9001academy/knowledgebase/six-key-benefits-of-iso-9001-implementation/

A well designed and implemented QMS reduces firefighting and promotes a culture of making decisions based on facts. Organizing the different processes of an organization reduces variability by defining internal best practices to be followed by each employee/function.

The following material will provide you information about implementing a QMS:

• - Free webinar on demand - Overview of ISO 9001 implementation steps  - https://advisera.com/9001academy/webinar/overview-of-iso-9001-implementation-steps-free-webinar-on-demand/ 
• - Free course - ISO 9001:2015 Foundations Course: https://advisera.com/training/iso-9001-foundations-course/ 
• - Free online training ISO 9001:2015 Internal Auditor Course –https://advisera.com/training/iso-9001-internal-auditor-course/  
• - Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
   

Inventory management process

I'm sorry, but in order to answer your question, could you please explain what do you mean by "opportunity audit", and "inventory management model"? Such phrases are not used in ISO standards. 

Mandatory financial & HR documents

Let us focus our attention on the mandatory documents required by ISO 9001:2015. Please check this article, “List of mandatory documents required by ISO 9001:2015” - https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/ - there are no requirements about financial documents and the only mandatory documents about Human Resources are about “Records of training, skills, experience and qualifications (clause 7.2)”
 

The following material will provide you information about implementing a quality management system:

- Free webinar on demand – Overview of ISO 9001 implementation steps - https://advisera.com/9001academy/webinar/overview-of-iso-9001-implementation-steps-free-webinar-on-demand/
- ISO 9001 Checklist of ISO 9001 implementation & certification steps - https://advisera.com/9001academy/knowledgebase/checklist-of-iso-9001-implementation-certification-steps/
- ISO 9001 Implementation diagram - https://info.advisera.com/9001academy/free-download/iso-9001-implementation-diagram
- ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- Book - Discover ISO 9001:2015 - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

Subsequent provision of products and services

Clause 8.3.2 is about design and development planning. It includes both the project phase and the after the project phase, the after the successful verification and validation. 

After the project comes the provision of products and services: What raw materials to use? What drawings to follow? What equipment to use? What process control plan? What specifications to use? What acceptance criteria to use? What quality control plan to use? What packaging to use? What post delivery service to provide?

Clause 8.3.2 h) is about preparing 8.5.1 – including both downstream processes and post-delivery services.

The following material will provide you information about Design and development:

- ISO 9001 – The ISO 9001 Design Process Explained - https://advisera.com/9001academy/blog/2013/11/05/iso-9001-design-process-explained/
- ISO 9001 - Understanding Product & Service Provision in ISO 9001 - https://advisera.com/9001academy/blog/2014/10/07/understanding-product-service-provision-iso-9001/
Book – Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- free online training ISO 9001:2015 Internal Auditor Course - –https://advisera.com/training/iso-9001-internal-auditor-course/  

Supplier Policy for Suppliers and Partners

First is important to note that, for a more productive audit, besides the Supplier Security Policy, you also should use an audit checklist, and for that, you have an audit checklist included in your toolkit (on folder 10 Internal Audit).

Considering that, if you do not have any legal obligation (e.g., laws or contracts), or risks, demanding specific cloud controls to be implemented by your cloud suppliers, then the internal audit checklist included in your toolkit will be sufficient.

Combination of ISMS and BCMS

Considering ISO 27001 and ISO 22301, which have a lot of requirements in common, it is perfectly possible to go for the simultaneous implementation of the ISMS and BCMA. In fact, this can bring many benefits, like decreased costs in implementation and internal audits, but first, you have to consider the organization's situation in terms of available resources, knowledge, and personnel.

This article will provide you further explanation about integrated implementation:
- How to implement integrated management systems https://advisera.com/articles/how-to-implement-integrated-management-systems/

This material will provide further information:
- Free webinar – ISO 27001 & ISO 22301: Why is it better to implement them together? https://advisera.com/27001academy/webinar/iso-27001iso-22301-certification-process-free-webinar-demand/

Regarding step by step guidelines to implement both systems, in a general manner, you have these steps:
- Obtain management support
- Develop a project plan
- Define scope (related to each standard)
- Define top-level policies (related to each standard)
- Define basic management system procedures (common to both standard)
- Develop specific policies and procedures (related to each standard)
- Implement policies and procedures and train personnel
- Perform internal audit
- Perform management review
- Proceed with corrective actions

The following articles will provide you explanation of the steps to implement both standards:
- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
- 17 steps for implementing ISO 22301 https://advisera.com/27001academy/knowledgebase/17-steps-for-implementing-iso-22301/22301/iso-22301/

Context document

ISO 22301 and ISO 27001 do not require you to write a document for context of the organization, this is why we didn't include such document in the toolkit - most of our clients are smaller companies, and they appreciate if they can avoid an overhead. 

However, you will collect all the crucial information for the context of your organization by filling out the following documents that are included in the toolkit:

• "List of legal, regulatory, contractual and other requirements" (you'll find it in the folder "Identification of requirements") -you will get all external issues important for the context of your organization. 
• "Risk assessment table" (you'll find it in the folder "Risk assessment and treatment" - you'll get all internal issues important for the context of your organization

This article can also help you (it is also relevant for ISO 22301): How to define context of the organization according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-define-context-of-the-organization-according-to-iso-27001/

ISO 27001 and ISO 27799

Yes, it is possible to comply with ISO 27799 using ISO 27001 as a "basic" standard, however you will need to introduce some extra documents/activities that do not exist in ISO 27001. 

There articles will help you:

• How ISO 27001 and ISO 27799 complement each other in health organizations https://advisera.com/27001academy/blog/2016/06/13/how-iso-27001-and-iso-27799-complement-each-other-in-health-organizations/ 
• ISO 27001 vs ISO 27002 https://advisera.com/27001academy/knowledgebase/iso-27001-vs-iso-27002/ 

Business impact analysis

I assume you're asking this question in the context of ISO 22301, the business continuity standard. 

Both risk assessment and business impact analysis are mandatory according to ISO 22301, however they do not depend on each other - in practice, they are independent analysis.  

These articles will help you with details: 

• How to implement business impact analysis (BIA) according to ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-implement-business-impact-analysis-bia-according-to-iso-22301/
• Risk assessment vs. business impact analysis https://advisera.com/27001academy/knowledgebase/risk-assessment-vs-business-impact-analysis/
• Can ISO 27001 risk assessment be used for ISO 22301? https://advisera.com/27001academy/blog/2013/03/11/can-iso-27001-risk-assessment-be-used-for-iso-22301/ 

Data subject & DSAR

Note that the controller is entitled to identify the data subject (requestor) and thus, he/she can ask for additional information to be able to validate the identity of the data subject.