Search results

Video tutorial content

1. The video "How to Write ISO 27001 Procedure for Corrective and Preventive Actions" talks about preventive actions. I cannot find this paragraph in the template.

I'm sorry about this problem - this particular video was made for earlier revision of the standard, and you can disregard the part about preventive actions.

If you find any other differences between any video tutorial and the templates, please consider the templates, because they are up to date to the current version of the standard.

ISO 27001:2013 does not require preventive actions anymore. These are treated as part of clause 6.1 (Actions to address risks and opportunities), which does not require these actions to be documented.

If you still feel you need more information about this topic, you can schedule a meeting with one of our consultants. To schedule a meeting, please access this link: https://advisera.com/27001academy/consultation/

2. The video talks about compatibility with ISO 9001 and ISO 14001 - please provide the applicable clauses in the template, thanks.

For information about clauses compatibility between ISO 27001 and ISO 9001, please see this free downloadable material:
- ISO 27001 vs. ISO 9001 matrix https://info.advisera.com/9001academy/free-download/iso-9001-2015-vs-iso-27001-2013-matrix

A similar approach can be used to map compatible clauses between ISO 27001 and ISO 14001.

These articles will provide you further explanation about integrating management systems:
- How to implement integrated management systems https://advisera.com/articles/how-to-implement-integrated-management-systems/
- Using ISO 9001 for implementing ISO 27001 https://advisera.com/27001academy/blog/2010/03/08/using-iso-9001-for-implementing-iso-27001/

Self Declaration to 17025

An ISO 1725 accreditation body must first assess the competency and compliance of the laboratory to the ISO/IEC 17025 standard requirements before a calibration or testing laboratory can declare that they are meeting the requirements of the ISO/IEC 17025 standard for services offered. After assessment, the accreditation body issues a Certificate of Accreditation for the accredited laboratory, which will be published on the accreditation body’s website. This includes the Scope of Accreditation – a list of specific calibration and measurement tests that the accreditation body has assessed the laboratory to be technically competent to perform against the ISO 17025 standard. This becomes the evidence for a declaration by a laboratory.

For more information on the process please read the following articles: 

• Project Plan for ISO/IEC 17025 implementation https://info.advisera.com/17025academy/free-download/project-plan-for-iso-17025-implementation
• Checklist of ISO 17025 implementation steps - https://advisera.com/17025academy/blog/2019/08/28/checklist-of-iso-17025-implementation-steps/

Necessity of ISO 9001 for ISO 17025

ISO 9001 certification is not needed by a laboratory before achieving accreditation to ISO 17025.

For an easy-to-understand explanation of the ISO/IEC 17025:2017 standard, please read the following article:
What is ISO 17025? - https://advisera.com/17025academy/what-is-iso-17025/

Please check our ISO/IEC 17025 Blog for useful articles https://advisera.com/17025academy/blog/, including:
Checklist of ISO 17025 implementation steps - https://advisera.com/17025academy/blog/2019/08/28/checklist-of-iso-17025-implementation-steps/

Medical Device File

Medical device file is a set of documents that describe a product and can prove that the product was designed and manufactured in accordance with ISO 13485 requirements and other applicable requirements. On the European market, all medical devices must have the Technical file under 93/42/EEC of the Medical Devices Directive (MDD). This technical file is in accordance with the medical device file. On the US market, medical devices must have a Desing master record according to the FDA, which also matches the medical device file. So for guidelines on how to prepare a medical device file, please search in the mentioned regulations.

For more information on ISO 13485:2016 requirements for medical device files, please read the following article: 

ISO 13485:2016 requirements for medical device files https://advisera.com/13485academy/blog/2017/06/28/how-to-meet-iso-13485-requirements-for-medical-device-files/

SOA and Control Objectives

Common practice is that the names of controls and text of control objectives can be used, ISO organization does not seem to have a problem with such an approach. However, you should not copy anything else from the standard.

To see how a Statement of Applicability looks like, I suggest you take a look at the demo of our Statement of Applicability at this link: https://advisera.com/27001academy/documentation/statement-of-applicability/

This article will provide you further explanation about Statement of Applicability:
- The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/

ISO 9001 mandatory documents

Mandatory documents are important, they are the minimum required by the standard. However, you should also think about the complexity of your organization, the amount of training given and the people turnover. Organizations use those variables to evaluate the need to develop other kind of documentation, besides the minimum required, according to ISO 9001:2015 clause 4.4.2.

The following material will provide you more information about required documentation:

- List of mandatory documents required by ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/
- Please check this warning about documentation and implementation - ISO 27001 documents – Why the templates are not enough? - https://advisera.com/27001academy/blog/2012/04/24/the-documentation-myth-why-the-templates-are-not-enough/
- Documentation Toolkit - Product Tour: ISO 9001 Documentation Toolkits - https://advisera.com/9001academy/product-tour/
- Free webinar - ISO 9001:2015 clause 4 - Context of the organization, interested parties, and scope - https://advisera.com/9001academy/webinar/iso-90012015-clause-4-context-of-the-organization-interested-parties-and-scope-free-webinar-on-demand/
- Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
 

Documents for Welding and Fabrication company

Mandatory documents are important, they are the minimum required by the standard. However, you should also think about the complexity of your organization, the amount of training given and the people turnover. Organizations use those variables to evaluate the need to develop other kind of documentation, besides the minimum required, according to ISO 9001:2015 clause 4.4.2.

The following material will provide you more information about required documentation:

- Article - List of mandatory documents required by ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/
- Please check this warning about documentation and implementation - ISO 27001 documents – Why the templates are not enough? - https://advisera.com/27001academy/blog/2012/04/24/the-documentation-myth-why-the-templates-are-not-enough/
- Documentation Toolkit - Product Tour: ISO 9001 Documentation Toolkits - https://advisera.com/9001academy/product-tour/
- Free webinar - ISO 9001:2015 clause 4 - Context of the organization, interested parties, and scope - https://advisera.com/9001academy/webinar/iso-90012015-clause-4-context-of-the-organization-interested-parties-and-scope-free-webinar-on-demand/
- Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

Multiple suppliers

ISO 9001:2015 has no requirements about the number of suppliers. So, your organization can decide to have a sole supplier. If there are risks from that situation it is up to your organization to determine them, evaluate them and act preventively.

The following material will provide you more information about suppliers and risks:

- Article - How to evaluate supplier performance according to ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/10/27/how-to-evaluate-supplier-performance-according-to-iso-90012015/
- Article - Risk-based thinking replacing preventive action in ISO 9001:2015 – The benefits - https://advisera.com/9001academy/knowledgebase/risk-based-thinking-replacing-preventive-action-in-iso-90012015-the-benefits/
- Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- Book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

Documents for ISO 27001 controls

Advisera's ISO 27001 Documentation Toolkit does not have a document for each and every control from ISO 27001 because of the following reasons:

• 1) ISO 27001 does not require each and every control to be documented
• 2) If the toolkit had a document for each control, there would be too many documents, and this would be an overkill for smaller and mid-size companies.

Since our target are SMEs, we have decided to include an optimum amount of documents for companies of this size - the toolkit includes:

• All the mandatory documents - e.g. Information Security Policy, Statement of Applicability, Risk Assessment Methodology, Access Control Policy, etc.
• Documents that are not mandatory, but are commonly used - e.g. BYOD Policy, Classification Policy, Password Policy, Backup Policy, etc.

You can see a full list of documents included in the toolkit in this page: https://advisera.com/27001academy/iso-27001-documentation-toolkit/

Quality management

In ISO 9001:2015 there is no direct requirement for Quality manager, while ISO 13485:2016 have a requirement for person called Management representative (requirement 5.5.2). The management representative is usually the same person as the quality manager because he or she is responsible for implementing and maintaining quality in the organization.

For more detailes, please read following articles: 

How to define roles and responsibilities within an ISO 13485-based QMS

https://advisera.com/13485academy/blog/2017/11/16/how-to-define-roles-and-responsibilities-within-an-iso-13485-based-qms/

What is the job of the Quality Manager according to ISO 9001?

https://advisera.com/9001academy/blog/2016/08/23/what-is-the-job-of-the-quality-manager-according-to-iso9001/