Search results

Home / Search

Category:

Sort by:

Select

Types of user:

Select

11272 results

Guest

Create New Topic As guest or Sign in

Business department* About business* Organization size*

Title *

Body *

HTML tags are not allowed

Category *

Select

Assign topic to the user

Select user

ISMS implementation

1. We are initiating an implementation project of an ISMS, it was decided to work with internal staff, our question is whether with the "Premium Package of documents on ISO 27001 and ISO 22301", is it enough to implement an ISMS without having previous experience?

Our toolkits focus on customers with little to no previous knowledge of ISO 27001, so, considering the access to our knowledge base, video tutorials, and consultation through email or live meetings, you have all the support you will need to implement an ISO 27001 ISMS with your own personnel.

For further information, please see:
- How to use a Documentation Toolkit for the implementation of ISO 27001 / ISO 22301 [free webinar on demand] https://advisera.com/27001academy/webinar/how-to-use-a-documentation-toolkit-for-the-implementation-of-iso-27001-free-webinar-on-demand/

2. Are there any certifications to be an ISO 27001 auditor? which would you recommend us?

There are two types of ISO 27001 certification for Auditors:
- ISO 27001 Internal Auditor - this certification recognizes competence for a person to audit his own organization
- ISO 27001 Lead Auditor - this certification recognizes competence for a person to audit on behalf of an certification body

At this point, the Internal Auditor certification would be sufficient for your needs

These articles will provide you further explanation about internal audit:
- ISO 27001 Internal Auditor training – Is it good for my career? https://advisera.com/27001academy/blog/2016/03/29/iso-27001-internal-auditor-training-is-it-good-for-my-career/
- Qualifications for an ISO 27001 Internal Auditor https://advisera.com/27001academy/blog/2015/03/30/qualifications-for-an-iso-27001-internal-auditor/

Regarding a course, please take a look at this suggestion:
- ISO 27001:2013 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/
Certificación y objetivos de calidad

Respecto a la Política de Calidad - En este enlace tiene acceso a la vista previa de nuestra plantilla de Política de Calidad: https://advisera.com/9001academy/es/documentation/politica-de-calidad/

La política de calidad debe de cumplir con lo siguiente:
- Ser apropiada al propósito y contexto de la organización, y que esté alineada con la dirección estratégica de la organización.
- Que proporcione el marco de referencia para el establecimiento de los objetivos de calidad
- Que incluya un compromiso de cumplimiento con los requisitos que sean aplicables a su SGC
- Que contenga el compromiso con la mejora continua del SGC

En estos artículos puede encontrar más información sobre la política de calidad:

- How to write a good quality policy: https://advisera.com/9001academy/blog/2014/03/25/write-good-quality-policy/
- How does the ISO 9001:2015 revision affect the queality policy: https://advisera.com/9001academy/blog/2018/04/10/how-does-the-iso-90012015-revision-affect-the-quality-policy/

Con respecto a los objetivos de calidad - En este enlace tiene acceso a la vista previa de nuestra plantilla de Objetivos de Calidad: https://advisera.com/9001academy/es/documentation/objetivos-de-calidad/

En general los objetivos de calidad deben de ser SMART, por sus siglas en inglés:
- Específicos:
- Medibles:
- Alcanzables:
- Realistas
- Basados en el tiempo

En este artículo puede encontrar más información de los objetivos de calidad - Cómo escribir buenos objetivos de calidad: https://advisera.com/9001academy/pt-br/kit-de-documentacao-da-iso-9001/nowledgebase/como-escribir-buenos-objetivos-de-calidad/

Estos materiales pueden serle de ayuda para entender mejor la política de calidad y los objetivos de calidad:
- Inscríbase gratis en este curso - Curso de Fundamentos de la nroma ISO 9001:2015 - https://advisera.com/es/formacion/curso-fundamentos-iso-9001/
- Libro – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
Raising a Non Conformity or Observation in Internal Audit

First, it is important to note that, considering ISO 19011, the standard used for auditing ISO management systems, audit findings can be conformity, nonconformity, opportunities for improvement, and recommendations (i.e., there is no definition for observation in the standard as an audit finding).

Considering that, an internal auditor also can raise a non-conformity for your ISMS even if you have passed a certification.

The difference between an NC and an observation is that for the second one you do not have enough evidence to support a non-conformity statement. In this situation, the internal auditor can make an observation to the organization so its staff can decide to work on an evaluation to identify if further work has to be done. It also can be used by another auditor in another audit to verify if the situation has evolved to a well-based non-conformity or not.

This course can give you further information about internal audit:
- ISO 27001:2013 Internal Auditor course https://advisera.com/training/iso-27001-internal-auditor-course/
Integrating IATF 16949 with ISO 9001

IATF 16949 has higher requirements than ISO 9001. We can consider ISO 9001 as a standard with basic requirements and IATF 16949 would be the standard with advanced requirements.

Certification for ISO 9001 is good as a starting point for the development of the IATF 16949 system.

For more details please read the article: “ISO 9001 vs ISO/TS 16949” https://advisera.com/9001academy/blog/2014/10/01/iso-9001-vs-isots-16949/
Upgrading the Project Quality Plan to ISO 9001:2015?

First, is your organization certified or wanting to be certified? If yes, certification body auditors may raise a nonconformity in the next surveillance audit or certification audit. If no, is there any particular request from your customer? Can your organization negotiate with the customer the maintenance of the status-quo or small changes?

If you have to update the documentation, I recommend starting with a Gap Analysis to determine what is different, what is missing, in the transition from 2008 version into the 2015 version. I believe that there are not so many differences in terms of operations. Consider clause 6.3 of ISO 9001:2015, about how to make changes in your quality management system without introducing disruption and chaos.

The following material will provide you more information about the transition:

- Case study for ISO 9001:2015 transition in a construction company - https://info.advisera.com/hubfs/9001Academy/9001Academy_FreeDownloads/Case_study_for_ISO_9001_2015_transition_in_construction_company_EN.pdf
- Free ISO 9001:2015 Gap Analysis Tool - https://advisera.com/9001academy/iso-9001-gap-analysis-tool/
- Free webinar on demand – ISO 9001:2015 - How to make the transition from ISO 9001:2008 - https://advisera.com/9001academy/webinar/iso-90012015-how-to-make-the-transition-from-iso-90012008-free-webinar-on-demand/
- Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- Book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
Exclusión del requisito de diseño

Si ustedes aunque fabrican ese kit y lo diseñan sólo van a certificar los procesos de reparación y venta entiendo que la cláusula 8.3 de diseño y desaarrollo puede ser excluida. Sin embargo, tienen que contemplar la posibilidad de si existe un mínimo trabajo de diseño y desarrollo durante la reparación y en ese caso debería de incluir la cláusula. Así mismo la venta puede estar sujeta al requisito de diseño y desarrollo, por ejemplo si su organización es la responsable del transporte de los productos que vende y tiene que diseñar la ruta del transporte, entonces tendría que incluir la cláusula de diseño y desarollo en el alcance del SGC.

Para más información sobre la exclusión de la cláusula de diseño y desarrollo en ISO 9001:2015 vea los siguientes materiales:

- Artículo - What clauses can be excluded in ISO 9001:2015? - https://advisera.com/9001academy/blog/2015/07/07/what-clauses-can-be-excluded-in-iso-90012015/2015/
- Webinar gratuito - ISO 9001:2015 clause 4 - Context of the organization, interested parties, and scope - https://advisera.com/9001academy/webinar/iso-90012015-clause-4-context-of-the-organization-interested-parties-and-scope-free-webinar-on-demand/
- Inscríbase gratis en este curso - Curso de Fundamentos de la nroma ISO 9001:2015 - https://advisera.com/es/formacion/curso-fundamentos-iso-9001/
- Libro – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
Background report

After ensuring that you have established the identity of the requestor you have one month to provide an answer.

In your case, you can need to provide the requested information using the same channel you received the request e. g email.

The full process is described in the Data Subject Access Request Procedure in the Toolkit you purchased as well as in this EU GDPR Data Subject Access Request Flowchart (https://info.advisera.com/eugdpracademy/free-download/eu-gdpr-data-subject-access-request-flowchart)
Template content - Access control policy

Please note that the original English text is "When allocating privileges the person responsible must take into account business and security requirements for access (defined in risk assessment), ..."

Considering this text, business and security requirements for access are not defined in the risk assessment. The risk assessment only provides additional information that must be considered when defining such accesses. An example of business requirement for access is remote access to some roles (e.g., sales staff, remote developers, etc.)
Starting ISMS implementation

Unfortunately, these templates are available only in English. To see the free downloadable material we have in German, please access this link: https://advisera.com/27001academy/de/kostenlose-downloads/
Top Management Audit

I cannot give a checklist, but I can provide you with the raw materials to develop your own checklist. You can start by listing all the topics in ISO 9001:2015 (you can see that for ISO 14001:2915 they are almost the same) that can be related with top management. The following article - How to perform an ISO 9001 audit of top management without fear - https://advisera.com/9001academy/blog/2019/05/15/iso-9001-top-management-audit-how-to-perform-it-successfully/ give you a good start.

You can get much more detailed information in the following links:

- Article - ISO 9001 Audit Checklist - https://advisera.com/9001academy/knowledgebase/iso-9001-audit-checklist/
- Article – about the checklist technique - ISO 9001 audit checklist for laboratory - https://advisera.com/9001academy/blog/2018/09/04/iso-9001-audit-checklist-for-laboratory/
- Enroll for free - ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-9001-internal-auditor-course/
- book – ISO Internal Audit: A Plain English Guide - https://advisera.com/books/iso-internal-audit-plain-english-guide/

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +

Search results

11272 results

Create New Topic As guest or Sign in

Assign topic to the user

Want to vote?

ISMS implementation

Certificación y objetivos de calidad

Raising a Non Conformity or Observation in Internal Audit

Integrating IATF 16949 with ISO 9001

Upgrading the Project Quality Plan to ISO 9001:2015?

Exclusión del requisito de diseño

Background report

Template content - Access control policy

Starting ISMS implementation

Top Management Audit

Didn’t find an answer?