Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11269 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
IATF 16949 implementation guideline
Answer:
First, you can read our article that will provide you with the basic information on IATF 16949:
What is IATF 16949
https://advisera.com/16949academy/what-is-iatf-16949/
Then, you can check what you have already implemented in your organization. Here is an article that will help you with that:
Checklist of IATF 16949:2016 Implementation Steps
https://advisera.com/16949academy/knowledgebase/checklist-of-iatf-16949-2016-implementation-steps/
Next step would be getting familiar with IATF Core tools. You can do that by reading the following article: What are the five core tools of IATF 16949
https://advisera.com/16949academy/blog/2017/08/23/what-are-the-five-core-tools-of-iatf-16949/
For more about IATF 16949, I would recommend reading our blog posts on our IATF 16949 Blog that seem interesting to you and your business case in the production department:
https://advisera.com/16949academy/blog/
In out IATF 16949:2016 Documentation Toolkit you can find all the required document templates: https://advisera.com/16949academy/iatf-16949-2016-documentation-toolkit/ -
Product recall requirements and Drinking water standard in Cambodia
Answer:
There is an ASEAN medical device directive where, in Article 12 and Annex 5, is described product recall process. You can find this directive on the following link: https://asean.org/book/asean-medical-device-directive/
I have found that there is Drinking water standard in Cambodia on the following links:
Drinking Water Quality Standards https://rdic.org/wp-content/uploads/2014/12/MIME-Drinking-Water-Quality-Standards-2004-en.pdf, Drinking Water Standard https://www.wepa-db.net/policies/law/cambodia/07.htm -
AS9100 Transfer of work
Is it a viable statement to say that “Control of Work Transfers” is not applicable to our situation?"
Answer:
Transfer of work, as mentioned in clause 8.1, is referring to moving a process which is normally done in one place to another. As per the note it can be from your facility to a supplier, from one supplier to another, etc. In other words, it is in changing the original plan of where work will be done, and the requirements are that when you do this you have a process in place to ensure that the original conformity of the products or services is not maintained and risks are managed. When you are talking about sending a product out to be heat treated or plated as a regular function, this would fall under clause 8.4, Control of externally provided processes, products and services.
From your explanation it could be argued that this transfer of work is not applicable to you, but if you do choose to do this in the future you would need to plan the transfer and not just move work without assessing the risks.
Since the reason for this requirement is to ensure process validation is maintained when work is transferred, you can learn more on process validation in this article: What is process validation in AS9100 Rev D?, https://advisera.com/9100academy/blog/2017/10/02/what-is-process-validation-in-as9100-rev-d/ -
Statement of Applicability
We've received additional question:
>While I am waiting for your reply, I looked at the 27000 standard and para 6.1.3 C, D specifically requires to review all 114 control and include justification if we didn't use one. So does that mean that the declaration will include all the controls and for each ?
Answer:
Your assumption is correct. The Statement of Applicability must include all controls from Annex A, including justification for those considered applicable, their implementation status and the justification for those considered not applicable. -
Risk assessment approach
I’m ready to purchase the BCMS templates, but since the RA Toolkit is a separate product, I want to make sure that I find the right RA solution before I move forward with the ISO 22301 Toolkit.
Could you please let me know if your experts have any suggestions on alternative RA solutions? Or if they think the RA Toolkit can be edited to focus on processes rather than assets?
Answer:
The Risk Assessment Table and the Risk Treatment Table from our Risk Assessment Toolkit are based on the asset-vulnerability-threat methodology, but the columns related to assets, vulnerabilities and threats can be changed by a single column describing the risks in a process based approach. All other elements can be kept.
Please note that risk management documents are included in the ISO 22301 Toolkit , and you can take a look how this change would look like by seeing the free demo of our ISO 22301 Toolkit at this link: https://advisera.com/27001academy/iso22301-documentation-toolkit/
This article will provide you further explanation about alternative risk assessment approaches:
- ISO 31010: What to use instead of the asset-based approach for ISO 27001 risk identification https://advisera.com/27001academy/blog/2016/04/04/iso-31010-what-to-use-instead-of-the-asset-based-approach-for-iso-27001-risk-identification/ -
Record management
Answer:
In the toolkit there is a template for Incident log, located in folder 08 Annex A -Security Controls, subfolder A.16 Information Security Incident Management, defining which information must be recorded about information security incidents.
Regarding storage and management of such record, in the Incident Management Policy, located on the same folder, there is a section called "Managing records kept on the basis of this document", which defines the required information to record, store and manage about information related to information security incidents.
Please note that there are no other templates for records, and if you need a different record you will need to develop it based on guidelines from our procedure.
This article will provide you further explanation about record management:
- Records management in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/11/24/records-management-in-iso-27001-and-iso-22301/ -
Changes after an internal audit
If we make recommendation to change the process and forms used for their procurement process, will this affect their ISO status and require more audit by the ISO Auditor?
Answer
No, changes made after an internal audit do not affect ISO status nor require more audits by the certification body, unless those changes are very profound. Let me add that I, as a certification body auditor, see very positively a quality management system where changes are made after internal audits. For me that is a sign of a caring organization and caring internal auditor team.
The following material will provide you more information about internal audits:
Article - How to write a good ISO 9001 audit nonconformity? - https://advisera.com/9001academy/blog/2018/04/24/how-to-write-a-good-iso-9001-audit-nonconformity/
- Five Main Steps in ISO 9001 Internal Audit - https://advisera.com/9001academy/knowledgebase/five-main-steps-in-iso-9001-internal-audit/ ive-main-steps-in-iso-9001-internal-audit/
- Enroll for free course - ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-9001-lead-auditor-course/
- book – ISO Internal Audit: A Plain English Guide - https://advisera.com/books/iso-internal-audit-plain-english-guide/ -
Security and compliance
Answer:
ISO 27001 Internal Auditor is someone with competence to audit an ISMS against ISO 27001 so he/she can perform audits for his/her organization, while the ISO 27001 Lead Auditor is someone who has competency on auditing an ISMS against ISO 27001 requirements and is qualified to become a certification auditor (i.e., capable to work for a certification body).
These articles will provide you further explanation about personal certifications:
- Qualifications for an ISO 27001 Internal Auditor https://advisera.com/27001academy/blog/2015/03/30/qualifications-for-an-iso-27001-internal-auditor/
- ISO 27001 Internal Auditor training – Is it good for my career? https://advisera.com/27001academy/blog/2016/03/29/iso-27001-internal-auditor-training-is-it-good-for-my-career/
These materials will also help you regarding internal audit training:
- ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
- ISO 27001:2013 Internal Auditor Cour se https://advisera.com/training/iso-27001-internal-auditor-course/
- ISO 27001:2013 Lead Auditor Course https://advisera.com/training/iso-27001-lead-auditor-course/ -
A tool to perform a Gap Analysis
Answer
Performing a Gap Analysis is not mandatory but it is surely a great help.
The following material will provide you more information about the Gap Analysis:
Article - Should you use a gap analysis in your ISO 9001 implementation? - https://advisera.com/9001academy/17/use-gap-analysis-iso-9001-implementation/
- Free ISO 9001:2015 Gap Analysis Tool - https://advisera.com/9001academy/iso-9001-gap-analysis-tool/
- Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Annex A controls
Answer:
For information about Annex A controls I suggest you these references:
- Overview of ISO 27001:2013 Annex A https://advisera.com/27001academy/iso-27001-controls/
- Clause-by-clause explanation of ISO 27001 https://info.advisera.com/27001academy/free-download/clause-by-clause-explanation-of-iso-27001
- ISO 27001:2013 Foundations Course https://advisera.com/training/iso-27001-foundations-course/