Search results

Home / Search

Category:
Select
Select

11272 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • ISO 20k risk management process for BCMS

    Am I able to use this same risk document for BCMS?

    Answer:

    If you consider a BCMS based on ISO 22301 you can use the same risk document based on ISO 20k. You only have to make adjustments to fulfill specific requirements from ISO 22301. For example for a BCMS you have to consider risks that can cause disruption on business services and process in a general manner (i.e., not only related to IT related services)

    This article is a little bit off-topic, but can provide you a view of the concept: https://advisera.com/27001academy/blog/2013/03/11/can-iso-27001-risk-assessment-be-used-for-iso-22301/

  • System/App Retirement & Decommissioning

    Great answer; thanks.

  • What is the role of the process owner?


    Answer:

    A Process Owner is a person who is given the responsibility and authority for managing a particular process. A process owner is responsible for the design of the process, how it is carried out, how it interacts with other processes, and how it is measured. Process owner identifies process documentation and training requirements, identifies risks and opportunities with the current process. Of course, this responsibility is an ongoing task.

    For more information on the process approach, you can see the following article. This article is written for ISO 9001, but the process approach described is also fully applicable for ISO 13485.
    ISO 9001: The importance of the process approach https://advisera.com/9001academy/blog/2015/12/01/iso-9001-the-importance-of-the-process-approach/

  • IATF 16949 implementation guideline


    Answer:

    First, you can read our article that will provide you with the basic information on IATF 16949:
    What is IATF 16949
    https://advisera.com/16949academy/what-is-iatf-16949/

    Then, you can check what you have already implemented in your organization. Here is an article that will help you with that:
    Checklist of IATF 16949:2016 Implementation Steps
    https://advisera.com/16949academy/knowledgebase/checklist-of-iatf-16949-2016-implementation-steps/

    Next step would be getting familiar with IATF Core tools. You can do that by reading the following article: What are the five core tools of IATF 16949
    https://advisera.com/16949academy/blog/2017/08/23/what-are-the-five-core-tools-of-iatf-16949/

    For more about IATF 16949, I would recommend reading our blog posts on our IATF 16949 Blog that seem interesting to you and your business case in the production department:
    https://advisera.com/16949academy/blog/

    In out IATF 16949:2016 Documentation Toolkit you can find all the required document templates: https://advisera.com/16949academy/iatf-16949-2016-documentation-toolkit/

  • Product recall requirements and Drinking water standard in Cambodia

    Answer:

    There is an ASEAN medical device directive where, in Article 12 and Annex 5, is described product recall process. You can find this directive on the following link: https://asean.org/book/asean-medical-device-directive/

    I have found that there is Drinking water standard in Cambodia on the following links:
    Drinking Water Quality Standards https://rdic.org/wp-content/uploads/2014/12/MIME-Drinking-Water-Quality-Standards-2004-en.pdf, Drinking Water Standard https://www.wepa-db.net/policies/law/cambodia/07.htm

  • AS9100 Transfer of work

    Is it a viable statement to say that “Control of Work Transfers” is not applicable to our situation?"

    Answer:
    Transfer of work, as mentioned in clause 8.1, is referring to moving a process which is normally done in one place to another. As per the note it can be from your facility to a supplier, from one supplier to another, etc. In other words, it is in changing the original plan of where work will be done, and the requirements are that when you do this you have a process in place to ensure that the original conformity of the products or services is not maintained and risks are managed. When you are talking about sending a product out to be heat treated or plated as a regular function, this would fall under clause 8.4, Control of externally provided processes, products and services.
    From your explanation it could be argued that this transfer of work is not applicable to you, but if you do choose to do this in the future you would need to plan the transfer and not just move work without assessing the risks.
    Since the reason for this requirement is to ensure process validation is maintained when work is transferred, you can learn more on process validation in this article: What is process validation in AS9100 Rev D?, https://advisera.com/9100academy/blog/2017/10/02/what-is-process-validation-in-as9100-rev-d/

  • Statement of Applicability

    We've received additional question:

    >While I am waiting for your reply, I looked at the 27000 standard and para 6.1.3 C, D specifically requires to review all 114 control and include justification if we didn't use one. So does that mean that the declaration will include all the controls and for each ?

    Answer:

    Your assumption is correct. The Statement of Applicability must include all controls from Annex A, including justification for those considered applicable, their implementation status and the justification for those considered not applicable.

  • Risk assessment approach

    I’m ready to purchase the BCMS templates, but since the RA Toolkit is a separate product, I want to make sure that I find the right RA solution before I move forward with the ISO 22301 Toolkit.
    Could you please let me know if your experts have any suggestions on alternative RA solutions? Or if they think the RA Toolkit can be edited to focus on processes rather than assets?

    Answer:

    The Risk Assessment Table and the Risk Treatment Table from our Risk Assessment Toolkit are based on the asset-vulnerability-threat methodology, but the columns related to assets, vulnerabilities and threats can be changed by a single column describing the risks in a process based approach. All other elements can be kept.

    Please note that risk management documents are included in the ISO 22301 Toolkit , and you can take a look how this change would look like by seeing the free demo of our ISO 22301 Toolkit at this link: https://advisera.com/27001academy/iso22301-documentation-toolkit/

    This article will provide you further explanation about alternative risk assessment approaches:

    - ISO 31010: What to use instead of the asset-based approach for ISO 27001 risk identification https://advisera.com/27001academy/blog/2016/04/04/iso-31010-what-to-use-instead-of-the-asset-based-approach-for-iso-27001-risk-identification/

  • Record management


    Answer:

    In the toolkit there is a template for Incident log, located in folder 08 Annex A -Security Controls, subfolder A.16 Information Security Incident Management, defining which information must be recorded about information security incidents.

    Regarding storage and management of such record, in the Incident Management Policy, located on the same folder, there is a section called "Managing records kept on the basis of this document", which defines the required information to record, store and manage about information related to information security incidents.

    Please note that there are no other templates for records, and if you need a different record you will need to develop it based on guidelines from our procedure.

    This article will provide you further explanation about record management:
    - Records management in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/11/24/records-management-in-iso-27001-and-iso-22301/

  • Changes after an internal audit

    If we make recommendation to change the process and forms used for their procurement process, will this affect their ISO status and require more audit by the ISO Auditor?

    Answer
    No, changes made after an internal audit do not affect ISO status nor require more audits by the certification body, unless those changes are very profound. Let me add that I, as a certification body auditor, see very positively a quality management system where changes are made after internal audits. For me that is a sign of a caring organization and caring internal auditor team.

    The following material will provide you more information about internal audits:
    Article - How to write a good ISO 9001 audit nonconformity? - https://advisera.com/9001academy/blog/2018/04/24/how-to-write-a-good-iso-9001-audit-nonconformity/
    - Five Main Steps in ISO 9001 Internal Audit - https://advisera.com/9001academy/knowledgebase/five-main-steps-in-iso-9001-internal-audit/ ive-main-steps-in-iso-9001-internal-audit/
    - Enroll for free course - ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-9001-lead-auditor-course/
    - book – ISO Internal Audit: A Plain English Guide - https://advisera.com/books/iso-internal-audit-plain-english-guide/
Page 521-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +