Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11269 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Mandatory written procedures
Answer
There are no mandatory written procedures in ISO 9001:2015. Each organization should evaluate which practices will benefit from the existence of written procedures. Please check ISO 9001:2015 clause 4.4.2. It is up to each organization to evaluate “To the extent necessary” any need for SOP’s or other written procedures. Normally, that depends on people’s turnaround and tasks complexity.
The following materials will provide you more information about documenting a quality management system:
- List of mandatory documents required by ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/
- Free webinar – Overview of ISO 9001 implementation steps - https://advisera.com/9001academy/webinar/overview-of-iso-9001-implementation-steps-free-webinar-on-demand/
- Enroll for free in the course – ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
Book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Questions about risk assessment and treatment
This excerpt you presented fulfills correctly the fields in the risk assessment table, so if the rest of the matrix is filled similarly you can consider this table compliant with ISO 27001 requirements for the risk assessment process. -
Assets for risk assessment
I thought the starting of implementation ISO 27001 is to make risk assessment table. Even though I received the template, but not easy to fill out it. First, when I want to list up all information assets, I don’t know How to categorize assets. Macro level will be People, IT, Physical administrate. In template, People, Applications and databases, Documentation (in paper or electronic form) etc. but for example, in paper documents. There are too many documents, then do I have to list up one by one all documents? I am very difficult to categorize those. More over in IT area, how can I divide for each software, in hardware and application programs etc?
Answer:
ISO 27001 does not prescribe how to categorize assets, so you can adopt categories you believe that will better fulfill your needs. You can use the asset catalogue sheet included in your Risk Assessment Table template as a starting point (this catalogue will help you categorize individual assets.).
Some g eneral rules you can consider are:
- split assets in different categories when they require different levels of protection and different number of applicable controls
- use a category to refer to assets that can have the same level of protection and applied controls
For example, regarding documents, you do not need to list them one by one. You can have a single asset called "paper documents", or if it is necessary you can create specific assets like "contracts in paper form", or "blueprints in paper form", if you need to apply different controls on them.
The same idea applies to other assets. For example, for workstations, you can use categories related to their purpose. For example general workstation and development workstation, including detailed information of the quantity of each type.
This article will provide you further explanation about asset register:
- How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/ -
EU GDPR course certificate
Answer:
The certificate you receive is a proof that you have a working knowledge of all the GDPR requirements. It can be accepted in the USA or allover the world. -
Manual en ISO 9001:2015/política de calidad
Respuesta:
Efectivamente no se requiere de un manual de calidad, aunque eso no significa que la organización lo quiera seguir conservando porque lo considere útil ya que en muchas ocasiones se utiliza como una especie de guía de los distintos documentos del sistema de gestión. En cuanto a los aspectos de la organización, depende de qué "aspectos" se refiera. Por ejemplo, para la determinación del contexto de la organización, puede contar con un procedimiento (que no es obligatorio) donde se establezcan cómo se determinan las cuestiones internas y externas.
Para más información sobre los documentos obligatorios en ISO 9001:2015, puede ver el siguiente ar tículo - Lista de documentos obligatoris requeridos por la ISO 9001:2015: https://advisera.com/9001academy/pt-br/kit-de-documentacao-da-iso-9001/nowledgebase/lista-de-documentos-obligatorios-requeridos-por-la-iso-90012015/
Con respecto a la política de calidad - puede contarse con un documento que se llame Política de Calidad que cuente con los siguientes requisitos:
- que sea apropiada al propósito y contexto de la organización, y esté alineada con la dirección estratégica de la organización
- que proporcione un marco de referencia para los objetivos de calidad
- que contenga el compromiso de cumplir con los distintos requisitos de aplicación
- que contenga la mejora continua del SGC
Para más información sobre la política de calidad, puede ver el siguiente artículo - How does the ISO 9001:2015 revision affect the quality policy:
https://advisera.com/9001academy/blog/2018/04/10/how-does-the-iso-90012015-revision-affect-the-quality-policy/
Además estos materiales pueden ayudarle con la documentación de ISO 9001:2015
- Libro - Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Curso gratuito en línea - Curso de fundamentos de la norma ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/
https://advisera.com/training/iso-9001-foundations-course/ -
Project Plan in ISO 14001 toolkit
Response:
We do have included in our ISO 14001 toolkit a Project Plan. You can check it here and download a free preview: https://advisera.com/14001academy/iso-14001-documentation-toolkit/
You can also download for free a Project Plan for ISO 14001 here: https://info.advisera.com/14001academy/free-download/project-plan-for-iso-14001-implementation-ms-word This template help companies to manage all aspects of the project of ISO 14001 implementation, although this is a non mandatory document, we recommend to write it.
For more information about the Project Plan in ISO 14001:2015, see the following materials:
- Book - The ISO 14001:2015 companion: https://advisera.com/books/the-iso-14001-2015-companion/
- Free on-line training – ISO 14001:2015 Foundations: https://advisera.com/training/iso-14001-internal-auditor-course/ -
Acciones susceptibles de producir impactos
Respuesta:
No existe tal definición de "acciones susceptibles de producir impactos" dentro de la ISO 14001. Se trata de un concepto mayormente empleado en las evaluaciones de impacto ambiental y son las actividades, operaciones, procedimientos, aspectos, elementos, etc. de un proyecto que se relacionan de alguna forma con el medio ambiente, y que por lo tanto, producirán de manera directa o indirecta, cambios (impactos) en el entorno.
Dentro de los requisitos de ISO 14001:2015 la organización debe de determinar los aspectos ambientales significativos, es decir aquellos que generan un mayor IMPACTO en el medio ambiente conforme a unos criterios establecidos por la propia organización (por ejemplo frecuencia de ocurrencia de un aspecto ambiental, etc) . Este impacto es el cambio que se produce en el medio ambiente, ya sea adverso o beneficioso, y resulta del aspecto ambiental asociado a una actividad o proceso.
Para más información sobre los aspectos ambientales y los impactos en ISO 14001:2015, puede ver los siguientes materiales:
- Artículo - Environmental aspect identification
and classification: https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/environmental-aspect-identification-and-classification/
- Artículo - Catalogue of environmental aspects: https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/catalogue-of-environmental-aspects/
- Libro - The ISO 14001:2015 companion: https://advisera.com/books/the-iso-14001-2015-companion/
- Curso gratuito en línea - Curso fundamentos ISO 14001:2015: https://advisera.com/training/es/course/curso-fundamentos-iso-14001/ -
ISO 17025 and ISO 9001
Answer
You cannot say that one is superior than the other, because they are different. ISO 9001:2015 is applicable to all types of companies in all industries, whereas ISO 17025:2015 is only applicable to testing and calibration laboratories. If your organization is a testing and calibration laboratory ISO 17025 is a requirement.
The following material will provide you more information about the difference between both standards:
ISO 17025 vs. ISO 9001 – Main differences and similarities - https://advisera.com/17025academy/blog/2019/07/11/iso-17025-vs-iso-9001-main-differences-and-similarities//
What is ISO 17025? - https://advisera.com/17025academy/what-is-iso-17025/
Diagram of ISO 17025 Implementation Process - https://info.advisera.com/17025academy/free-download/diagram-of-iso-17025-implementation-process
Free webinar on demand - Overview of ISO 9001 implementation steps - https://advisera.com/9001academy/webinar/overview-of-iso-9001-implementation-steps-free-webinar-on-demand/ ementation-steps-free-webinar-on-demand/
You can minimize implementation time with our ISO 9001:2015 Documentation Toolkit - https://advisera.com/9001academy/iso-9001-documentation-toolkit/
You can enroll for free in this course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
You can enroll for free in this course - ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-9001-internal-auditor-course/
- book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Preparing for a QMS implementation
Thank you so much for the best recommendation. Currently I'm on going with the Foundation Course. -
Spreading a set of internal audits all over the year
Answer
Yes, the whole system can be audited through a set of internal audits spread all over the year. And for internal auditors with lack of experience that is a great help because they can focus their preparation, performance and reporting on a focused audit scope.
The following material will provide you more information about internal audits:
What is the ISO 9001 audit program, and how does it work? - https://advisera.com/9001academy/blog/2017/01/24/what-is-the-iso-9001-audit-program-and-how-does-it-work/
Enroll for free in the course - ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-9001-internal-auditor-course/
Free webinar on demand - How to perform an ISO 9001:2015 internal audit - https://advisera.com/9001academy/webinar/how-to-perform-an-iso-9001-2015-internal-audit-free-webinar-on-demand/
- book – Discover ISO 90 01:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/