Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11272 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Start an auditing or consulting career
Answer:
First, you must know and formalize your knowledge of ISO 9001:2015.
Second, you must know good auditing practices.
Third, you must have experience doing internal audits.
Fourth, you must have training to be a lead auditor.
Fifth, you should contact a certification body and ask how you can apply to become a Lead Auditor.
2.What suits me better taking the path of consulting or being an auditor?
Answer:
Either path that you take does not invalidate the other. I believe it even enhances the ability of an auditor to have the experience of a consultant and vice versa. So, you can start as a consultant and internal auditor and then become also lead auditor for one or more certification bodies.
The following material will provide you more information about starting an audit and a consulting career:
How to get new clients for your ISO 9001 consultancy - https://advisera.com/9001academy/blog/2019/03/05/how-to-get-new-clients-for-your-iso-9001-consultancy/
Free webinar on demand – How to sell ISO consulting services - https://advisera.com/9001academy/webinar/how-to-sell-iso-consulting-services-free-webinar-on-demand/
Enroll for free - ISO 9001:2015 Lead Implementer Course - https://advisera.com/training/iso-9001-lead-implementer-course/
Enroll for free - ISO 9001:2015 Internal Auditor Course – https://advisera.com/training/iso-9001-internal-auditor-course/
Enroll for free - ISO 9001:2015 Internal Auditor Course – https://advisera.com/training/iso-9001-lead-auditor-course/
- book – ISO Internal Audit: A Plain English Guide – https://advisera.com/books/iso-internal-audit-plain-english-guide/ -
Starting a firm providing consultancy services
Answer
You should start by getting clients and projects to ensure a stream of revenue. To win clients and start building a net of contacts and relationships start a blog, participate in conferences, publish technical papers, work as subcontractor for bigger companies.
The following material will provide you more information about starting a consultancy business:
How to get new clients for your ISO 9001 consultancy - https://advisera.com/9001academy/blog/2019/03/05/how-to-get-new-clients-for-your-iso-9001-consultancy/
Free webinar on demand – How to sell ISO consulting services - https://advisera.com/9001academy/webinar/how-to-sell-iso-consulting-services-free-webinar-on-demand/
Enroll for free - ISO 9001:2015 Lead Implementer Course - https://advisera.com/training/iso-9001-lead-implementer-course/
- book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Access control policy
Where inside the document: Chapter 3.1 Introduction (first paragraph of the chapter)
What’s my question: The last sentence of the paragraph says: "There should be a procedure for registering users for each system and service.“ It doesn’t sound like a „must“. In that chase the person who is in charge of me says: if it’s not a fact we HAVE to do we won’t do it (and I should delete the passage out of the paragraph). On the other hand this sentence expresses control A.9.2.1 which we definitely need to fulfill. What would the implementation of this sentence look like in general?
Answer:
The fact that this paragraph says "should" and not "must" is because if an organization has too much systems in the ISMS scope, implementing procedures for all of them would be unpractical.
For arguments like the one you suggested, you can perform a risk analysis for specific systems to evaluate the risk of not having a registering procedure for that system. You can either change text of the Access control policy for something like this: "Procedure for registering users for each system and service must be considered based on risks related to each system and service."
For additional information about which documents to develop, please read:
- 8 criteria to decide which ISO 27001 policies and procedures to write https://advisera.com/27001academy/blog/2014/07/28/8-criteria-to-decide-which-iso-27001-policies-and-procedures-to-write/ -
Mandatory clauses
1. Risk Assessment and
2. Annexure controls
I still have some doubts on how should I read and understand the mandatory clauses. Do you have some video or book that gives examples of the use for mandatory clauses?
Answer:
Regarding video, I suggest you our "Free online training ISO 27001 Foundations Course" (https://advisera.com/training/iso-27001-foundations-course/) for a general understanding of the standard clauses.
Regarding specific clauses, our site provides several blogs about how to apply them. General guidance for you would be:
- Clause-by-clause explanation of ISO 27001 https://info.advisera.com/27001academy/free-download/clause-by-clause-explanation-of-iso-27001
- Step-by-step explanation of ISO 27001 risk management https://info.advisera.com/27001academy/free-download/step-by-step-explanation-of-iso-27001-risk-management
For each clause there are suggested articles you can read for further information. -
Certification holder
Answer:
If this customer is legally a branch of the larger company you can have the larger company on the certificate. On the other hand, if these organizations are legally separated companies you cannot define the larger company to be the certification holder. The whole point is the legal relation between these organizations. -
Sharing information with customer
Answer:
The laboratory should communicate the result, the identification of method used (code, for example), the identification of any calibrated standards used and if the method is within the scope of the accreditation. -
Employees, KPI and scope
Answer:
The requirements of your EMS apply whenever those employees are working under the scope of your EMS. ISO 14001:2015 clause 7.2 a) is not about employees, is about person(s) doing work under the control of the organization. For example, consider a major maintenance intervention in a factory, employees from subcontractors should comply with company requirements (safety and environment).
2. And, we rent several offices in a large facility external to our site, essentially the rent covers all costs for utilities and waste disposal etc. Does this agreement negate our obligatory responsibilities in regard to waste disposal and tracking energy usage (this is something our group specifies as a KPI)?
Answer:
Is that facility included in your EMS scope? Have your organization any control about what is goin g on inside those offices?
If the answer is “no” to any of these two questions, I do not believe your organization is negating obligatory responsibilities.
The following material will provide you more information about an EMS scope:
How to determine the scope of the EMS according to ISO 14001:2015 - https://advisera.com/14001academy/blog/2016/02/01/how-to-determine-the-scope-of-the-ems-according-to-iso-140012015/
Free online training – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/ -
Documents within the Quality Manual Handbook
Answer:
According to the ISO 13485 Standard, the quality manual must have your documents within it or you must make a reference to the documents applicable to your QMS.
Your final decision should take a few things into consideration:
Deciding to include all of your documents within the manual, you want to ensure every time a document is revised, updated, and/or expired that the quality manual is also updated to ensure there are no inconsistencies in your documents. Pros: Creates a centralized location where staff can always find documents related to your QMS. Cons: Any inconsistencies with documents within the Quality Manual could result in a nonconformance. Also the size of the quality manual grows resulting in longer review time, approval time and training by employees.
Providing a reference to your documents could be accomplished by including a list of document names and numbers. Pros: A list of document names a nd numbers covers future revision changes. Also prevents staff from having to sort through information not relevant to their job duties.Cons: Updates to a reference of documents would still include document retirement, new documents issued, title changes or number scheme changes.
The key here is to determine what will work best for your Quality Management System.
For more information, please read articles:
How to structure Quality Management System documentation according to ISO 13485
https://advisera.com/13485academy/knowledgebase/how-to-structure-quality-management-system-documentation-according-to-iso-13485/
How to manage the Quality Manual according to ISO 13485:2016 requirements
https://advisera.com/13485academy/knowledgebase/how-to-manage-the-quality-manual-according-to-iso-13485-requirements/ -
Becoming an ISO auditor
Answer
First, you must know ISO 9001:2015.
Second, you must know good auditing practices.
Third, you must have experience doing internal audits.
Fourth, you must have training to be a lead auditor.
Fifth, contact a certification body and ask how you can apply to become a Lead Auditor.
The following material will provide you more information:
ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-9001-internal-auditor-course/
ISO 9001:2015 Lead Auditor Course - https://advisera.com/training/iso-9001-lead-auditor-course/
- book – ISO Internal Audit: A Plain English Guide - https://advisera.com/books/iso-internal-audit-plain-english-guide/ -
Implementing documentation
Answer
Start with determining your documentation hierarchy. Then, define templates for each type of IMS document. Then, for each type of IMS document determine which particular documents will be needed. Then, identify who can/must help you writing those particular documents and design a timetable with them.
The following material will provide you more information documentation:
How to structure quality management system documentation- https://advisera.com/9001academy/knowledgebase/how-to-structure-quality-management-system-documentation/
List of mandatory documents required by ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/
- Enroll for free course - ISO 9001:2015 Foundations Course - https:// /course/iso-90012015-foundations-course/
- book – Managing ISO Documentation: A Plain English Guide - https://advisera.com/books/managing-iso-documentation-plain-english-guide/