Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11272 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Major and minor nonconformities
I would like to know if the definition of major and minor non-compliance presented in the article below is based on any normative reference? https://advisera.com/27001academy/pt-br/blog/2014/06/04/nao-conformidades-maiores-vs-menores-na-auditoria-de-certificacao/
Answer:
A definição de não conformidade maior e menor apresentada neste artigo é baseada nas melhores práticas usadas pelos organismos de certificação para os auditores de certificação. A ISO 17021, a norma ISO para órgãos que fornecem auditoria e certificação de sistemas de gestão, declara que uma não conformidade deverá ser classificada. Observe que essa classificação não é obrigatória para auditorias internas (na maioria das vezes essa classificação não é necessária para auditorias internas).
The definition of major and minor non-compliance prese nted in this article are based on best practice used by certification bodies for certification auditors. ISO 17021, the ISO standard for bodies providing audit and certification of management systems, states that a non-compliance shall be classified. Please note that this grading is not mandatory for internal audits (most often such grading is not necessary for internal audits). -
Risk, opportunities and non-conforming product
Answer:
Risks and opportunities are deviations from the expected due to uncertainty.
When dealing with non-conforming outputs we expect to treat them correctly, avoid unintended use and learn with them.
What kind of positive and negative deviations can you determine around non-conforming outputs in your organization?
Examples of risks can be:
* Failure to identify non-conforming outputs;
* Wrongly classifying conforming outputs as non-conforming;
* Disposal of non-conforming outputs that could be corrected.
Examples of opportunities can be:
* Downgrade non-conforming outputs and sell them instead of their disposal;
* Use non-conforming outputs as raw material for a high margin product.
The following material will provide you more information about risks and opportunities:
Article - How to address risks and opportunities in ISO 9001 - https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
- Free webinar - How to implement risk management in ISO 9001:2015 - https://advisera.com/9001academy/webinar/how-to-implement-risk-management-in-iso-90012015-free-webinar/
- Free online training - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- Book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Who is a supplier?
Answer:
According to ISO 9000:2015, a supplier is an organization that provides a product or a service. There is no reference to the level of control.
The fact is that your organization uses a service provided. Although your organization has no control over the National service, it is interested in its performance. Imagine that the weather data is wrong or always late, your software’s clients may become unsatisfied.
The following material will provide you more information about supplier evaluation:
- How to evaluate supplier performance according to ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/10/27/how-to-evaluate-supplier-performance-according-to-iso-90012015/
- Free online training - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- Book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
2. Can "Turtles" replace a procedure?
Answer:
“Turtles” can replace a procedure. There is no ISO definition of what is a procedure. So, any solution useful for a particular organization is welcomed. -
Applicable for GDPR?
Answer:
Probably one of the most important changes, the GDPR will enjoy extended applicability affecting entities not established in the EU. Of course, some conditions must be met for the extraterritoriality to be applicable. The EU GDPR will apply to the processing of personal data of EU data subjects, regardless of whether the processing activities take place in the EU or not. The EU GDPR is also applicable to entities established outside the EU if they offer goods or services to individuals in the Union, or if they monitor the behavior of individuals in the Union (i.e., profiling activities, tracking individuals’ activities on the internet, etc.).
The key to understanding when EU GDPR is applicable is understanding the meaning of “in the Union.” The EU GDPR will only apply to personal data regarding individuals within the Union, while the nationality or habitual residence of those individuals is irrelevant. For example, a company based in the EU which is processing the data of Japanese individuals located in Japan will still need to comply with the EU GDPR. Conseque ntly, the Japanese individuals will be benefiting from all rights according to the EU GDPR, even if these rights do not exist in their own nation’s laws.
When the data of EU citizens is processed outside of the EU by companies which are also outside the EU, then this is not considered to be “in the Union”. For example, the EU GDPR will not be applicable for a school which is based in the United States just because there is a possibility that one or several of its students would be EU citizens. In this case, the processing does not take place “in the Union,” nor is the individual “in the Union”.
If you want to find out more about the extraterritorial reach of the EU GDPR check out this EU GDPR Foundations Course (https://advisera.com/training/eu-gdpr-foundations-course//). -
Implementing ISMS in other Business Dept.
Answer:
You must approach a scope extension as if it was a new implementation project (the steps are basically the same). The difference is that as a scope extension you have to assess how this inclusion will affect your current scope. For example, how you will handle access of the personnel of the new part of the scope to the current one? Access levels will be the same or will have to be updated? Since this new scope will include paper assets, how this will affect you information classification policy?
This article will provide you further explanation about ISO 27100 implementation:
- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
These materials will also help you regarding ISO 27100 implementation:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/ -
Requirements and benefits of ISO 9001
Answer
For such a generic question I can only give a generic answer in this space.
The following material will provide you information about ISO 9001 requirements and benefits of a quality management implementation:
ISO 9001 Requirements and Structure - https://advisera.com/9001academy/knowledgebase/iso-9001-requirements-and-structure/
White paper - Clause-by-clause explanation of ISO 9001:2015 - https://info.advisera.com/9001academy/free-download/clause-by-clause-explanation-of-iso-90012015
Six Key Benefits of ISO 9001 Implementation - https://advisera.com/9001academy/knowledgebase/six-key-benefits-of-iso-9001-implementation/
- Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
ISO and IEC
Answer:
Although largely known as ISO 27001, to refer to the Standard only as ISO 27001 is inaccurate.
The full official name of this standard is ISO/IEC 27001:2013, because this standard was developed by a joint technical committee (ISO/IEC JTC 1) formed by these two organizations.
The participation of IEC in the development of this standard helps ensure that its content is aligned with standards developed by IEC without participation of ISO personnel, such as IEC 62351 Power System Control and Associated Communications – Data and Communication Security.
Additionally, not using the official name can lead people not used to ISO documents to the misinterpretation that there are more than one 27001 standard, which is not true. -
Examples of positive issues
yacht rental praslin -
Using a designated hold location for defective product
Answer
Please check ISO 9001:2015 clause 8.7 b). Segregation is one of the possible ways of dealing with a defective product. Sometimes physical segregation to a designated hold area is not possible, for example, the defective product is very big or there is not enough space for a hold location. So, segregation in a designated hold location is not mandatory. What is mandatory is to avoid the unintended use of defective products. For example, sometimes a red label is the way used to warn about product status.
The following material will provide you more information about dealing with defective product:
Five Steps for ISO 9001 Nonconforming Products - https://advisera.com/9001academy/blog/2014/01/13/five-steps-iso-9001-nonconforming-products/
- Enroll for free course - ISO 9001:2015 Foundations Course - https://training.a dvisera.com/course/iso-90012015-foundations-course/
- book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Primeros pasos en la implementación
Respuesta:
Lo primero que debe de hacer es contar con el apoyo de la dirección de la organización, que será clave durante la implementación de ISO 9001:2015, también para proporcionar los recursos necesarios.
Después lo que puede hacer es un análisis GAP o de brecha, que le va a ayudar a identificar aquellos requisitos que ya cumple y los que le debe aún cumplir. Aquí puede llevar a cabo el análisis de forma gratuita: https://advisera.com/9001academy/iso-9001-gap-analysis-tool/
Luego debe conocer cada una de las cláusulas con las que tiene que cumplir para poder llevar a cabo el proyecto de implementación de ISO 9001. En este white paper puede encontrar información resumida sobre cada una de ellas - Clause by clause explanation of ISO 9001: https://info.advisera.com/9001academy/free-download/clause-by-clause-explanation-of-iso-90012015
Posteriormente puede escribir un plan de proyecto en el que de signa responsabilidades, define la documentación que va a escribirse, los plazos etc. En este enlace puede descargarse una plantilla - Plan de Proyecto para la implementación de ISO 9001:https://info.advisera.com/9001academy/es/descarga-gratuita/plan-de-proyecto-para-la-implementacion-de-iso-9001-ms-word
Luego ya podría empezar con la implementación de la norma: la definición de la política de calidad, los objetivos de calidad y planes para llevarlos a cabo, el contexto de la organización y sus partes interesadas, el alcance del SGC, etc...hasta llegar a la auditoría interna y la revisión por la dirección, que sería el paso previo para certificarse. En este enlace puede descargarse un checklist para la implementación de la norma - Porject checklist for ISO 9001:2015: https://info.advisera.com/9001academy/free-download/project-checklist-for-iso-9001-2015-implementation
Estos materiales pueden ayudarle con la implementación de ISO 9001:2015:
- Libro – Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Formación gratuita en línea – Fundamentos de ISO 9001:2015 : https://advisera.com/es/formacion/curso-fundamentos-iso-9001/