Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11270 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
ISo 45001 Clause 4.1 & 4.2
Answer:
Clause 4 of Iso 45001:2018 is all about understanding the context of your organization, or in other words what affects your company so that you can determine where and how the rules and polices will be applied. Clause 4.1 asks you to determine internal and external issues that affect your OHSMS, so what issues affect your you ensure a safe workplace. Internal issues could include the level of safety culture within your company and industry. External issues could include a push in your industry to eliminate a certain hazardous chemical, or the issue that a supplier will stop making a product that you use which is the safest product available and needs to be replaced with a more hazardous one.
Clause 4.2 asks you to understand who is interested in your OHSMS and what their needs and expectations are. While workers are identified as interested parties and have the expectation that they will not suffer injury or ill health at work, there are other interested parties who will have needs to be fulfilled. This could include government agencies that have laws in place related to your workplace OH&S,
For a better understanding of interested parties in ISO 45001, see the article: Determining interested parties according to ISO 45001, https://advisera.com/45001academy/blog/2018/03/14/determining-interested-parties-according-to-iso-45001/ -
Comparing environmental performance
Answer:
If both companies are ISO 14001 certified, we can expect that at least both companies comply with environmental legislation and regulation.
If you want to compare their environmental performance, you can ask them their environmental objectives and main indicators and a list of their most relevant environmental impacts. Two companies can comply with the same legislation and yet have very different environmental performances.
Even if those companies are not based in Europe, you can ask them if they have any study or report about their own situation against Best Available Techniques (BAT) in their industry.
There is no requirement in ISO 14001:2015 that states that companies should share that information with interested parties. Your company, as a potential customer can re quest that information and hope for their openness.
The following material will provide you more information about environmental performance:
Article - Environmental performance evaluation - https://advisera.com/14001academy/blog/2015/07/06/environmental-performance-evaluation/
- 4 steps in identification and evaluation of environmental aspects - https://advisera.com/14001academy/knowledgebase/4-steps-in-identification-and-evaluation-of-environmental-aspects/
Environmental aspect identification and classification - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/environmental-aspect-identification-and-classification/
Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/ -
Documents for IATF audit
Answer:
When it comes to IATF audit, the same documents are needed for Die mold shop as for any other audit.
To see a list of mandatory documents for an IATF audit, please read the article:
List of mandatory documents required by IATF 16949:2016
https://advisera.com/16949academy/knowledgebase/list-of-mandatory-documents-required-by-iatf-16949-2016/
Examples of documents that can be used are checklists, production plans, and PPAP, control plans (SPC and APQP), risk analysis (FMEA), records of Measurement system analysis (MSA), preventive and predictive maintenance and similar.
For more about IATF 16949:2016 internal audit, please read article:
IATF 16949 audit types how they affect process improvement
https://advisera.com/16949academy/blog/2017/11/01/iatf-16949-audit-types-how-they-affect-process-improvement/ -
Starting as QMS implementation consultant
Answer:
If you want to become an ISO 9001 implementer it is important that you acquire two competencies:
Learn about ISO 9001:2015, the reference standard to develop a quality management system;
Learn about good implementation practices.
The following materials will provide you more information and help you in becoming an ISO 9001:2015 implementer:
- Article – What is ISO 9001? - https://advisera.com/9001academy/what-is-iso-9001/
- Should you use a gap analysis in your ISO 9001 implementation? - https://advisera.com/9001academy/17/use-gap-analysis-iso-9001-implementation/
- ISO 9001 Implementation diagram - Download a complimentary checklist (PDF) - https://info.advisera.com/9001academy/free-download/iso-9001-implementation-diagram
- Clause-by-clause explanation of ISO 9001:2015 - Download a complimentary white paper (PDF) - https://info.advisera.com/9001academy/free-download/clause-by-clause-explanation-of-iso-90012015"
- Free webinar – Overview of ISO 9001 implementation steps - https://advisera.com/9001academy/webinar/overview-of-iso-9001-implementation-steps-free-webinar-on-demand/
- Enroll for free in the course – ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- Enroll for free in the course - ISO 9001:2015 Lead Implementer Course - https://advisera.com/training/iso-9001-lead-implementer-course/
- If you need help or want to develop documentation faster, check - ISO 9001:2015 Documentation Toolkit - https://advisera.com/9001academy/iso-9001-documentation-toolkit/
- Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
ISO 27001 and third party data risk
Answer:
ISO 27001 can be used to prevent third party data risk by means of:
- Identification of relevant data risks imposed by third parties with access to information
- Definition of proper treatment options and controls to reduce risks to acceptable levels
- Establishment of contracts or legal agreements including clauses to enforce the application of previously defined controls (for third-parties authorized to access information assets)
These articles will provide you further explanation about preventing third party data risk:
- 6-step process for handling supplier security according to ISO 27001 https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/
- Which security clauses to use for supplier agreements? https://advisera.com/27001academy/blog/2017/06/19/which-security-clauses-to-use-for-supplier-agreements/
- What to consider in security terms and conditions for employees according to ISO 27001 https://advisera.com/27001academy/blog/2018/05/23/what-to-consider-in-security-terms-and-conditions-for-employees-according-to-iso-27001/
This last article also covers conditions for third-parties working for the organization. -
Procedure for commercial activities
Answer:
ISO 9001:2015 has no mandatory procedures. Please check clause 4.4.2 a). It is up to each organization to decide which procedures are needed to support operations.
Most organizations decide to develop procedures to describe how processes should be performed, and work instructions to describe how specific activities should be done.
A commercial procedure could be one that describes how requests for quotation are received, treated and proposals elaborated, approved, sent, negotiated until an agreement is reached.
The following material will provide you more information about commercial activities:
Article - List of mandatory documents required by ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/
ISO 9001 document template: Sales Procedure - https://advisera.com/9001academy/documentation/sales-procedure/
[free course] ISO 9001:2015 Foundations Course - https://train ing.advisera.com/course/iso-90012015-foundations-course/
- book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Not following the PDCA cycle?
Answer:
The PDCA cycle is embedded in the way ISO 14001 was written. If someone does not follow the PDCA cycle it will, most likely, be inefficient and ineffective.
Following the PDCA cycle is a way of trying to avoid a situation where something not needed is done. The PDCA cycle help us start by where action is needed. If an organization does not follow the PDCA cycle it can do a lot of work, use precious resources, and getting progress in areas where there is no priority for change.
Following the PDCA cycle is a way of promoting continuous improvement because the end of a cycle can be the start of the next one.
The following material will provide you more information about the PDCA cycle:
Article - Plan-Do-Check-Act in the ISO 14001 standard - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/plan-do-check-act-in-the-iso-14001-standard/
Enroll for free in this course – ISO 14001:2015 Foundations Course - https://training.adviser a.com/course/iso-14001-foundations-course/
Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/ -
Scope statement detail
Answer:
First, you can go to an internet search engine and look for "environmental management system certificate textile" or “environmental management system certificate knit garments" to see several real life examples of environmental management systems’ certificates stating their scope.
You can see that some are very general "manufacturing of garments" and others are very detailed.
Second, your proposal goes into the more detailed field and I believe there is no problem with that.
By the way if your organization has more than one location, some certification bodies require to identify the applicable location in the scope statement.
The following material will provide you more information about scope:
Article - How to determine the scope of the EMS according to ISO 14001:2015 - https://advisera.com/14001academy/blog/2016/02/01/how-to-determine-the-scope-of-the-ems-according-to-iso-140012015/
Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/ -
Supplier evaluation
Answer:
For supplier evaluation I suggest you to take a look at these free demos to verify if they can fulfill your needs:
- Procedure for Purchasing and Evaluation of Suppliers https://advisera.com/9001academy/documentation/procedure-purchasing-evaluation-suppliers/
- Checklist for Evaluation of Suppliers https://advisera.com/9001academy/documentation/appendix-1-checklist-evaluation-suppliers/
Although these templates were created for a Quality Management System, they also can be used for an ISO 27001 ISMS, but please note that ISO 9001 supplier evaluation does not cover information security aspects. For that I suggest you work these templates together with the Supplier Security Policy and Security Clauses for Suppliers and Partners, included in your toolkit on folder 08 Annex A Security Controls A.15 Supplier Relationships
These articles will provide you further explanation about supplier evaluation:
- How to evaluate supplier perfor mance according to ISO 9001:2015 https://advisera.com/9001academy/blog/2015/10/27/how-to-evaluate-supplier-performance-according-to-iso-90012015/
- Which security clauses to use for supplier agreements? https://advisera.com/27001academy/blog/2017/06/19/which-security-clauses-to-use-for-supplier-agreements/ -
PCI QSA certification and ISO 27001 LA course
We received this question:
>The response does not answer my question. The PCI QSA requirements stipulate that, in order to qualify for QSA, a candidate must hold certifications from each of two lists: a list of security certifications and a list of auditor certifications. The list of auditor certifications includes ISO 27001 Lead Auditor.
>Would taking this course and passing the exam satisfy the requirement for an auditor certification as stipulated by the PCI QSA prerequisites?
Answer:
First of all, sorry for this misunderstanding.
Our ISO 27001 Lead Auditor course is accredited by Exemplar Global (formerly known as RABQSA), so once approved in the final exam the issued ISO 27001 Lead Auditor certificate can be used to fulfill the related prerequisite to your path to become PCI QSA.