Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11269 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Comparing environmental performance
Answer:
If both companies are ISO 14001 certified, we can expect that at least both companies comply with environmental legislation and regulation.
If you want to compare their environmental performance, you can ask them their environmental objectives and main indicators and a list of their most relevant environmental impacts. Two companies can comply with the same legislation and yet have very different environmental performances.
Even if those companies are not based in Europe, you can ask them if they have any study or report about their own situation against Best Available Techniques (BAT) in their industry.
There is no requirement in ISO 14001:2015 that states that companies should share that information with interested parties. Your company, as a potential customer can re quest that information and hope for their openness.
The following material will provide you more information about environmental performance:
Article - Environmental performance evaluation - https://advisera.com/14001academy/blog/2015/07/06/environmental-performance-evaluation/
- 4 steps in identification and evaluation of environmental aspects - https://advisera.com/14001academy/knowledgebase/4-steps-in-identification-and-evaluation-of-environmental-aspects/
Environmental aspect identification and classification - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/environmental-aspect-identification-and-classification/
Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/ -
Documents for IATF audit
Answer:
When it comes to IATF audit, the same documents are needed for Die mold shop as for any other audit.
To see a list of mandatory documents for an IATF audit, please read the article:
List of mandatory documents required by IATF 16949:2016
https://advisera.com/16949academy/knowledgebase/list-of-mandatory-documents-required-by-iatf-16949-2016/
Examples of documents that can be used are checklists, production plans, and PPAP, control plans (SPC and APQP), risk analysis (FMEA), records of Measurement system analysis (MSA), preventive and predictive maintenance and similar.
For more about IATF 16949:2016 internal audit, please read article:
IATF 16949 audit types how they affect process improvement
https://advisera.com/16949academy/blog/2017/11/01/iatf-16949-audit-types-how-they-affect-process-improvement/ -
Starting as QMS implementation consultant
Answer:
If you want to become an ISO 9001 implementer it is important that you acquire two competencies:
Learn about ISO 9001:2015, the reference standard to develop a quality management system;
Learn about good implementation practices.
The following materials will provide you more information and help you in becoming an ISO 9001:2015 implementer:
- Article – What is ISO 9001? - https://advisera.com/9001academy/what-is-iso-9001/
- Should you use a gap analysis in your ISO 9001 implementation? - https://advisera.com/9001academy/17/use-gap-analysis-iso-9001-implementation/
- ISO 9001 Implementation diagram - Download a complimentary checklist (PDF) - https://info.advisera.com/9001academy/free-download/iso-9001-implementation-diagram
- Clause-by-clause explanation of ISO 9001:2015 - Download a complimentary white paper (PDF) - https://info.advisera.com/9001academy/free-download/clause-by-clause-explanation-of-iso-90012015"
- Free webinar – Overview of ISO 9001 implementation steps - https://advisera.com/9001academy/webinar/overview-of-iso-9001-implementation-steps-free-webinar-on-demand/
- Enroll for free in the course – ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- Enroll for free in the course - ISO 9001:2015 Lead Implementer Course - https://advisera.com/training/iso-9001-lead-implementer-course/
- If you need help or want to develop documentation faster, check - ISO 9001:2015 Documentation Toolkit - https://advisera.com/9001academy/iso-9001-documentation-toolkit/
- Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
ISO 27001 and third party data risk
Answer:
ISO 27001 can be used to prevent third party data risk by means of:
- Identification of relevant data risks imposed by third parties with access to information
- Definition of proper treatment options and controls to reduce risks to acceptable levels
- Establishment of contracts or legal agreements including clauses to enforce the application of previously defined controls (for third-parties authorized to access information assets)
These articles will provide you further explanation about preventing third party data risk:
- 6-step process for handling supplier security according to ISO 27001 https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/
- Which security clauses to use for supplier agreements? https://advisera.com/27001academy/blog/2017/06/19/which-security-clauses-to-use-for-supplier-agreements/
- What to consider in security terms and conditions for employees according to ISO 27001 https://advisera.com/27001academy/blog/2018/05/23/what-to-consider-in-security-terms-and-conditions-for-employees-according-to-iso-27001/
This last article also covers conditions for third-parties working for the organization. -
Procedure for commercial activities
Answer:
ISO 9001:2015 has no mandatory procedures. Please check clause 4.4.2 a). It is up to each organization to decide which procedures are needed to support operations.
Most organizations decide to develop procedures to describe how processes should be performed, and work instructions to describe how specific activities should be done.
A commercial procedure could be one that describes how requests for quotation are received, treated and proposals elaborated, approved, sent, negotiated until an agreement is reached.
The following material will provide you more information about commercial activities:
Article - List of mandatory documents required by ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/
ISO 9001 document template: Sales Procedure - https://advisera.com/9001academy/documentation/sales-procedure/
[free course] ISO 9001:2015 Foundations Course - https://train ing.advisera.com/course/iso-90012015-foundations-course/
- book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Not following the PDCA cycle?
Answer:
The PDCA cycle is embedded in the way ISO 14001 was written. If someone does not follow the PDCA cycle it will, most likely, be inefficient and ineffective.
Following the PDCA cycle is a way of trying to avoid a situation where something not needed is done. The PDCA cycle help us start by where action is needed. If an organization does not follow the PDCA cycle it can do a lot of work, use precious resources, and getting progress in areas where there is no priority for change.
Following the PDCA cycle is a way of promoting continuous improvement because the end of a cycle can be the start of the next one.
The following material will provide you more information about the PDCA cycle:
Article - Plan-Do-Check-Act in the ISO 14001 standard - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/plan-do-check-act-in-the-iso-14001-standard/
Enroll for free in this course – ISO 14001:2015 Foundations Course - https://training.adviser a.com/course/iso-14001-foundations-course/
Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/ -
Scope statement detail
Answer:
First, you can go to an internet search engine and look for "environmental management system certificate textile" or “environmental management system certificate knit garments" to see several real life examples of environmental management systems’ certificates stating their scope.
You can see that some are very general "manufacturing of garments" and others are very detailed.
Second, your proposal goes into the more detailed field and I believe there is no problem with that.
By the way if your organization has more than one location, some certification bodies require to identify the applicable location in the scope statement.
The following material will provide you more information about scope:
Article - How to determine the scope of the EMS according to ISO 14001:2015 - https://advisera.com/14001academy/blog/2016/02/01/how-to-determine-the-scope-of-the-ems-according-to-iso-140012015/
Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/ -
Supplier evaluation
Answer:
For supplier evaluation I suggest you to take a look at these free demos to verify if they can fulfill your needs:
- Procedure for Purchasing and Evaluation of Suppliers https://advisera.com/9001academy/documentation/procedure-purchasing-evaluation-suppliers/
- Checklist for Evaluation of Suppliers https://advisera.com/9001academy/documentation/appendix-1-checklist-evaluation-suppliers/
Although these templates were created for a Quality Management System, they also can be used for an ISO 27001 ISMS, but please note that ISO 9001 supplier evaluation does not cover information security aspects. For that I suggest you work these templates together with the Supplier Security Policy and Security Clauses for Suppliers and Partners, included in your toolkit on folder 08 Annex A Security Controls A.15 Supplier Relationships
These articles will provide you further explanation about supplier evaluation:
- How to evaluate supplier perfor mance according to ISO 9001:2015 https://advisera.com/9001academy/blog/2015/10/27/how-to-evaluate-supplier-performance-according-to-iso-90012015/
- Which security clauses to use for supplier agreements? https://advisera.com/27001academy/blog/2017/06/19/which-security-clauses-to-use-for-supplier-agreements/ -
PCI QSA certification and ISO 27001 LA course
We received this question:
>The response does not answer my question. The PCI QSA requirements stipulate that, in order to qualify for QSA, a candidate must hold certifications from each of two lists: a list of security certifications and a list of auditor certifications. The list of auditor certifications includes ISO 27001 Lead Auditor.
>Would taking this course and passing the exam satisfy the requirement for an auditor certification as stipulated by the PCI QSA prerequisites?
Answer:
First of all, sorry for this misunderstanding.
Our ISO 27001 Lead Auditor course is accredited by Exemplar Global (formerly known as RABQSA), so once approved in the final exam the issued ISO 27001 Lead Auditor certificate can be used to fulfill the related prerequisite to your path to become PCI QSA. -
ISO 27001 - Policy for permitted use / Policy for information transfer
The policy for permitted use contains the record of permitted communication channels. The same record I already added to the policy for information transfer. The policy for permitted use refers to the other policy, which contains the record. In my opinion I would be able to delete the record in the policy for permitted use (if it’s already in the policy for information transfer). Is that correct?
Answer: Please note that section 3.6 of the Policy for permitted use (which refers to information transfer) must be kept only if you do not use the Policy for information transfer. In case the Policy for information transfer is a separated document you can delete section 3.6 and this related record from the Policy for permitted use. This way information about information transfer will be only in one document, minimizing risks of conflicting information.