Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11269 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Test requirements and ISO 9001
Answer:
ISO 9001:2015 considers tests requirements for:
Approval of new products and services performance (clause 8.3.4)
Approval of materials and services acquired to external providers (clause 8.4.2)
Approval of final product or service (clause 8.6)
The following material will provide you information about test requirements:
ISO 9001: Requirements for the release of the product or service - https://advisera.com/9001academy/blog/2017/03/28/iso-9001-requirements-for-the-release-of-the-product-or-service/
The ISO 9001 Design Process Explained - https://advisera.com/9001academy/blog/2013/11/05/iso-9001-design-process-explained/
Enroll for free in this course – ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- Book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Policy users
Answer: Please note that "organizational units for information and communication technology" is only an example to consider for users of this document. You can change it for whatever users you see are relevant for your organization.
2 - Should the policy not be relevant to all employees of the company? Especially when the type of information (for which the communication channel will be defined) represent all assets of the organization? (Means the assets we chose for the risk assessment). So far I made a matrix about the allowed communication channels depending on the information type.
Answer: Please also note that for ISO 27001 this policy covers external parts and electronic communication, so for employees that do not use electronic communication nor have contact with external par ts this policy would have no sense for them. Of course, if these scenarios do not occur in your organization you can state that this policy is applicable to all your employees. -
ISMS processes for personnel security
Answer:
ISO 27001 ISMS processes are the same regardless to where they are applied once the ISMS scope is defined:
- Risk assessment and risk treatment, for identification of risks relevant to personnel security and definition of proper controls
- Controls implementation and operation, to effectively reduce risks to acceptable levels
- Performance evaluation, to check and verify if expected results are being achieved
- Improvement, by means of non conformities, corrective actions and continual improvement
Specifically for personnel security, main controls applied are terms and conditions of employment, and awareness and training.
These articles will provide you further explanation about awareness and training, and terms and conditions:
- What are the benefits of security awareness training for organizations? https://advisera.com/27001academy/blog/2019/03/27/what-are-the-benefits-of-security-awareness-training-for-organizations/
- What to consider in security terms and co nditions for employees according to ISO 27001 https://advisera.com/27001academy/blog/2018/05/23/what-to-consider-in-security-terms-and-conditions-for-employees-according-to-iso-27001/
This material will also help you regarding awareness and training:
- Free Security Awareness Training: https://advisera.com/training/awareness-session/security-awareness-training/ - this is a series of 25 videos that cover various topics related to security. -
Risk assessment and treatment
How does Annex A related to the risks ? I understand there are 114 security controls (?) that the standard defines on Annex A. Do we need to refer to all of them and for each one indicate if that is relevant? And if relevant - then I fill the relevant doc? What table do I use to do that ?
Actually, if I put it in other words, I would appreciate a clarification of the process between folders 5,6, and 8 (Annex A). For me there is too much info and videos in the site. It is overloaded and I can't find what is relevant and I do not want to spend to much time on viewing all of that. Can you list the process in few sentences in regards to the risk and security controls? What do I need to do and what tables to use ?
Answer:
Basically you are referring to the risk assessment and risk treatment processes, where relevant risks are identified and proper treatment actions and controls from ISO 27001 Annex A are chosen.
For a view of these processes, with the use of real data as examples, you can see these video tutorials included in your toolkit:
- #105 How to implement risk assessment
- #106 How to implement risk treatment -
Records in Service Desk tools
Answer:
Some records may be needed to be retained for longer if the processing is necessary for the establishment, exercise or defense of legal claims.
If you want to find out more about retention periods check out this free EU GDPR Foundations Course (https://advisera.com/training/eu-gdpr-foundations-course//). -
Company policies and HR
Answer:
Under ISO 9001:2015 those topics are not mandatory.
The following material will provide you information about human resources:
How to create an ISO 9001:2015 human resources audit Checklist -https://advisera.com/9001academy/blog/2019/02/28/how-to-create-an-iso-90012015-human-resources-audit-checklist/
Understanding Resource Management in ISO 9001 -https://advisera.com/9001academy/blog/2014/02/11/understanding-resource-management-iso-9001/
Free online training – ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
Book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Supportive documents for Total Productive Maintenance
Answer:
There are no specific supportive documents required under the Total Productive Maintenance clause.
It is common practice to have supportive documents with data about OEE (Overall equipment effectiveness), MTBF (Mean time between failures) and MTTR (Mean time to repair (MTTR) as inputs for management review.
Also, for preventive and predictive maintenance, as well as for periodical overhaul, you should have some records about it.
For parts and service management you should have some kind of documents such as instructions for use and similar. -
Root Cause analysis
Answer:
Root cause analysis is part of Problem Management activities.
There are several techniques:
Chronological analysis
Pain value analysis
Kepner and Tregoe
Brainstorming
5-Whys
Fault isolation
etc.
More on Problem Management in the article:
ITIL and ISO 20000 Problem Management – Organizing for problem resolution https://advisera.com/20000academy/blog/2014/07/29/itil-iso-20000-problem-management-organizing-problem-resolution/
ITIL Problem Management: getting rid of problems https://advisera.com/20000academy/blog/2013/08/05/itil-problem-management-getting-rid-problems/
2) Does the organization must have a designated incident management team?
Answer:
I think you should have designated Incident Management team. There are many advantages, but here are more details:
ITIL Incident Management benefits – Simple explanation for your top management https://advisera.com/20000academy/blog/2015/11/24/itil-incident-management-benefits-simple-explanation-for-your-top-management/
ITIL Incident Management https://advisera.com/20000academy/knowledgebase/itil/-incident-management/
as well as our free webinar
ITIL Incident Management Process Demystified https://advisera.com/20000academy/webinar/itil-incident-management-process-demystified-free-webinar-on-demand/ -
Cómo empezar con la documentación ISO 9001:2015
Respuesta:
Con respecto a la documentación que tiene que existir en una organización conforme a la norma ISO 9001:2015, puede divirse en dos tipos: los registros y los documentos (políticas, procedimientos). Los registros son referidos en la norma como información documentada que debe retenerse, mientras que los documentos son referidos en la norma como documentación que debe mantenerse. Por otro lado, existe un tipo de documentación que es obligatoria por la norma y otra, como los procedimientos, que la organización puede decidir si desarrollarla o no. Aquí puede ver un artículo sobre la documentación obligatoria y la más comúnmente usada - Lista de documentos obligatorios requeridos por la ISO 9001:2015: https://advisera.com/9001academy/pt-br/kit-de-documentacao-da-iso-9001/nowledgebase/lista-de-documentos-obligatorios-requeridos-por-la-iso-90012015/
Ambos tipos, registros y documentos deben ser controlados por la organización según establecer los requisitos de ISO 9001. Aquí pue de ver más información sobre el control de documentos y registros: https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/
Es importante que sepa que no existe ningún formato obligatorio a seguir por la organización en cuanto a la documentación, sino que es la propia compañía la que decide cómo lo hace siempre y cuanto .
Estos materiales pueden ayudarle con la documentación de ISO 9001:2015:
- Libro - Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/
- Curso gratuito en línea - Fundamentos de ISO 9001:2015: -
SWOT analysis and context
Answer:
An organization determines internal and external issues (clause 4.1).
When those external and internal issues are analyzed from the perspective of strategic direction, they can gain a positive or a negative connotation. That way those issues can be classified as:
Positive internal issues are strengths;
Negative internal issues are weaknesses;
Positive external issues are opportunities;
Negative external issues are threats.
Now you can organize that information with a SWOT matrix.
The following material will provide you information about SWOT analysis:
How to identify the context of the organization in ISO 9001:2015 -https://advisera.com/9001academy/knowledgebase/how-to-identify-the-context-of-the-organization-in-iso-90012015/
Free webinar – ISO 9001:2015 clause 4 - Context of the organization, interested parties, and scope -https://advisera.com/9001academy/webinar/iso-90012015-clause-4-context-of-the-organization-interested-parties-and-scope-free-webinar-on-demand/
Free online training – ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
Book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/