Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11277 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Documented information of external origin during the certification audit
what other ISO standards should be available in my office while the certification body is auditing'
Answer:
You should have at list a paper or electronic copy of ISO 9001:2015. You should also have paper or electronic copies of standards that are relevant for the quality of your product or service. Those determined under clause 7.5.3.2 as documented information of external origin.
The following material will provide you more information about documented information of external origin:
What does “external documents control” mean in ISO 9001? - https://advisera.com/9001academy/blog/2019/02/04/what-does-external-documents-control-mean-in-iso-9001/
Enroll for free in this course – ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- Book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Context and risks
Answer:
You can elaborate a report where you list the internal and external issues determined by your organization. See the example below in the white paper.
From issues do we refer to RISKS or the current PROBLEMS the organization is experiencing?
Answer:
Issues are not risks. Issues are elements that can affect and organization’s approach to developing and achieving its objectives. For example, a competitor may enter your market with a superior product due to new technology. Another example, your potential market may grow or shrink due to demographic changes.
And how does the context of the organization relate to risk assessment?
Answer:
Internal and external issues can help or hinder in meeting expected results. For example, your organization expects to grow market share among the wealthiest segment (an objective). That can be hindered by the move of a competitor that presented a superior product due to new technology. For example, your organization sells its best seller to parents with young kids. Your organization’s growth perspectives may be hindered by the demographic evolution of your main markets. Whatever helps your organization in meeting objectives is an opportunity. Whatever hinders your organization in meeting objectives is a risk.
And another question is that under the heading of which clause would a security cameras SOP come under?
Answer:
Perhaps under ISO 9001:2015 clause 7.1.4 Environment for the operation of processes
The following material will provide you more information about context and risk:
White Paper - Case study for ISO 9001:2015 transition in a construction company - https://info.advisera.com/hubfs/9001Academy/9001Academy_FreeDownloads/Case_study_for_ISO_9001_2015_transition_in_construction_company_EN.pdf How to identify the context of the organization in ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/how-to-identify-the-context-of-the-organization-in-iso-90012015/
How to identify risk significance in ISO 9001:2015 - https://advisera.com/9001academy/blog/2019/01/14/how-to-identify-risk-significance-in-iso-90012015/
Free webinar – ISO 9001:2015 clause 4 - Context of the organization, interested parties, and scope - https://advisera.com/9001academy/webinar/iso-90012015-clause-4-context-of-the-organization-interested-parties-and-scope-free-webinar-on-demand/
Enroll for free in this course – ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- Book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Certification costs
Answer:
That will depend on several factors like number of employees, economic sector, particular environmental situation and from country to country.
If you want to implement and certify an environmental management system in your organization, please consider the cost of training and implementation, and the cost of certification.
The following material will provide you more information about implementation and certification costs:
Article - How much does ISO 14001 implementation cost? - https://advisera.com/14001academy/blog/2017/01/23/how-much-does-iso-14001-implementation-cost/
Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/ -
SOC 2 and ISO 27001
Answer:
There are many common points between SOC II and ISO 27001:2013: risk management, internal audit, business continuity, access control, etc. If you want to know details about the similarities about both standards, and what resources can be shared, you can see the document “Trust Services Map to ISO 27001” in the official site of American Institute of CPAs. You can find it at this link: https://www.aicpa.org/content/dam/aicpa/interestareas/frc/assuranceadvisoryservices/downloadabledocuments/othermapping/trust-services-map-to-iso-27001.xlsx -
ITIl and ISO 20000
Answer:
ITIL and ISO 20000 overlap quite a lot. Usage of ITIL processes for ISO 20000 implementation depends also on the detail of the implementation. Ownership of the processes depends on how many employees your ITSM organization have. Ideally, every process would have different owner. But, process owners can be combined.
Here are more details:
ITIL and ISO 20000: A Comparison https://advisera.com/20000academy/knowledgebase/itil-iso-20000-comparison/
Defining roles and responsibilities for ISO 20000-based IT Service Management https://advisera.com/20000academy/blog/2017/10/18/defining-roles-and-responsibilities-for-iso-20000-based-it-service-management/
What ITIL roles can be combined in one person? https://advisera.com/20000academy/knowledgebase/itil-roles-can-combined-one-person/ -
KEDB
Answer:
Best option would be to integrate Known Error Database (KEDB) as part of the ITSM (IT Service Management) tool. In such way, you'll have automation in place meaning that you will integrate KEDB with Incident Management and Problem Management. both of the processes use KEDB to enter Known Errors or use KEDB to resolve incidents i.e. problems.
Here is more about Known Errors (records in scope of KEDB) Known Errors – repetitio est mater studiorum? Not in this case. https://advisera.com/20000academy/blog/2014/02/04/known-errors-repetitio-est-mater-studiorum-case/ -
Residual risk
Answer:
You have to calculate the residual risk after the definition of the risk treatment to be applied. At this point the residual risk is the risk value you expect to achieve with the implementation of the controls. After the implementation of the controls, the risk value you will measure will confirm if the previously calculated residual risk is right or if you need to perform adjustments in the control implementation.
These articles will provide you further explanation about risk assessment:
- ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
- Why is residual risk so important? https://advisera.com/27001academy/knowledgebase/why-is-residual-risk-so-important/
These materials will also help you regarding risk assessment:
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- The basics of risk assessment and treatment according to ISO 27001 [free webinar on demand] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/ -
Privacy and Data Protection Notice
Thank you -
Data processing under EU GDPR compliance
Answer:
None of the above. The EU GDPR will only apply to personal data regarding individuals within the Union, while the nationality or habitual residence of those individuals is irrelevant.
For more information about EU GDPR, please check here:
- EU GDPR: What is it and how does it work? https://advisera.com/eugdpracademy/what-is-eugdpr/ -
ISO 45001 Documentation Logistics
Answer:
This is a question that will be different for every organization due to size of the company, industry, hazards present, etc. There are no requirements on the format of managing the documentation. You can keep you documents and records in electronic or hard-copy format as you see fit, or any other format that works for you. Many companies have documents and records that are in a word processor format, stored electronically, and when created, updated or changed they follow rules that meet the requirements of ISO 45001:2018 Clause 7.5.
2. How many Files or folder I need to create or make for documentation?
Answer:
This, again, depends on the company. You need to define for your company, and the processes you use, what procedures you will need for your OHSMS. This will then determine what records you need to keep for each OH&S process. As for folder structure, this is up to you and is not defined in the standard. It is common to create a folder structure that matches the process es you have, but how this is done is up to you.
3. Files record must be according to clauses or according to documents given in series?
Answer:
There is no requirement to use the clauses of the ISO 45001 standard to identify your documents, records or folder structure. It is best to create a folder structure that matches your documentation structure so that you can store documents and records in an order that makes it easy for you as an organization o find them.
4: How many box files do I required for documentation?
Answer:
If you are storing hard copy files, the number of boxes you require will depend greatly on the number of procedures and records your processes require you to keep. Remember, there is not a requirement to have a different storage method for the ISO 45001 documents and records, so if you already have another management system in place (such as ISO 9001) you can use the same documentation process. You may also have many OH&S records in place to meet legal requirements, and this can help you to understand the space needed for records as they will become part of this storage.
To ensure that you have all of the documentation required by ISO 45001:2018, see the whitepaper: Checklist of Mandatory Documentation Required by ISO 45001, https://info.advisera.com/45001academy/free-download/checklist-of-mandatory-documentation-required-by-iso-45001