Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11277 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
ISO 45001 to OHSAS 18001 table
Answer:
With ISO 45001:2018 they did not put in a comparison table to OHSAS 18001:2007. This is likely because the OHSAS 18001 standard was not issued by the ISO organization (this is a BSI standard), so they were not able to publish a comparison as they would when they update one of their own standards. It may be possible to find one online, but we do not have one.
For some help transitioning from OHSAS 18001 to ISO 45001, which will point out some of the additions in the new standard, you can see the whitepaper: Twelve-step transition process from OHSAS 18001 to ISO 45001, https://info.advisera.com/45001academy/free-download/twelve-step-transition-process-from-ohsas-18001-to-iso-45001 -
Using e-signatures
Answer
Yes, there is nothing in ISO 9001 that does not allow the use of e-signatures. By the way, many people in ISO certified systems fill electronic records and record decisions with their login as identifier.
The following material will provide you more information about document control:
- ISO 9001 – New approach to document and record control in ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/
- How to set up document approval/withdrawal within your QMS based on ISO 9001:2015 - https://advisera.com/9001academy/blog/2016/04/12/how-to-set-up-document-approvalwithdrawal-within-your-qms-based-on-iso-90012015/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
When to develop a corrective action
Answer
Whenever your organization detects a non-conformity a report should be issued. Please check ISO 9001:2015 clause 8.7.2.
Not all non-conformities should generate a corrective action. Please check ISO 9001:2015 clause 10.2.1 b). Evaluate the need for a corrective action, an action that eliminates the cause(s) of a non-conformity. Corrective actions sometimes are difficult, take time and resources, because true causes are hidden. Performing corrective actions whenever a non-conformity occurs can be a bad practice because of what is called tampering a system, constant changes introduce more variability.
When I work with organizations, I recommend two criteria to help in answering to the question in the diagram above:
Is the non-conformity very serious? (Danger for the people (clients or employees), for the brand , for the costs, …)
Is the non-conformity part of a trend? Individually the non-conformity is not very serious, but it is happening frequently.
If the answer is yes to one of the questions, develop a corrective action. All corrective actions should be recorded.
The following material will provide you more information about corrective action:
How to proceed once a QMS corrective action is defined? - https://advisera.com/9001academy/blog/2016/09/20/how-to-proceed-once-qms-corrective-action-is-defined/
Free webinar - Free webinar – Measurement, analysis, and improvement according to ISO 9001:2015 - https://advisera.com/9001academy/webinar/measurement-analysis-and-improvement-according-to-iso-9001-2015-free-webinar/
- Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
EU GDPR Questions
Answer:
Legitimate Interest is one of the six lawful/legal basis for processing personal. The other five are a legal obligation, pursuance/execution of a contract, to protect the vital interests of the data subject or some other person, to perform a public task and consent of the data subject. If you want to get more information on the legal basis on which you can process personal data check out this article Is consent needed? Six legal bases to process data according to GDPR: https://advisera.com/eugdpracademy/knowledgebase/is-consent-needed-six-legal-bases-to-process-data-according-to-gdpr/
2. With your other clients, during the Human Resource application and hiring processes, are consents needed when an employee applies for a job AND when hired?
Answer:
The lawful basis in recruitment I usually pursuance of a contract as both parties are interested in concluding a work contract (labor agreement). Only for unsuccessful candidates, if yo u want to still keep their CVs you would need to rely on either legitimate interest or consent.
3. If an employee applies over the internet, how is Consent generally obtained?
Answer:
As I mentioned while answering your question consent is not usually used in recruitment. However, if you want to consent over the internet usual there is a checkbox that the data subject needs to check.
4. Could the applicants' consent be considered given freely s the job applicant is giving their personal data on the application?
Answer:
The lawful ground for processing CVs is pursuance of a contract and not consent.
5. Also, what are the definitions of Legit Interest Purpose?
Answer:
Legitimate interests mean that the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. The GDPR highlights certain purposes that either ‘constitutes’ legitimate interest or ‘should be regarded as’ a legitimate interest. These are fraud prevention, network, and information security; and avoiding possible criminal acts or threats to public security. There are just some examples.
6. Lastly, do you have guidance on how other clients have documented their use of Salesforce? I believe Salesforce is used to collect names and business email address for marketing purposes.
Answer:
Usually, Salesforce should be considered a processor on behalf of its clients and a Data Processing Agreement should be in place between Salesforce and its Clients. If you use Salesforce to collect data ensure that you have a lawful basis correctly identified in this case it would be either consent or legitimate interest. If you want to find out more about marketing and GDPR check put this free webinar How GDPR affects marketing practices: https://advisera.com/eugdpracademy/webinar/how-gdpr-affects-marketing-practices-free-webinar-on-demand/ -
Template content
Answer:
First it is important to note that ISO 27001 does not require each control in Annex A to be documented. In some cases all you need is to include in the Statement of Applicability (SOA) a brief explanation of how it is implemented.
In case you decide to document recommendations of controls A 18.2.2 and A 18.2.3, they can be included in the internal audit procedure, since these controls and the procedure aim to ensure that information security is implemented and operated in accordance with defined requirements.
You can schedule a meeting with one of our experts so he can help you about the changes that should be made on your documentation. To schedule a meeting, please access this link: https://advisera.com/27001academy/consultation/ -
Ideas to formulate objectives
Answer
The best starting point to develop meaningful quality objectives is the quality policy. A good quality policy takes good care of clause 5.2.1 a).
What is the strategic direction of your organization, what is behind its competitive advantage? Is your competitive advantage being effective, generating satisfied customers, revenue, margin?
For example, consider: Customer satisfaction; Complaints; Capacity use; Unit price.
The following material will provide you more information about developing quality objectives:
How to Write Good Quality Objectives - https://advisera.com/9001academy/knowledgebase/how-to-write-good-quality-objectives/
Free webinar on demand - Measurement, analysis, and improvement according to ISO 9001:2015 - https://advisera.com/9001academy/webinar/measurement-analysis-and-improvement-according-to-iso-9001-2015-free-webinar/
- [free course] ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-14001-internal-auditor-course/ s-course/
- [free course] ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-9001-internal-auditor-course/
- Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Design ad development applicability
Answer
The answer depends on the scope of your IMS. If among your IMS scope, there are projects that clients request you to develop then Design and Development is mandatory. If all projects are developed, or delivered, by clients then Design and Development is not applicable within your IMS.
The following material will provide you more information about clause applicability:
What clauses can be excluded in ISO 9001:2015? - https://advisera.com/9001academy/blog/2015/07/07/what-clauses-can-be-excluded-in-iso-90012015/2015/
- [Free webinar on demand] - How to integrate ISO 9001:2015 and ISO 14001:2015 - https://advisera.com/9001academy/es/webinar/how-to-integrate-iso-90012015-and-iso-140012015-free-webinar/ 5-free-webinar-on-demand/
- [free course] ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/ [there is also a free course about ISO 14001:2015]
- [free course] ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-9001-internal-auditor-course/
- book - ISO Internal Audit: A Plain English Guide - https://advisera.com/books/iso-internal-audit-plain-english-guide/ -
Maintaining certification
I would like to know if: a) a consultant is necessary to achieve/maintain ISO standards Answer It is not mandatory to have a consultant to achieve or maintain ISO certifications. The only requirement is being compliant with ISO standards and internal requirements. Of course, in your particular situation perhaps a consultant can be useful for maintaining the certifications, because she or he already has an overall idea of how your Integrated Management System works and how things are interrelated. Another possibility can be to use the consultant to train you and other people about the Integrated Management System. b) it is mandatory to audit the company's supply chain and if so how? Answer Nothing in the standards make that mandatory, unless your own internal rules define that as mandatory. Remember, internal rules can be changed by organizations if they are not effective or if context changes. The following material will provide you more information about maintaining certification and supplier evaluation: How to maintain your ISO 9001-based QMS after certification - https://advisera.com/9001academy/31/how-to-maintain-your-iso-9001-based-qms-after-certification/ How to evaluate supplier performance according to ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/10/27/how-to-evaluate-supplier-performance-according-to-iso-90012015/ - [Free webinar on demand] - How to integrate ISO 9001:2015 and ISO 14001:2015 - https://advisera.com/9001academy/webinar/how-to-integrate-iso-90012015-and-iso-140012015-free-webinar-on-demand/ - [free course] ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/ [there is also a free course about ISO 14001:2015] - [free course] ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-9001-internal-auditor-course/ - book - ISO Internal Audit: A Plain English Guide - https://advisera.com/books/iso-internal-audit-plain-english-guide/ -
Consultants and maintaining certification
Answer
No, it is not mandatory to have a consultant to get or maintain ISO 9001 certification. The only requirement is being compliant with ISO 9001 and internal requirements.
The following material will provide you more information about maintaining certification:
How to maintain your ISO 9001-based QMS after certification - https://advisera.com/9001academy/31/how-to-maintain-your-iso-9001-based-qms-after-certification/
- [free course] ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-9001-internal-auditor-course/
- book - ISO Internal Audit: A Plain English Guide - https://advisera.com/books/iso-internal-audit-plain-english-guide/ -
Section A.18.1 Compliance with legal and Contractual Requirements
Answer:
To record the legal and contractual requirements relevant to your ISMS you can use the List of Legal Regulatory Contractual and Other Requirements template. To document your approach to identify these requirements you can use the Procedure for Identification of Requirements template.
Both templates are located in folder 02 Identification of Requirements of your toolkit.
By the way, included in your toolkit there is a List of Documents file which shows you which requirements and controls from ISO 27001 are covered by each document in the toolkit.