Search results

Home / Search

Category:

Sort by:

Select

Types of user:

Select

11269 results

Guest

Create New Topic As guest or Sign in

Business department* About business* Organization size*

Title *

Body *

HTML tags are not allowed

Category *

Select

Assign topic to the user

Select user

ISMS vs ISMF

Please note that businesses have different organizational structures, so your focus shouldn't be on departments, but on roles and responsibilities.

Considering that, for ISO 27032 (Guidelines for cybersecurity), the roles responsible for information security, network security, internet security, and critical infrastructure should be trained (normally these roles are in the department which handles Information and Communication Technologies).

About ISO 27035 (Information security incident management), the above-mentioned roles, now including roles responsible for legal compliance also should be included.

For further information, see:
- Using ITIL to implement ISO 27001 incident management https://advisera.com/27001academy/blog/2015/11/10/using-itil-to-implement-iso-27001-incident-management/t/
Document review

Answer:

There is no single answer for the most appropriate approach, because each organization has its own needs to perform documentation review, but the most common adopted frequency is the annual review, because this periodicity helps certified organizations to be ready for surveillance audits, which are in general performed annually, without much increase in the administrative work.

This article will provide you further explanation about document management:
- Document management in ISO 27001 & BS 25999-2 https://advisera.com/27001academy/blog/2010/03/30/document-management-within-iso-27001-bs-25999-2/

This material will also help you regarding document management:
- Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/
Audit standard
Could you suggest me some audit standards where I can improve my knowledge as well I can grow in my career?

Answer:

Considering ISO standards, the standard to be known is the ISO 19011, which provides guidance on auditing management systems. You can find this standard here: https://www.iso.org/standard/70017.html

This article will provide you further explanation about becoming an auditor:
- What does ISO 27001 Lead Auditor training look like? https://advisera.com/27001academy/blog/2016/08/29/what-does-iso-27001-lead-auditor-training-look-like/

These articles will provide you further information about risk assessment:
- ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/

- How to write ISO 27001 risk assessment methodology https://advisera.com/27001academy/knowledgebase/write-iso-27001-risk-assessment-methodology/
ISO 27001 certification
First it is important to note that ISO 27002 is not a certifiable standard. The certifiable standard is ISO 27001, and provided that your security program can fulfill all requirements defined on sections 4 to 10 of ISO 27001, you can look for certification.

These articles will provide you further explanation about ISO 27001, ISO 27001 certification and use of control frameworks:
- What is ISO 27001 https://advisera.com/27001academy/what-is-iso-27001/
- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
- How to use NIST SP 800-53 for the implementation of ISO 27001 controls https://advisera.com/27001academy/blog/2016/05/10/how-to-use-nist-sp-800-53-for-the-implementation-of-iso-27001-controls/

These materials will also help you regarding ISO 27001 implementation:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Applying clause 8.5.1

Answer

Let us check every item on that clause:
a) Do you have product specifications that describe features and performance targets?
b) Do you have the necessary monitoring and measuring resources to confirm product quality according to specifications and performance targets?
c) Do you have a process control plan that defines for each manufacturing step what is relevant to control with what frequency and within which limits in the process? (For example, temperature or pressure control). Do you have a process control plan that defines for each manufacturing step what kind of quality control should be done for raw-materials and work-in-progress materials with what frequency and within which limits? (For example, impurity content)
d) Do you have suitable equipment? (Any abnormal rate of breakdowns or lost production time?) Do you have a suitable environment? (If relevant to protect product quality – moisture control, pest control, contamination control, …)
e) Do y ou have enough people in your production process? Are they competent according to your own criteria? Are there any external competency requirements that need to be fulfilled? (For example, in a construction company, a civil engineer may be required)
f) Do you have any relevant production steps where quality cannot be measured after the step? (It is not practical, or it is very expensive) For example, do you need to ensure sterilization of tank? (You need to develop a method to ensure sterilization, then apply method and validate method by making tests. After validation ensure that you apply the method).
g) Determine risks of human error, evaluate potential consequences and implement actions to prevent it. (What Japanese call “poka-yoka”. For example, once I was distracted and started to fill the gas tank of my car. However, he could not do it, the hose did not get in the car, it was too large. It was then that I realized that I had picked the hose from the diesel and my car was on gasoline.)
h) What kind of control is needed during delivery? (No need of release or post-delivery activities

The following material will provide you more information about production control:
- ISO 9001 – Understanding Product & Service Provision in ISO 9001 - https://advisera.com/9001academy/blog/2014/10/07/understanding-product-service-provision-iso-9001/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
Revision and changes

Answer

If you change a form and at the same time you keep the its designation, you should change the revision code. If you don’t do that there is the risk of different people using different versions of the form at the same time. Many years ago, before ISO 9001 implementation, I was quality manager at a company and was discussing by telephone the features of a product with one of our commercial representatives in another country. After some time, we realized that we were using different versions of the product specification. We only find out because, fortunately, each version had text in different colors.

The following material will provide you more information about effectiveness:
- ISO 9001 – New approach to document and record control in ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/
- free online training ISO 9001:2015 Foundations Course – https://tr aining.advisera.com/course/iso-90012015-foundations-course/
- book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
Efficiency and effectiveness
"To track implementation of the strategic plan thorough monitoring and evaluation o the first cycle M &E plan by 2019 is it a good objective
"To Ensure efficient use of resources by measuring effectiveness of the systems by June 2019

Answer

Your organization want to ensure efficient use of resources.
If your organization meets efficiency targets your purpose will be satisfied and your management system will be effective. You see it is because your organization is efficient that the management system will be considered effective not the other way around.
What are the most relevant topics concerning efficiency in your organization? Is it energy per amount produced? Is it man-hours per amount produced? Is it production quantity per hour?
Good objectives will be about energy consumption per amount produced, or man-hours needed per amount produced, or production quantity per hour. If your organization meet its targets for each objective it will be eff icient, and by meeting all objectives it will be effective.

The following material will provide you more information about effectiveness:
- ISO 9001 – Practical tips for measuring your QMS according to ISO 9001:2015 clause 9.1 - https://advisera.com/9001academy/blog/2017/08/29/practical-tips-for-measuring-your-qms-according-to-iso-90012015-clause-9-1/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
ISO 9001 vs ISO 22000

Answer

Yes, ISO 9001 is general usage standard, it can be applied in all economic sectors. ISO 22000 is for the food industry.

The following material will provide you more information about the difference between ISO 9001 and ISO 22000:
- ISO 9001 – Similarities and differences between ISO 9001 and ISO 22000 - https://advisera.com/9001academy/blog/2018/11/20/similarities-and-differences-between-iso-9001-and-iso-22000/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
Defining good objectives

Answer

I do not consider that proposal as a good objective. ISO 9000:2015 defines objective as a result to be achieved, not as an activity to be performed.
Your organization has a strategic plan. If that plan is valid and effective what major results will be achieved? Those major results can be your objectives.

The following material will provide you more information about good objective definition:
- ISO 9001 – How to Write Good Quality Objectives - https://advisera.com/9001academy/knowledgebase/how-to-write-good-quality-objectives/
- What has changed with quality objectives in ISO 9001:2015? - https://advisera.com/9001academy/blog/2018/05/08/what-has-changed-with-quality-objectives-in-iso-90012015/
- Free webinar – Measurement, analysis, and improvement according to ISO 9001:2015 - https://advisera.com/9001academy/webinar/measurement-analysis-and-improvement-according-to-iso-9001-2015-free-webinar/ -2015-free-webinar-on-demand/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
Cómo reducir la documentación en un SGC

Respuesta:

En realidad esta nueva versión de la norma ISO 9001:2015 exige mucha menos información documentada que las versiones anteriores, no obstante en este artículo puede consultar cuáles son los documentos y registros obligatorios con los que tiene que cumplir para poder certificar su SGC - Lista de documentos obligatorios requeridos por la ISO 9001:2015: https://advisera.com/9001academy/pt-br/kit-de-documentacao-da-iso-9001/nowledgebase/lista-de-documentos-obligatorios-requeridos-por-la-iso-90012015/

Por otro lado, tenga en cuenta que ningún procedimiento es obligatorio, y que depende única y exclusivamente de la organización decidir si son necesarios para el correcto funcionamiento de los procesos o el futuro mantenimiento del sistema de gestión de calidad. Mi recomendación es que se escriban aquellos que sean cruciales para la organización.

Y finalmente recuerde que sólo son necesarios los registros y documentos que sirvan para el correcto funcionamiento y eficacia de su sistema de gestión de calidad y su alcance.

Para más información sobre cómo reducir la cantidad de documentación en ISO 9001:2015, vea los siguientes materiales:
- Artículo - New approach to document and record control in ISO 9001:2015: https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/
- Libro - Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Curso gratuito en línea - Curso fundamentos de la norma ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +

Search results

11269 results

Create New Topic As guest or Sign in

Assign topic to the user

Want to vote?

ISMS vs ISMF

Document review

Audit standard

ISO 27001 certification

Applying clause 8.5.1

Revision and changes

Efficiency and effectiveness

ISO 9001 vs ISO 22000

Defining good objectives

Cómo reducir la documentación en un SGC

Didn’t find an answer?