Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11272 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
An ISO 9001 audit
Answer
First, what is an audit?
It is a systematic, independent (to ensure objectivity) and documented process to get audit evidences and compare them with the audit criteria to conclude about the extension these criteria are fulfilled.
I use this image to explain what an audit is:
An auditor goes into reality, collects audit evidences (facts) and compares them with the audit criteria (the rules).
Each comparison is an audit finding.
Comparing the audit objective with the sum of all audit findings the auditor can draw a conclusion.
Second, what types of audits can we talk about?
There are three types of audits: first, second- and third-party audits. In a first party audit the audit manager belongs to the organization being audited. In a second party audit the audit manager belongs to a customer. In a third party audit the audit manager belongs to a certification body.
Third, what is an ISO 9001 audit?
An iso 9001 audit is an audit where the audit criteria is based on ISO 9001, a quality management standard.
The following material will provide you more information about audits:
Article - First-, Second- & Third-Party Audits, what are the differences? - https://advisera.com/9001academy/blog/2015/02/24/first-second-third-party-audits-differences/
Free webinar – How to perform an ISO 9001:2015 internal audit - https://advisera.com/9001academy/webinar/how-to-perform-an-iso-9001-2015-internal-audit-free-webinar-on-demand/
- Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- Enroll for free course - ISO 9001:2015 Internal Audit Course - https://advisera.com/training/iso-9001-internal-auditor-course/
- ISO 9001:2015 Documentation Toolkit - https://advisera.com/9001academy/iso-9001-documentation-toolkit/
- Book - ISO Internal Audit: A Plain English Guide - https://advisera.com/books/iso-internal-audit-plain-english-guide/ -
FSMS 22000 vs QMS
Answer
First, there is an updated version for ISO 22000 from 2018.
Normally, a QMS is based on ISO 9001:2015. A general usage standard that can be applied in all economic sectors. ISO 22000 is for the food industry and is very concerned with food safety along the food chain with special requirements for food safety prevention, emergency response and communication.
The following material will provide you more information about the difference between ISO 9001 and ISO 22000:
Article - Similarities and differences between ISO 9001 and ISO 22000 - https://advisera.com/9001academy/blog/2018/11/20/similarities-and-differences-between-iso-9001-and-iso-22000/
- Article – Six Key Benefits of ISO 9001 Implementation - https://advisera.com/9001academy/knowledgebase/six-key-benefits-of-iso-9001-implementation/
- Free webinar on demand - Overview of ISO 9001 implementation steps - https://advisera.com/9001academy/binar/overview-of-iso-9001-implementation-steps-free-webinar-on-demand/
- Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- ISO 9001:2015 Documentation Toolkit - https://advisera.com/9001academy/iso-9001-documentation-toolkit/
- Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Aspects, impacts and assessments
Answer:
What is the purpose of developing an Environmental Management System? To improve an organization’s interactions with the environment.
How does an organization interact with the environment?
Through its activities and products or services.
An organization’s environmental aspects are all those elements that interact with the environment through its activities, products or services. For example, an organization during production consumes energy, generates waste, generates noise, can generate air emissions and/or wastewater discharges.
Environmental impacts are the changes to the organization’s environment resulting from its environmental aspects.
ISO 14001:2015 clause 6.1.2 is about determining environmental aspects and impacts. I would say that determining environmental aspects and impacts is the corner stone of any E nvironmental Management System.
What are the steps in determining the environmental aspect and impacts?
Answer:
You should list all activities in your organization and then think about how each one interacts with the environment both under normal and abnormal conditions (check the risk in the image above).
Consider if it is relevant to go backwards and think about your suppliers’ aspects and impacts. If your decision is that there are some relevant aspects include them in your list. For example, a furniture manufacturer may consider timber’s provenance an important aspect because they want to avoid promoting illegal activities.
You should list all the ways your products or services interact with the environment. For example, during delivery, during use by the consumer, and even when it must be disposed after useful life. Remember the example of toys batteries – what will consumers do with them after use?
After listing all aspects, list all impacts, all consequences for the environment. Impacts are much more specific of each organization. For example, any car workshop generates waste oils. What is the final disposal of these oils? Some workshops send them for recycling or energy recovery, but one can throw it on the ground or in a water line. The environmental aspect is the same, the environmental impacts are completely different.
I also would like to know the difference between environmental impact assessment and environmental aspects and impacts.
Answer:
Environmental impact assessment is about analyzing and understanding the environmental implications of projects prior to construction. For example, a new airport must be built and there several possible locations. What can be the environmental consequences of building and operating an airport at each of those possible locations?
The following material will provide you more information about aspects and impacts:
Article - 4 steps in identification and evaluation of environmental aspects - https://advisera.com/14001academy/knowledgebase/4-steps-in-identification-and-evaluation-of-environmental-aspects/
Environmental aspect identification and classification - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/environmental-aspect-identification-and-classification/
Free webinar - Free webinar - ISO 14001: Identification and evaluation of environmental aspects - https://advisera.com/14001academy/webinar/iso-14001-identification-and-evaluation-of-environmental-aspects-free-webinar-on-demand/
Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/ -
ISMS vs ISMF
Please note that businesses have different organizational structures, so your focus shouldn't be on departments, but on roles and responsibilities.
Considering that, for ISO 27032 (Guidelines for cybersecurity), the roles responsible for information security, network security, internet security, and critical infrastructure should be trained (normally these roles are in the department which handles Information and Communication Technologies).
About ISO 27035 (Information security incident management), the above-mentioned roles, now including roles responsible for legal compliance also should be included.
For further information, see:
- Using ITIL to implement ISO 27001 incident management https://advisera.com/27001academy/blog/2015/11/10/using-itil-to-implement-iso-27001-incident-management/t/
-
Document review
Answer:
There is no single answer for the most appropriate approach, because each organization has its own needs to perform documentation review, but the most common adopted frequency is the annual review, because this periodicity helps certified organizations to be ready for surveillance audits, which are in general performed annually, without much increase in the administrative work.
This article will provide you further explanation about document management:
- Document management in ISO 27001 & BS 25999-2 https://advisera.com/27001academy/blog/2010/03/30/document-management-within-iso-27001-bs-25999-2/
This material will also help you regarding document management:
- Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/ -
Audit standard
Could you suggest me some audit standards where I can improve my knowledge as well I can grow in my career?
Answer:
Considering ISO standards, the standard to be known is the ISO 19011, which provides guidance on auditing management systems. You can find this standard here: https://www.iso.org/standard/70017.html
This article will provide you further explanation about becoming an auditor:
- What does ISO 27001 Lead Auditor training look like? https://advisera.com/27001academy/blog/2016/08/29/what-does-iso-27001-lead-auditor-training-look-like/
These articles will provide you further information about risk assessment:
- ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
- How to write ISO 27001 risk assessment methodology https://advisera.com/27001academy/knowledgebase/write-iso-27001-risk-assessment-methodology/ -
ISO 27001 certification
First it is important to note that ISO 27002 is not a certifiable standard. The certifiable standard is ISO 27001, and provided that your security program can fulfill all requirements defined on sections 4 to 10 of ISO 27001, you can look for certification.
These articles will provide you further explanation about ISO 27001, ISO 27001 certification and use of control frameworks:
- What is ISO 27001 https://advisera.com/27001academy/what-is-iso-27001/
- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
- How to use NIST SP 800-53 for the implementation of ISO 27001 controls https://advisera.com/27001academy/blog/2016/05/10/how-to-use-nist-sp-800-53-for-the-implementation-of-iso-27001-controls/
These materials will also help you regarding ISO 27001 implementation:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/ -
Applying clause 8.5.1
Answer
Let us check every item on that clause:
a) Do you have product specifications that describe features and performance targets?
b) Do you have the necessary monitoring and measuring resources to confirm product quality according to specifications and performance targets?
c) Do you have a process control plan that defines for each manufacturing step what is relevant to control with what frequency and within which limits in the process? (For example, temperature or pressure control). Do you have a process control plan that defines for each manufacturing step what kind of quality control should be done for raw-materials and work-in-progress materials with what frequency and within which limits? (For example, impurity content)
d) Do you have suitable equipment? (Any abnormal rate of breakdowns or lost production time?) Do you have a suitable environment? (If relevant to protect product quality – moisture control, pest control, contamination control, …)
e) Do y ou have enough people in your production process? Are they competent according to your own criteria? Are there any external competency requirements that need to be fulfilled? (For example, in a construction company, a civil engineer may be required)
f) Do you have any relevant production steps where quality cannot be measured after the step? (It is not practical, or it is very expensive) For example, do you need to ensure sterilization of tank? (You need to develop a method to ensure sterilization, then apply method and validate method by making tests. After validation ensure that you apply the method).
g) Determine risks of human error, evaluate potential consequences and implement actions to prevent it. (What Japanese call “poka-yoka”. For example, once I was distracted and started to fill the gas tank of my car. However, he could not do it, the hose did not get in the car, it was too large. It was then that I realized that I had picked the hose from the diesel and my car was on gasoline.)
h) What kind of control is needed during delivery? (No need of release or post-delivery activities
The following material will provide you more information about production control:
- ISO 9001 – Understanding Product & Service Provision in ISO 9001 - https://advisera.com/9001academy/blog/2014/10/07/understanding-product-service-provision-iso-9001/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Revision and changes
Answer
If you change a form and at the same time you keep the its designation, you should change the revision code. If you don’t do that there is the risk of different people using different versions of the form at the same time. Many years ago, before ISO 9001 implementation, I was quality manager at a company and was discussing by telephone the features of a product with one of our commercial representatives in another country. After some time, we realized that we were using different versions of the product specification. We only find out because, fortunately, each version had text in different colors.
The following material will provide you more information about effectiveness:
- ISO 9001 – New approach to document and record control in ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/
- free online training ISO 9001:2015 Foundations Course – https://tr aining.advisera.com/course/iso-90012015-foundations-course/
- book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Efficiency and effectiveness
"To track implementation of the strategic plan thorough monitoring and evaluation o the first cycle M &E plan by 2019 is it a good objective
"To Ensure efficient use of resources by measuring effectiveness of the systems by June 2019
Answer
Your organization want to ensure efficient use of resources.
If your organization meets efficiency targets your purpose will be satisfied and your management system will be effective. You see it is because your organization is efficient that the management system will be considered effective not the other way around.
What are the most relevant topics concerning efficiency in your organization? Is it energy per amount produced? Is it man-hours per amount produced? Is it production quantity per hour?
Good objectives will be about energy consumption per amount produced, or man-hours needed per amount produced, or production quantity per hour. If your organization meet its targets for each objective it will be eff icient, and by meeting all objectives it will be effective.
The following material will provide you more information about effectiveness:
- ISO 9001 – Practical tips for measuring your QMS according to ISO 9001:2015 clause 9.1 - https://advisera.com/9001academy/blog/2017/08/29/practical-tips-for-measuring-your-qms-according-to-iso-90012015-clause-9-1/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/