Search results

Home / Search

Category:
Select
Select

11272 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • ISO 9001 vs ISO 22000


    Answer

    Yes, ISO 9001 is general usage standard, it can be applied in all economic sectors. ISO 22000 is for the food industry.

    The following material will provide you more information about the difference between ISO 9001 and ISO 22000:
    - ISO 9001 – Similarities and differences between ISO 9001 and ISO 22000 - https://advisera.com/9001academy/blog/2018/11/20/similarities-and-differences-between-iso-9001-and-iso-22000/
    - free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    - book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Defining good objectives


    Answer

    I do not consider that proposal as a good objective. ISO 9000:2015 defines objective as a result to be achieved, not as an activity to be performed.
    Your organization has a strategic plan. If that plan is valid and effective what major results will be achieved? Those major results can be your objectives.

    The following material will provide you more information about good objective definition:
    - ISO 9001 – How to Write Good Quality Objectives - https://advisera.com/9001academy/knowledgebase/how-to-write-good-quality-objectives/
    - What has changed with quality objectives in ISO 9001:2015? - https://advisera.com/9001academy/blog/2018/05/08/what-has-changed-with-quality-objectives-in-iso-90012015/
    - Free webinar – Measurement, analysis, and improvement according to ISO 9001:2015 - https://advisera.com/9001academy/webinar/measurement-analysis-and-improvement-according-to-iso-9001-2015-free-webinar/ -2015-free-webinar-on-demand/
    - free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    - book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Cómo reducir la documentación en un SGC


    Respuesta:

    En realidad esta nueva versión de la norma ISO 9001:2015 exige mucha menos información documentada que las versiones anteriores, no obstante en este artículo puede consultar cuáles son los documentos y registros obligatorios con los que tiene que cumplir para poder certificar su SGC - Lista de documentos obligatorios requeridos por la ISO 9001:2015: https://advisera.com/9001academy/pt-br/kit-de-documentacao-da-iso-9001/nowledgebase/lista-de-documentos-obligatorios-requeridos-por-la-iso-90012015/

    Por otro lado, tenga en cuenta que ningún procedimiento es obligatorio, y que depende única y exclusivamente de la organización decidir si son necesarios para el correcto funcionamiento de los procesos o el futuro mantenimiento del sistema de gestión de calidad. Mi recomendación es que se escriban aquellos que sean cruciales para la organización.

    Y finalmente recuerde que sólo son necesarios los registros y documentos que sirvan para el correcto funcionamiento y eficacia de su sistema de gestión de calidad y su alcance.

    Para más información sobre cómo reducir la cantidad de documentación en ISO 9001:2015, vea los siguientes materiales:
    - Artículo - New approach to document and record control in ISO 9001:2015: https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/
    - Libro - Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
    - Curso gratuito en línea - Curso fundamentos de la norma ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/

  • Physical access control


    An organization is using an access control system via card authentication to control physical entry and exit to a location within ISMS scope. The software that drives this access control was found to be 8 years and outdated with inherent vulnerabilities since the OEM has released much newer version with added security and performance features. Should this not be a non conformity minor given that this access software that drives this physical entry control could be compromised or fail out-rightly since its been 8 years without any update and outdated.

    Answer:

    First it is important to note that a non conformity is based on evidences that something required was not planned or was not performed as planned.

    Considering that, and your stated scenario, you have evidence that the software that drives this access control was not properly updated, and a minor nonconformity is more related to controls A.12.5.1 (Installation of software o n operational systems) and A.12.6.1 (Management of technical vulnerabilities), than the control A11.1.2 (Physical entry control).

    A non conformity related to control A11.1.2 must be based on evidence of failure of the control (e.g., reported incidents of unauthorized access), and your stated scenario only mentions a possible access compromise (which in fact is an increase in the risk, not a non conformity).

    These articles will provide you further explanation about access control and vulnerability management:
    - How to handle access control according to ISO 27001 https://advisera.com/27001academy/blog/2015/07/27/how-to-handle-access-control-according-to-iso-27001/
    - How to manage technical vulnerabilities according to ISO 27001 control A.12.6.1 https://advisera.com/27001academy/blog/2015/10/12/how-to-manage-technical-vulnerabilities-according-to-iso-27001-control-a-12-6-1/

  • Inputs for risk assessment

    >I understand this way but also have a question

    >Step 1: List assets & the trigger from Internal and external issues (within ISMS Scope) – >Perform CIA is addressed High/Medium/VH

    Answer: Internal and external issues are only part of the elements used to identify assets for the risk assessment. The best way to build asset inventory is to interview the head of each department, and list all the assets a department uses. The easiest is the “describe-what-you-see” technique – basically, ask this person e.g. to list all the software that he or she sees that are installed on the computer, all the documents in their folders and file cabinets, all the people working in the department, all the equipment seen in their offices, etc.

    For further information, see: How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/

    >Step Step 2: For Medium and High/VH from Step 1, list Threats & Vulnerabilities, the calculate probability & impact rating that has values (based on what we define)

    >Question: where do we determine risk here. where do we write risk or do we need a column here for writing risk? As I see only threats, vulnerabilities, Probability impact and risk rating.

    Answer: First it is important to note that when performing risk identification through asset-vulnerability-threat approach you do not write a risk text (e.g., risk of data loss due equipment failure). In this approach the identification of the relation asset-vulnerability-threat is the risk statement (e.g., paper report - single copy - fire, or electronic record - single copy - storage unit failure).

    >Step 3: Input from Step 2 prioritized risks to address. Where do we write risks (I see only threat and vulnerabilities and risk ranking that we will further address.
    >Step 3: Based on higher risk rating we Select controls. Find gaps and adress.
    >Step 4: SoA

    >Dejan, the explanation of First step to start with threat and vulnerabilities thereby aligning to assets within the ISMS scope is an interesting write. But lag in understanding how to define the overall definitions.

    Answer: For better understanding of the overall risk assessment process I suggest you to see this webinar:
    - The basics of risk assessment and treatment according to ISO 27001 [free webinar] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/

  • ISO 45001: Procurement and contractors


    Answer:
    Clause 8.1.4 of ISO 45001:2018 is included in the standard to ensure that the process for procuring from external providers within your company includes controls so that the products and services you purchase meet the needs of your OHSMS, or in other words do your purchases consider occupational health & safety. The clause further discusses particular considerations for contractors and outsourcing separately, mainly because these are special types of procurement that require extra thought. Of course, the controls you will need to put in place will be dependant on not only your organization, but also the outsourcing or contracting you are using.
    In general Outsourcing occurs at a supplier facility when they take on one of your processes, and this also requires you to ensure that these outso urced products and service meet your OH&S needs. Contractors will generally work within your facility, and need to understand your OH&S requirements as well as how they affect the OH&S of your facility. How do you ensure that contractors will not negatively affect your OHSMS when they are doing work, and how do you ensure that your do not negatively impact contractor safety when they are working? These two terms are defined more clearly, along with others, in the article: ISO 45001:2018 Glossary of terms, https://advisera.com/45001academy/blog/2019/06/27/iso-45001-glossary-of-terms-and-definitions/
    For an explanation of the whole ISO 45001 standard, see the whitepaper: Clause-by-clause explanation of ISO 45001:2018, https://info.advisera.com/45001academy/free-download/clause-by-clause-explanation-of-iso-45001

  • ISO 45001: How to get started


    Answer:
    One of the most beneficial aspects that I have found with the ISO 45001 format (just like all the other ISO management system standards), is that the document is written in the order that you would want to implement the requirements. So, starting at the beginning of the standard you want to first identify the context of the organization by identifying the internal and external issues, the interested parties and their needs, and documenting the scope. Following this you will want to put in place all of the leadership and worker participation processes, including documenting OH&S objectives, assigning roles and responsibilities, and putting in place the process for worker consultation and participation. You would then proceed through the standard, putting in place the processes and documentation required.

    The one exception to this, is that it is helpful to implement the requirements of clause 7. 5 for creating, maintaining and storing documented information (procedures and records) at the beginning since this will be needed to document everything you need as you go along. The only other good advice I can give you is to split up the tasks and get started. You don’t seem to have a lot of time, and you just need to go through the standard and put in place the required documentation before the stage 1 audit so having more than one person working on this will be helpful.

    For more information on the mandatory documentation required, see the whitepaper: Checklist of Mandatory Documentation Required by ISO 45001, https://info.advisera.com/45001academy/free-download/checklist-of-mandatory-documentation-required-by-iso-45001

  • Management review and monitoring and measurement results

    https://sl********** - Ehojvic Elebwa ixf.vrus.community.advisera.com.rlu.ad https://sl**********

  • Aspects and impacts in the construction industry


    Answer:

    What kind of construction work does your organization perform? For each kind of construction work list raw materials used and activities performed. Then, for each raw material and activities think about how they interact, or potentially interact, with the environment. Consider the relevance of extending the aspect determination to suppliers’ activities. For example, is sand coming from a legal source?
    You can build a library of basic aspect-impact determination for each kind of construction work.

    The following material will provide you information about aspects-impacts determination:
    - Using ISO 14001:2015 to identify environmental aspects in the construction industry - https://advisera.com/14001academy/blog/2015/11/10/using-iso-140012015-to-identify-environmental-aspects-in-the-construction-industry/
    - Free webinar - ISO 14001: Identification and evaluation of environmental aspects - https://advisera.com/14001academy/webinar/iso-14001-identification-and-evaluation-of-environmental-aspects-free-webinar/ -evaluation-of-environmental-aspects-free-webinar-on-demand/
    - Free online course - ISO 14001:2015 Lead Implementer Course - https://advisera.com/training/iso-14001-lead-implementer-course/
    - Book - The ISO 14001:2015 Companion - A STRAIGHTFORWARD GUIDE TO IMPLEMENTING AN EMS IN A SMALL BUSINESS - https://advisera.com/books/the-iso-14001-2015-companion/

  • Not reacting to a nonconformity


    Answer:
    More than documentation, context is about reflection, about thinking in what is around and within an organization that can explain its presence and influences its future. ISO 9001:2015 does not require any documentation. You can record your organization’s context in a meeting minute, for example. See below an example at the white paper.

    2. If the gap analysis of non-achievement of Quality objectives is not available during internal audit & NC has been given, is this NC goes to clause no 6.2 or clause no 9.1.3?

    Answer:
    Your organization-defined quality objectives and plans to meet them – clause 6.2 is OK.
    Your organization monitored and evaluated performance against the quality objectives – clause 9.1.3 is OK
    So, quality objectives were not met (a nonconformity by the way) and the organization has not reacted – clause 10.2.1 is NOK
    Not reacting is the audit nonconformity and the clause is 10.2.1.

    The following materia l will provide you more information about corrective actions:
    White paper - Case study for ISO 9001:2015 transition in a construction company - https://info.advisera.com/hubfs/9001Academy/9001Academy_FreeDownloads/Case_study_for_ISO_9001_2015_transition_in_construction_company_EN.pdf
    How to deal with nonconformities in an ISO 9001 certification audit - https://advisera.com/9001academy/blog/2015/06/09/how-to-deal-with-nonconformities-in-an-iso-9001-certification-audit/
    Free webinar – ISO 9001:2015 clause 4 - Context of the organization, interested parties, and scope - https://advisera.com/9001academy/webinar/iso-90012015-clause-4-context-of-the-organization-interested-parties-and-scope-free-webinar-on-demand/
    Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
Page 541-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +