Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • ISO 22301 audit


    Answer:

    The path for certification as auditor for ISO 22301 (either internal auditor or lead auditor) is the same as for auditor for ISO 27001 (you have to attend a course and be approved in a exam). However, considering that you already have an auditor certification for ISO 27001, you have two options here:
    - Go for an ISO 22301 auditor course
    - Go for an ISO 22301 foundations course, to acquire the knowledge specific about the ISO 22301 standard, since the standard used in the ISO 22301 auditor course is the same for ISO 27001
    Considering that you already have experience auditing ISO 27001, this second approach is acceptable by auditors, because you can demonstrate experience on auditing ISO management systems.

  • Separating AS9100 and ISO 9001


    Answer:
    The answer to this comes down to how you have defined the scope of your quality management system (QMS). If you have stated your scope in such a way that all of the QMS rules apply to every product then you will need to apply all rules to everything. If, however, you defined your scope to allow certain products to have ISO 9001 polices applied, with the additional aerospace requirements of AS9100 applied to only certain products or parts of the company, then you can separate what is applied where.

    For instance, I have seen a company that had three assembly lines, two of which made automotive parts and were certified to IATF16949 and the final one which made other parts which was certified to ISO 9001. For this final assembly line the additional au tomotive requirements did not apply.

    For a simple explanation of the AS9100 Rev D standard, see the whitepaper: Clause-by-clause explanation of AS9100 Rev D, https://info.advisera.com/9100academy/free-download/clause-by-clause-explanation-of-as9100-rev-d

  • IMS Framework validation

    My final year research thesis topic "development of integrated management system for testing and calibration laboratories". I have developed the IMS Manual, conforms with the requirements of (ISO 9001:2015, ISO 14001:2015, ISO 45001:2018, ISO/IEC 17025:2017 and AS 9100D: 2016). I also developed the IMS Framework as per the IMS Manual. Now I want to validate that framework. I want you to guide me how to validate the IMS Framework? I'm also going to implement this IMS manual in an organization. Answer: Any plans must be updated when they start contacting reality. Your IMS Framework should be viewed as an initial approach based on your experience and learning. Now you should use your opportunity to implement it in an organization as a way of validating your work and fine tuning it. Start by the end: what is the organization’s actual performance and what improvements do you want or expect to see after a certain time frame. Implement your IMS Framework and c heck evolution against performance measures and perform internal audits to check conformity and improve the IMS Framework. Effectiveness is the most important outcome. The following materials will provide you more information about measuring performance: - Article - How to implement the Check phase (performance evaluation) in the QMS according to ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/11/17/how-to-implement-the-check-phase-performance-evaluation-in-the-qms-according-to-iso-90012015/ - Free webinar – How to integrate ISO 9001:2015 and ISO 14001:2015 - https://advisera.com/9001academy/webinar/how-to-integrate-iso-90012015-and-iso-140012015-free-webinar-on-demand/ - [free course] ISO 14015:2015 Internal Auditor Course - https://advisera.com/training/iso-14001-internal-auditor-course/ - book - ISO Internal Audit: A Plain English Guide - https://advisera.com/books/iso-internal-audit-plain-english-guide/

  • KPIs and the process approach

    “By utilizing the KPIs that the company has identified as the important indicators that the processes are functioning well the overall QMS objectives for improvement become much easier to measure.”

    Answer
    Let us consider the whole article How to Write Good Quality Objectives- https://advisera.com/9001academy/knowledgebase/how-to-write-good-quality-objectives/ before that phrase.

    https://www.screencast.com/users/ccruz5284/folders/Default/media/8b2d6344-c239-4f40-b80e-0ace5471fa1a

    For example, a company wins business by being the lower bidder in public contracts. So, its Quality Policy assumes that efficiency is a top priority. Efficiency is translated into an overall QMS objective called “Improve productivity”.

    An organization can be seen as a set of processes:

    https://www.screencast.com/users/ccruz5284/folders/Default/media/59aaeb94-7829-4b00-84ec-18ab4e76c6b6

    Meeting a particular QMS objective will be a function of one or more processes. For example:

    https://www.screencast.com/users/ccruz5284/f olders/Default/media/8ace04c4-264f-4105-b8bb-65734f8774d2

    In this organization, processes “4.Prepare production” and “6.Maintain equipment” are considered the two most relevant to “Improve productivity”.
    Now, the organization can consider several ways of monitoring processes 4 and 6 performance. For example, measures for process 6 can be:
    * Maintenance costs
    * Mean time between failure of critical equipment
    * Lost production time

    All measures are relevant and have their reason, but the organization decides that “Lost production time” is a KPI because it is a good proxy for improved productivity. This is an example of “(e.g. one objective for the whole QMS, then individual objectives for the product or process that supports the overall objective).”

    Now, back to your question. The overall QMS objective is, sometimes, very abstract and the final result of a long chain of cause-effect. With KPI’s an organization can monitor in real time measures that will affect the overall QMS objective that will only be measurable much later.

    The following material will provide you more information about the process approach:
    - Free webinar – The Process Approach - What it is, why it is important, and how to do it - https://advisera.com/9001academy/webinar/iso-9001-process-approach-free-webinar-on-demand/
    - free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    - book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • GDPR Readiness Assessment and DPIA


    Answer:

    The purpose of the EU GDPR Readiness Assessment is for the company to do a self-check on the status of compliance with the main requirements of the EU GDPR. Since this questionnaire is not exhaustive, it does not provide a 100% accurate overview of your company’s compliance.

    If the answer to all of the questions in the Assessment is, “Yes,” you might already be compliant with the provisions of the EU GPDR. Still, all instances where you will answer, “Yes,” should be thoroughly documented to prove accountability and compliance.

    If you would answer “No,” to some questions, it will indicate where you need to focus your compliance efforts.

    A DPIA is a process designed to help you systematically analyze, identify and minimize the data protection risks of a project or plan. It is a key part of your accountability obligations under the GDPR, and when done properly helps you assess and demonstrate how you c omply with all of your data protection obligations. It does not have to eradicate all risk but should help you minimize and determine whether or not the level of risk is acceptable in the circumstances, taking into account the benefits of what you want to achieve.

    2. Should these be conducted simultaneously? Or, how long after the Readiness Assessment is completed should a DPIA be carried out?

    Answer:

    As you can see the two documents serve totally different purposes so the order is not important. However, consider that the EU GDPR Readiness Assessment is meant to analyze the overall compliance of a company and it makes sense to use this assessment first.

  • Conditions to issue a valide certificate


    Answer
    A valid certificate is issued by a certification body, accredited under International Accreditation Forum, after performing a two-stage audit to evaluate compliance with ISO 9001 requirements.

    The following material will provide you more information about certification audits:
    - ISO 9001 – How to prepare your company for the ISO 9001 certification audit - https://advisera.com/9001academy/03/how-to-prepare-your-company-for-the-iso-9001-certification-audit/
    - Surveillance visits vs. certification audits - https://advisera.com/27001academy/knowledgebase/surveillance-visits-vs-certification-audits/
    - free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    - book – Discover ISO 9001:2 015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Monitoring resources

    Where in the standard supports that tool design should verify tooling and record results prior to providing tooling to production?

    Answer
    ISO 9001:2015 clause 7.1.5 is about monitoring and measurement resources used to ensure valid and reliable results about the conformity of products and services to requirements. So, all monitoring and measurement resources used to make a decision about the final products or services should be controlled. All other monitoring and measurement resources control should be based on management decision. If your tool design department works to supply tools to production your current practice is acceptable. If your tool design department works to supply tools to outside customers, then their monitoring and measurement resources should be controlled.

    The following material will provide you more information about the monitoring and measurement resources:
    - Monitoring and Measurement: The basis for evidence-based decisions - https://advisera.com/9001academy/blog/2020/09/21/how-to-perform-monitoring-and-measurement-according-to-iso-9001/
    - [free course] ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
    - [free course] ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-9001-internal-auditor-course/
    - Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Information security on managed offices


    Answer:

    If I understood correctly, this managed office is the main premise of your customer, so it can not be excluded from the scope.

    If your client does not have much control over the managed office to demand implementation of physical controls related on section A.11, then he should focus on protecting the assets on workstations he uses, and for this he must consider defining a clear desk and clear screen policy to ensure unattended information or equipment is removed from desk and screen when not in use or the user is absent.

    Specifically for notebooks you can recommend the use of screen filters that reduce the angle of view from which other personnel can see what is in the screen (with these filters people have to be exactly in front of the screen to see something.)

    If want to see how this policy looks like, I suggest you to take a look at the free demo of our Clear desk and clear screen policy at this link: https://advisera.com/27001academy/documentation/clear-desk-and-clear-screen-policy/

    This article will provide you further explanation about clear desk and clear screen policy:
    - Clear desk and clear screen policy – What does ISO 27001 require? https://advisera.com/27001academy/blog/2016/03/14/clear-desk-and-clear-screen-policy-what-does-iso-27001-require/

  • AS9100 Rev D: Auditing of monitoring software


    Answer:
    Clause 9.1.1 talks about monitoring and measurement, and in particular discusses the need for ensuring methods give valid results. If the method of monitoring and measurement is to use software, then this needs to be audited to ensure that it is giving valid results, and that the monitoring and measurement is maintained.

    In addition, clause 8.5.1.1 discusses control of equipment, tools and software used to automate, control, monitor or measure production processes. This requirements discussed that these items need to be validated prior to release and maintained. This would also require auditing.

    For a better understanding of the AS9100 Rev D standard, see the whitepaper: Clause-by-clause explanation of AS9100 Rev D, https://info.advisera.com/9100academy/free-download/clause-by-clause-explanation-of-as9100-rev-d

  • ISO 22301 clause 4.4


    Answer:

    The identification of BCMS process and their interactions is evidenced through the BCMS scope document. In this document you have to ensure it is identified:
    - which parts of the organization are in the BCMS (clause 4.3.2 c))
    - products, services and activities related to the parts in the BCMS (clause 4.3.2 d))

    This article will provide you further explanation about defining scope (the article is related to ISO 27001, but the same concept is applicable to ISO 22301):
    - How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
Page 543-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +