Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11272 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Scope determination
Answer
An organization can have several lines of products, can have different markets, can provide different services. Once an organization decides to implement a quality management system (QMS) and certify it, the organization is not obliged to integrate all those services, lines and products under the QMS and subject all activities to certification. Deciding the scope of the QMS is not a technical decision, it is a management decision.
The certificate describes the scope of the QMS in order to avoid misleading any interested party. If financing services are very important for your organization’s offer perhaps it is useful to integrate them in the list.
The following material will provide you more information about scope definition:
- ISO 9001 – How to define the scope of the QMS according to ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/how-to-define-the-scope-of-the-qms-according-to-iso-90012015/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Getting clients as consultant
Answer:
When people ask me: how do I get clients as consultant? I draw the following picture:
People must be aware of your existence and must be aware of your competence, and trust on your competence. I wrote a blogpost precisely for people like you facing the challenge of starting a business as consultants.
The following material will provide you information about getting clients as consultant:
- How to get new clients for your ISO 9001 consultancy - https://advisera.com/9001academy/blog/2019/03/05/how-to-get-new-clients-for-your-iso-9001-consultancy/
- Free webinar – How to sell ISO consulting services - https://advisera.com/9001academy/webinar/how-to-sell-iso-consulting-services-free-webinar-on-demand/
- Free online course - ISO 14001:2015 Lead Implementer Course - https://advisera.com/training/iso-14001-lead-implementer-course/ -
Alternatives for implementing a QMS
Answer
I start with a question: is there any relevant advantage for your company in being ISO 9001 certified? An organization can implement a quality management system according to ISO 9001 at its own pace and not advance to certification. However, if certification can give your company a boost in credibility and image, particularly among potential clients, then, perhaps it is worth getting it. During implementation year you will need a 60/80% time of a person for being p roject leader. So, you can get the help of a consultant, you can hire a quality manager/project leader with previous experience in implementation projects, you can hire someone to be the quality manager, even without experience, and train him or her on ISO 9001 and get help with documentation from a tool kit.
Please check the following material, Advisera developed these kinds of products/services with organizations like yours in mind:
- Article – Six Key Benefits of ISO 9001 Implementation - https://advisera.com/9001academy/knowledgebase/six-key-benefits-of-iso-9001-implementation/
- Free webinar on demand - Overview of ISO 9001 implementation steps - https://advisera.com/9001academy/webinar/overview-of-iso-9001-implementation-steps-free-webinar-on-demand/
- Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- ISO 9001:2015 Documentation Toolkit - https://advisera.com/9001academy/iso-9001-documentation-toolkit/
- Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Human resources in ISO 9001
1. Is it applicable to consider human resource policy among policies necessary during implementation of QMS
2.What human resource policy should reflect in context with QMS.
3. Which human resource policy suite best when implementing QMS
Answer:
Since all questions are related I will anwer them together. Basically human resources policies need to be aligned with the human resources requirements that are found in ISO 9001.
On the one hand, in the standard there are requirements for the people that are involved in the QMS processes and on the other hand, there are requirements for the people that need to achieve conformity of products and services. This is reflected in clause 7.1.2.
Also in clause 7.2, Competence, there are specific requirements to ensure people are competent adquiring the necessary knowledge. This also must be reflected in the HR procedure (if the organization decide to have it) or HR policies of the company.
For more information about human resource s requirements in ISO 9001:2015, see the following materials:
- Article - How to create an ISO 9001:2015 human resources audit checklist: https://advisera.com/9001academy/blog/2019/02/28/how-to-create-an-iso-90012015-human-resources-audit-checklist/
- Article - Understanding Resource Management in ISO 9001: https://advisera.com/9001academy/blog/2014/02/11/understanding-resource-management-iso-9001/
- Free on-line training - ISO 9001:2015 Foundations Course: https://advisera.com/training/iso-9001-foundations-course/
- Discover ISO 9001:2015 though practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Opportunities around environmental aspects
Answer:
For example, imagine that during the environmental assessment your organization determined that waste generation is a relevant environmental aspect. When evaluating context your organization can determine certain trends relevant for the environment such as: technological innovations that allow a more efficient use of raw materials reducing the waste generated. So, when you consider together that environmental aspect and the technological evolution, you can identify an opportunity to increase raw material yield and reduce an environmental impact.
The following material will provide you information about an environmental aspects and opportunities:
- ISO 14001 – 4 steps in identification and evaluation of environmental aspects - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/4-steps-in-identification-and-evaluation-of-environmental-aspects/ uation-of-environmental-aspects/
- ISO 14001 risks and opportunities vs. environmental aspects - https://advisera.com/14001academy/blog/2016/06/06/iso-14001-risks-and-opportunities-vs-environmental-aspects/
- free online training ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
- book - THE ISO 14001:2015 COMPANION – A Straightforward Guide to Implementing an EMS in a Small Business - https://advisera.com/books/the-iso-14001-2015-companion/ -
Transfer personal data outside the EU
Answer:
It is legal to transfer personal data outside the EU if specific safeguards are implemented to ensure an adequate level of protection of the personal data.
If you want to find out more about cross border data transfers check out this free webinar How to make personal data transfers to other countries compliant with GDPR ( https://advisera.com/webinars/how-to-make-personal-data-transfers-compliant-with-gdpr-free-webinar-on-demand/). -
ISO 27001 and application security
(Hello, my question is the following: I use ISO 27001 to propose a security scheme in a mobile application ... or which standard you would recommend for the security scheme (mobile app).)
Answer: ISO 27001 can provide you a general security scheme, but for more detailed guidance on mobile application we recommend you to take a look at ISO 27034, an ISO 27001 supporting standard covering specifically application security. You can have a preview of this standard at this link: https://www.iso.org/standard/44378.html
You can also consider the OWASP project to built a robust application.
This article will provide you further explanation about OWASP:
- How to use Open Web Application Security Project (OWASP) for ISO 27001? https://advisera.com/27001academy/blog/2018/04/24/how-to-use-open-web-application-security-project-owasp-for-iso-27001/ -
Certification process
Answer: ISO 27001 certifcations are issue by organizations know as "certification bodies", which follow strict procedures to audit and report audit results to provide confidence on audit findings to interested parties (e.g., the organization itself, its customers, regulation bodies, etc.).
The choice of the certification body is an organization's decision, based on its strategies and business objectives and alignment with certification body practices.
This article will provide you further explanation about certification body:
- Accreditation vs. certification vs. registration in the ISO world https://advisera.com/articles/accreditation-vs-certification-vs-registration-in-the-iso-world/
- How to choose a certification body https://advisera.com/blog/2021/01/11/how-to-choose-an-iso-certification-body/ -
SMS scope change
Answer:
Sure, you can change scope of the SMS. That's even, in some particular cases, advisable. For example, large organization, complex (service/technology) landscape, etc. Rule is - start small and expand in a pace you can control.
There is a negative size of a s "small" scope - many elements are external to the SMS. So, you have to decide where to start and how to expand.
Here is the article to help you with the scope " How to define the scope of the SMS in ISO 20000" https://advisera.com/20000academy/blog/2015/06/02/how-to-define-the-scope-of-the-sms-in-iso-20000/
When changing the scope, you need to talk to your certification body and get an agreement i.e. confirmation from them. -
Sharing documents
Answer:
Since this sharing is a legal requirement, this would not be a breach in the license use of our documentation. To protect your own information included in these polices, we recommend you to provide these with a warning to third parties that these policies should be shared only with personnel that needs them to perform their own work.