Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11269 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Human resources in ISO 9001
1. Is it applicable to consider human resource policy among policies necessary during implementation of QMS
2.What human resource policy should reflect in context with QMS.
3. Which human resource policy suite best when implementing QMS
Answer:
Since all questions are related I will anwer them together. Basically human resources policies need to be aligned with the human resources requirements that are found in ISO 9001.
On the one hand, in the standard there are requirements for the people that are involved in the QMS processes and on the other hand, there are requirements for the people that need to achieve conformity of products and services. This is reflected in clause 7.1.2.
Also in clause 7.2, Competence, there are specific requirements to ensure people are competent adquiring the necessary knowledge. This also must be reflected in the HR procedure (if the organization decide to have it) or HR policies of the company.
For more information about human resource s requirements in ISO 9001:2015, see the following materials:
- Article - How to create an ISO 9001:2015 human resources audit checklist: https://advisera.com/9001academy/blog/2019/02/28/how-to-create-an-iso-90012015-human-resources-audit-checklist/
- Article - Understanding Resource Management in ISO 9001: https://advisera.com/9001academy/blog/2014/02/11/understanding-resource-management-iso-9001/
- Free on-line training - ISO 9001:2015 Foundations Course: https://advisera.com/training/iso-9001-foundations-course/
- Discover ISO 9001:2015 though practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Opportunities around environmental aspects
Answer:
For example, imagine that during the environmental assessment your organization determined that waste generation is a relevant environmental aspect. When evaluating context your organization can determine certain trends relevant for the environment such as: technological innovations that allow a more efficient use of raw materials reducing the waste generated. So, when you consider together that environmental aspect and the technological evolution, you can identify an opportunity to increase raw material yield and reduce an environmental impact.
The following material will provide you information about an environmental aspects and opportunities:
- ISO 14001 – 4 steps in identification and evaluation of environmental aspects - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/4-steps-in-identification-and-evaluation-of-environmental-aspects/ uation-of-environmental-aspects/
- ISO 14001 risks and opportunities vs. environmental aspects - https://advisera.com/14001academy/blog/2016/06/06/iso-14001-risks-and-opportunities-vs-environmental-aspects/
- free online training ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
- book - THE ISO 14001:2015 COMPANION – A Straightforward Guide to Implementing an EMS in a Small Business - https://advisera.com/books/the-iso-14001-2015-companion/ -
Transfer personal data outside the EU
Answer:
It is legal to transfer personal data outside the EU if specific safeguards are implemented to ensure an adequate level of protection of the personal data.
If you want to find out more about cross border data transfers check out this free webinar How to make personal data transfers to other countries compliant with GDPR ( https://advisera.com/webinars/how-to-make-personal-data-transfers-compliant-with-gdpr-free-webinar-on-demand/). -
ISO 27001 and application security
(Hello, my question is the following: I use ISO 27001 to propose a security scheme in a mobile application ... or which standard you would recommend for the security scheme (mobile app).)
Answer: ISO 27001 can provide you a general security scheme, but for more detailed guidance on mobile application we recommend you to take a look at ISO 27034, an ISO 27001 supporting standard covering specifically application security. You can have a preview of this standard at this link: https://www.iso.org/standard/44378.html
You can also consider the OWASP project to built a robust application.
This article will provide you further explanation about OWASP:
- How to use Open Web Application Security Project (OWASP) for ISO 27001? https://advisera.com/27001academy/blog/2018/04/24/how-to-use-open-web-application-security-project-owasp-for-iso-27001/ -
Certification process
Answer: ISO 27001 certifcations are issue by organizations know as "certification bodies", which follow strict procedures to audit and report audit results to provide confidence on audit findings to interested parties (e.g., the organization itself, its customers, regulation bodies, etc.).
The choice of the certification body is an organization's decision, based on its strategies and business objectives and alignment with certification body practices.
This article will provide you further explanation about certification body:
- Accreditation vs. certification vs. registration in the ISO world https://advisera.com/articles/accreditation-vs-certification-vs-registration-in-the-iso-world/
- How to choose a certification body https://advisera.com/blog/2021/01/11/how-to-choose-an-iso-certification-body/ -
SMS scope change
Answer:
Sure, you can change scope of the SMS. That's even, in some particular cases, advisable. For example, large organization, complex (service/technology) landscape, etc. Rule is - start small and expand in a pace you can control.
There is a negative size of a s "small" scope - many elements are external to the SMS. So, you have to decide where to start and how to expand.
Here is the article to help you with the scope " How to define the scope of the SMS in ISO 20000" https://advisera.com/20000academy/blog/2015/06/02/how-to-define-the-scope-of-the-sms-in-iso-20000/
When changing the scope, you need to talk to your certification body and get an agreement i.e. confirmation from them. -
Sharing documents
Answer:
Since this sharing is a legal requirement, this would not be a breach in the license use of our documentation. To protect your own information included in these polices, we recommend you to provide these with a warning to third parties that these policies should be shared only with personnel that needs them to perform their own work. -
Planning internal audit
Answer:
You do not have to audit you certified ISMS against all clauses each year. For certification purposes you only have to ensure that all ISO 27001 requirements had been audited at least once before the next certification audit. Considering that, you can audit only part of the requirements on each annual internal audit, provided that at the next certification audit all requirements had been audited at least once. It will be acceptable for surveillance audits.
The best approach would be for you to check the surveillance audits schedule to verify which requirements will be covered by the next surveillance audit, so you can focus on them.
These articles will provide you further explanation about internal and surveillance audits:
- How to prepare for an ISO 27001 internal audit https://advisera.com/27001academy/blog/2016/07/11/how-to-prepare-for-an-iso-27001-internal-audit/
- Surveillance visits vs. certification audits https://advisera.com/27001academy/knowledgebase/surveillance-visits-vs-certification-audits/ -
Describing ISO clauses
Answer
Normally, the paragraph is not mentioned. So, an auditor would refer to clause 4.4.1, item b).
The following material will provide you information about non writing audit nonconformities:
- Article – How to write a good ISO 9001 audit nonconformity? - https://advisera.com/9001academy/blog/2018/04/24/how-to-write-a-good-iso-9001-audit-nonconformity/
- ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-9001-internal-auditor-course/
- Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Internal audit scope
When performing an audit the auditor compares what is done in reality with the audit criteria:
Auditors go into reality. Collect audit evidences and compare them with audit criteria. From that comparison they develop audit findings. Audit findings indicate conformity or nonconformity.
So, the internal auditor uses the procedure as audit criteria to set the reference and to develop its checklist. Then, using the checklist the auditor verifies if practices are according to the reference.