Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11277 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
GDPR Consent Forms
Answer:
You may chose to rely on consent or legitimate interest. This should be clarified in the Privacy Notice you need to provide to the candidates.
You can find out more about consent and legitimate interest from this article: Is consent needed? Six legal bases to process data according to GDPR (https://advisera.com/eugdpracademy/knowledgebase/is-consent-needed-six-legal-bases-to-process-data-according-to-gdpr/). -
EMS training needs in a QMS
Answer
I miss the context of the situation to give a straight answer. There is no requirement in ISO 9001:2015 that makes mandatory the implementation of an EMS. What can happen is that your organization may have customers that require that their suppliers have an EMS. In that case the auditors’ comment is understandable. Another possibility is that your organization developed internal environmental practices that are not being followed and that is why auditors said that you need to train employees about your environmental practices.
The following material will provide you information about integrating management systems:
- Article – How to implement integrated management systems - https://advisera.com/articles/how-to-implement-integrated-management-systems/
- Free webinar – How to integrate ISO 9001:2015 and ISO 14001:2015 – https: //advisera.com/9001academy/webinar/how-to-integrate-iso-90012015-and-iso-140012015-free-webinar/
- Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Dos o más organizaciones bajo el mismo certificado
para al documentación de estos procesos de apoyo dentro del alcance se puede dejar establecido que se brinda apoyo para la empresa No.2 ?
o se debe hacer ese mismo procedimiento dos veces uno para la empresa 1 y otro para la empresa 2 teniendo en cuenta que los recursos provienen directamente de la empresa No. 1
Answer:
La opción de tener dos sistemas de administración separados es solo una de las opciones disponibles. Es posible tener dos o más organizaciones bajo el mismo certificado, incluso si son entidades legalmente independientes.
El siguiente material le proporcionará información sobre la subcontratación:
- Artículo – Understanding outsourcing according to ISO 9001: A case study - https:// advisera.com/9001academy/blog/2019/03/19/understanding-outsourcing-according-to-iso-9001-a-case-study/
- Curso gratuito – Curso Fundamentos ISO 9001:2015 - https://advisera.com/es/formacion/curso-fundamentos-iso-9001/
- Libro - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Risk Assessment Table template
What is supposed to be in the "impact column"?
Answer: The value reflecting the effects of an incident that has occurred must be inserted in column G "Consequences" (from the perspective of ISO 27001 "impact" is the same thing as "consequences"), and to know what to include in this column, I suggest you this article:
- How to assess consequences and likelihood in ISO 27001 risk analysis https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#assessment
By the way, included in your toolkit you have access to a video tutorial that can help you fill in the Risk Assessment Table, using real examples. -
AS9100 Product safety requirements
Answer:
Product safety is defined in clause 3.4 as the product being able to perform its function without causing unacceptable risk or harm to persons or damage to property. So, by this definition product safety is about not causing injury to people or damage to property. Keeping this in mind when you read clause 8.1.3 for the requirements of product safety, we see that AS9100 asks that we put in place controls to assure product safety throughout the lifecycle of the product, or in other words ensure that the product behaves in a way to reduce or eliminate the risk of injury or property damage until it is disposed of at the end of life.
There is a list of examples that may be included in your proce ss, such as assessing hazards, reporting on events, communication and training of safety hazards, etc. If you have a product that does not have any safety risks, then just doing this assessment is enough since there is nothing to control. However, if you have safety risks you may need to identify this through the process. For example, if you had a product that held an electrical charge that could injure workers or damage property either at your facility or after delivery, you may need to have safety warning labels on the product or in the installation instructions as a control.
For your example of connectors, it is the safety aspects of the connectors through the lifecycle. How are not responsible for the safety aspects of products where your connector is used. If someone using your connector on a product where your connector becomes a contact point for power, this is up to them to determine and control. Your connector has no safety considerations by itself.
For a better understanding of the aerospace definitions in AS9100 Rev D, see the article: Five special aerospace terms in AS9100 Rev D, https://advisera.com/9100academy/blog/2017/05/01/five-special-aerospace-terms-in-as9100-rev-d/ -
Requirement to be a QMS consultant
Do I need to be certified, in some way, to help them design and implement a Quality management policy that will eventually be audited by an ISO auditor?
Answer
There is no legal requirement for an ISO 9001 consultant to be certified in any way.
The following material will provide you information about quality policy:
- Article – How to Write a Good Quality Policy - https://advisera.com/9001academy/blog/2014/03/25/write-good-quality-policy/
- ISO 9001 document template: Quality Policy - https://advisera.com/9001academy/documentation/quality-policy/
- Free course – ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Forms codification
Answer
Your QMS shall define authorities and responsibilities for several roles and functions.
Someone shall have the authority to approve the need for forms and their codification. There are several possible alternatives for codification. For example, some organizations just use a serial number, others use a serial number and a process or department reference.
The following material will provide you information about document control:
- Article – New approach to document and record control in ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/
- How to set up document approval/withdrawal within your QMS based on ISO 9001:2015 - https://advisera.com/9001academy/blog/2016/04/12/how-to-set-up-document-approvalwithdrawal-within-your-qms-based-on-iso-90012015/
- Free course – ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-14001-internal-auditor-course/ rse/
- Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Information assets
Answer:
For information about information assets I suggest you these articles:
- How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/
- ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
- Risk owners vs. asset owners in ISO 27001:2013 https://advisera.com/27001academy/knowledgebase/risk-owners-vs-asset-owners-in-iso-270012013/
These materials will also help you regarding Information assets:
- ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/ 03/06/2019 15:25, Vanda Ercegović wrote:
Rhand, please suggest an answer. -
SOA question
Answer:
By our experience, an ISMS based on ISO 27001 implements something around 100 from the 114 controls from Annex A, and the results of risk assessment are just one of three general justifications to implement a control. The other two are:
- Legal requirements (e.g., contracts, laws, regulations, etc.) demand the implementation of a control
- Top management decisions demand the implementation of a control (e.g., by considering it a good practice)
If none of the above situations occurs, then you can justify not implementing a control with a text something like : "There are no un acceptable risks nor legal requirements that would demand this control."
These articles will provide you further explanation about SoA and selection of controls :
- The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/ -
Aspects, impacts and risks
Answer:
Please consider this example:
At the maintenance warehouse, lubricating oils are handled to apply in preventive maintenance activities. Because people handle lubricating oils there is the possibility of spillages or leakages. If a spillage or leakage occurs, there is the possibility of contamination of soil or water.
The potential spillage or leakage is an environmental aspect, an element of an organization’s products, services and activities which can interact with the environment. Other examples of environmental aspects are, for example, discharges to water, emissions to air, use of natural resources and materials, or generation of wastes. Environmental impacts are the consequences of the environmental aspects.
At the example above, the environmental aspect is permanent but the environmental impact depends of the context, depends on the use of preventive and responsive measures.
How can a bu siness assess the risks of its environmental impacts?
Answer:
Some environmental impacts are more or less predictable. For example, if an organization cuts metal sheets it will always generate metallic waste. Other environmental impacts have more uncertainty associated, like in the example above the contamination of soil or water.
Risks are about uncertainty. For example, is there any risk (any possibility) of extraordinary inefficient metal cutting, generating more metallic waste? Is there any risk of contamination of soil or water because of the handling of lubricating oils?
The organization can evaluate those risks considering the actual situation. For example, if there are preventive measures and responsive means in place perhaps the probability of occurrence and consequences of occurrence make the risk less relevant.
The following material will provide you information about assessment of environmental interactions:
- ISO 14001 – 4 steps in identification and evaluation of environmental aspects – https://advisera.com/14001academy/knowledgebase/4-steps-in-identification-and-evaluation-of-environmental-aspects/
- ISO 14001 risks and opportunities vs. environmental aspects - https://advisera.com/14001academy/blog/2016/06/06/iso-14001-risks-and-opportunities-vs-environmental-aspects/
- Risks and opportunities in ISO 14001:2015 – What they are and why they are importante - https://advisera.com/14001academy/blog/2016/03/07/risks-and-opportunities-in-iso-140012015-what-they-are-and-why-they-are-important/
- free online training ISO 14001:2015 Foundations Course – https://advisera.com/training/iso-14001-internal-auditor-course/
- book – THE ISO 14001:2015 COMPANION – A A Straightforward Guide to Implementing an EMS in a Small Business - https://advisera.com/books/the-iso-14001-2015-companion/