Search results

Home / Search

Category:

Sort by:

Select

Types of user:

Select

11269 results

Guest

Create New Topic As guest or Sign in

Business department* About business* Organization size*

Title *

Body *

HTML tags are not allowed

Category *

Select

Assign topic to the user

Select user

ISO 45001 required documentation

Answer:
ISO 45001:2018 does include many required pieces of information that need to be documented, and this is indicated throughout the standard by the term ‘documented information’. Where you see the term documented information, this means the evidence for the clause needs to be written down. Additionally, there are procedures and records that the company will identify as necessary documentation, with the rule of thumb being “If we don’t document this will there be a nonconformity?” If there will be a nonconformity, then the information should be written down.
We have created a free whitepaper with a listing of the required documented information from ISO 45001, and a list of other commonly used documents and records. This can be found here: Checklist of Mandatory Documentation Required by I SO 45001, https://info.advisera.com/45001academy/free-download/checklist-of-mandatory-documentation-required-by-iso-45001
Control applicability

Answer:

First you have to identify if these new features and customization involves new/updated code or just parameterization of existing components/features (e.g., implementation of a new workflow, activation of a preexisting feature, etc.), and if the risks involved are unacceptable (so you have a justification to implement the control). In case it involves new/updated code the control A.14.2.7 (Outsourced Development) is applicable, otherwise, control A.12.1.2 (Change Management) would be more appropriated.

It is important to note that since these activities are performed by outsourced provider, the needed control must be a part of your con tract or service agreement with this provider.

These articles will provide you further explanation about security in suppliers relations:
- 6-step process for handling supplier security according to ISO 27001 https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/
- Which security clauses to use for supplier agreements? https://advisera.com/27001academy/blog/2017/06/19/which-security-clauses-to-use-for-supplier-agreements/
Presentation material

Answer:

For presenting a proposal for a BCMS implementation I suggest you these materials:
- Project proposal for ISO 27001 implementation https://info.advisera.com/27001academy/free-download/project-proposal-for-iso-27001-implementation-powerpoint
- Project proposal for ISO 27001 / ISO 22301 implementation https://info.advisera.com/27001academy/free-download/project-proposal-for-iso-27001-iso-22301-implementation-msword

Both materials are aligned with GPG 2018.

The first material is a presentation to show them clearly and succinctly why this project is important for your company. It was designed for ISO 27001, but all sections are identical and can be adapted to an ISO 22301 presentation.

The second material is a document you can use to propose the implementation of ISO 22301 to your top management. It contains the following sections: Purpose, Reasoning, Project objectives, Project duration, Responsibilities, Resources, and Deliverables.
BCMS implementation

Answer:

A business continuity management system (BCMS) based on ISO 22301 has an implementation framework that can be used by organizations of any industries, and the general steps are:
- Obtain management support
- Develop a project plan
- Define BCMS scope
- Define BCMS policy and objectives
- Define basic management system procedures
- Perform risk assessment and business impact analysis
- Define business continuity strategy and plans
- Implement policies and procedures and train personnel
- Perform exercises, tests, and post-incident reviews
- Perform internal audit
- Perform management review
- Proceed with corrective actions
These articles will provide you further explanation about ISO 22301:
- What is ISO 22301 https://advisera.com/27001academy/what-is-iso-22301/
- 17 steps for implementing ISO 22301 https://advisera.com/27001academy/knowledgebase/17-steps-for-implementing-iso-22301/22301/iso-22301/

Regarding implementation approaches, the most common are:
- Use you own staff to implement the BCMS
- Use a consultant to perform most of the effort to implement the BCMS
- Use a consultant only to support the staff on specific issues, leaving the organization's staff with most of the implementation effort.

Each one of them has their advantages and disadvantages. For more information, I suggest you the following materials:
- 3 strategic options to implement any ISO https://advisera.com/blog/2016/04/11/3-strategic-options-to-implement-any-iso-standard/

These materials will also help you regarding ISO 22301 implementation:
- Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/
- Diagram of ISO 22301:2012 implementation https://info.advisera.com/27001academy/free-download/diagram-of-iso-22301-implementation-process
- ISO 22301 Documentation Toolkit https://advisera.com/27001academy/iso22301-documentation-toolkit/
Reporting and acting on risks

Answer:
You can create a Risks and Opportunities register where you log each risk and opportunity and your organization’s classification for each one.

Then, for each relevant risk and opportunity your organization should decide what kind of action plan is needed in order to minimize, or eliminate, or control each risk, or to take advantage of each opportunity.

The following material will provide you information about risks and opportunities:
- Article – How to address risks and opportunities in ISO 9001 - https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
- Article - How to identify risk significance in ISO 9001:2015 - https://advisera.com/9001academy/blog/2019/01/14/how-to-identify-risk-significance-in-iso-90012015/
- ISO 9001 document template: Registry of Key Risks and Opportunities - https://advisera.com/9001academy/documentation/registry-of-key-risks-and-opportunities/
- Free course – ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- book – Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
Using a Document Management System Software

Answer:
We can recommend our own software, Conformio. You can open a free account at Conformio – you’ll have free access for 10 users to the unlimited features of the document management system compliant with ISO 9001, ISO 14001, and ISO 27001.

The following material will provide you information about Conformio :
Article – Should you keep your ISO documents in the cloud or on paper? - https://advisera.com/conformio/
- What kind of Document Management System (DMS) do you need for handling ISO documents? - https://advisera.com/conformio/blog/2020/08/11/what-kind-of-dms-you-need-for-handling-iso-27001-documents/
- Free course – ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- Book - D iscover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
ISO 27001 presentation and training

Answer:

For presenting an ISO 27001 project to employees and some training we recommend these materials:
- Why ISO 27001 – Awareness presentation https://info.advisera.com/27001academy/free-download/why-iso-27001-awareness-presentation
- Security awareness training https://advisera.com/training/awareness-session/security-awareness-training/

The first material is a short presentation intended for employees that shows what ISO 27001 is all about, why is it good for the company – and also for themselves, and what is their role in handling information security. It is a template you can adjust to fulfill your needs.

The sec ond material is an online security awareness program which will help you educate your employees by providing simple techniques for protecting company information assets.
What should be question for getting feedback from production of product?

What should be question for getting feedback from production of product?

Answer:

Feedback from production would be questions pertaining to the safety and performance of the product, e.g:
-Is there any OOS (out of specification) detected during QC of the product?
-Is the process in place efficient to ensure that the product meets the final specifications?
-Are there any recurring issues in the production of devices?

For mor e information, read this article :

Production and service provision process in ISO 13485
https://advisera.com/13485academy/blog/2017/12/13/production-and-service-provision-process-in-iso-13485/
Should the company be ISO 13485 certified while outsourcing assembly service?

Answer:

You should get a company who is certified in ISO 13485 to do the assembly for you as assembly of a medical device falls into part of the manufacturing process of a medical device. Since you are handling the design and development of the device, this will also fall into part of the process which ISO 13485 covers. The scope of ISO 13485 covers design and development, manufacturing, distribution, servicing and installation activities of medical devices. Getting ISO 13485 would help you to obtain regulatory approvals and clearance for your marketing activities in the future.
For more information, please read articles:

Importance of ISO 13485
https://advisera.com/13485academy/what-is-iso-13485/

Checklist of ISO 13485 implementation and certification steps
https://advisera.com/13485academy/knowledgebase/checklist-of-iso-13485-implementation-and-certification-steps/
FAI requirement in AS9100 Rev D

Answer:
Clause 8.5.1.3, Production process verification, contains the requirements which are commonly referred to as First Article Inspection (FAI). The requirements are basically that you take a representative item from the first production run of a new or modified product and use it to prove that everything works (processes, documentation, tooling, etc).
While this is not identified as an optional process (where the standard says “as required”, you do have the ability to claim exclusion from this clause as you do with all clauses. So if the exclusion is that this is only applicable when required by customer, this is acceptable in AS9100.
For more on how FAI works, see the article: How does First Article Inspection fit into AS9100 Rev D?, https://advisera.com/9100academy/blog/2017/11/07/how-does-first-article-inspection-fit-into-as9100-rev-d/

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +

Search results

11269 results

Create New Topic As guest or Sign in

Assign topic to the user

Want to vote?

ISO 45001 required documentation

Control applicability

Presentation material

BCMS implementation

Reporting and acting on risks

Using a Document Management System Software

ISO 27001 presentation and training

What should be question for getting feedback from production of product?

Should the company be ISO 13485 certified while outsourcing assembly service?

FAI requirement in AS9100 Rev D

Didn’t find an answer?