Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11269 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
ISO 22313 and BCMS implementation
Answer:
ISO 22313 gives you examples of best practices on how the requirements from ISO 22301 could be implemented, so if you organization does not have previous experience in business continuity or management systems, it can help you save time on searching for ways of implementation, or in evaluating solutions presented by consultants.
This article will provide you further explanation about ISO 22313:
- ISO 22301 vs. ISO 22313 https://advisera.com/27001academy/blog/2013/05/21/iso-22301-vs-iso-22313/ -
Developing BCP tests
Answer:
The Kobayashi maru test is a no winning scenario designed to evaluate the response of personnel in a situation they have no hope to prevail, but they do not know that.
Considering that, to adapt this concept to a BCP test you have to meticulously develop a scenario where expected reactions of your personnel will not work, or will make situation worst. Additionally you can add time limits to achievement of some objectives. There is no definitive scenario to implement the Kobayashi maru test, so it can vary from a cascade failure of datacenter hardware to a sequence of disaster hitting you site.
The Fukushima Power Plan disaster (an earthquake followed by a tsunami), or the Chernobyl reactor explosion are examples of no win situations.
This article will provide you further explanation about BCP testing:
- How to perform business continuity exercising and testing according t o ISO 22301 https://advisera.com/27001academy/blog/2015/02/02/how-to-perform-business-continuity-exercising-and-testing-according-to-iso-22301/
This material will also help you regarding BCP testing:
- Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/ -
Scope and cost of certification
Answer:
Yes, you can adopt the standards for part of an organization when you define the scope of your QMS. The decision about the scope is a management decision, not a technical decision. For example, a manufacturing organization can decide to certify the part of the business that works for B2B and leave out of the QMS the part that works for B2C.
Also do you have any info on costs for purchasing the accreditation?
Answer:
The correct word is certification. You cannot buy the certification directly. You choose a certification body and that organization, an independent third party, will audit your organization through a set of audits. A first one, called 1st stage audit, will audit the overall design of the management system and documentation. After passing that first stage there will be a 2nd stage audit. This one will audit the whole organization under the scope of the management system, auditors will check implementation, interview employees, observe operations and locations. After passing this 2nd stage audit the certification body will issue a certificate declaring that your organization has a management system operating according to the reference standard (for example, ISO 9001 for a quality management system).
The cost of the certification process will depend on the number of days of the audit. The main criteria for determining that the number of days will depend on the number of employees of the organization. Certification is like any other business, some certification bodies are more expensive than others due to brand recognition, for example.
The following material will provide you information about scope:
- ISO 9001 – How to define the scope of the QMS according to ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/how-to-define-the-scope-of-the-qms-according-to-iso-90012015/
- Certifying different legal entities under one certification scope in ISO 9001 - https://advisera.com/9001academy/blog/2018/03/27/certifying-different-legal-entities-under-one-certification-scope-in-iso-9001/
- Free course – ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-9001-internal-auditor-course/
· - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
ISO 45001: Understanding Annex A 6.1.2.1
Annex A of ISO 45001 is intended to give some explanation of each clause of the standard; in this case, it is explained clause 6.1.2.1, Hazard identification. The intent of the hazard identification requirements in ISO 45001 are to recognize the different hazards that are present in your processes as they apply to the occupational health & safety of your workers. Annex A 6.1.2.1 is stating that the intent is not to address product safety, so if there is an element of your product which poses a hazard to the user, but does not pose a hazard to your workers, then this hazard is not part of this requirement. An example could be an electrical shock hazard from a battery in your product which is not a hazard to workers because the battery is not installed until after delivery.For more information on identifying hazards in the OHSMS, see the article:
- How to identify and classify OH&S hazards, https://advisera.com/45001academy/blog/2015/05/14/how-to-identify-and-classify-ohs-hazards/
-
How to state the scope
Answer:
If you are starting your ISO 9001:2015 QMS implementation project I would choose one or two potential certification bodies and ask them their opinion about a scope statement for that particular case. It can be about pharmaceuticals distribution for certain specialties, for certain geographical markets, and for those 5 hubs listed in the certificate.
The following material will provide you information about scope:
- ISO 9001 – How to define the scope of the QMS according to ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/how-to-define-the-scope-of-the-qms-according-to-iso-90012015/
- Certifying different legal entities under one certification scope in ISO 9001 - https://advisera.com/9001academy/blog/2018/03/27/certifying-different-legal-entities-under-one-certification-scope-in-iso-9001/
- Free course – ISO 9001:2015 Internal Auditor Course - https: //advisera.com/training/iso-9001-internal-auditor-course/
· - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Opportunities without private competitors
My first question is: we are a state power station for the production of electricity and our product is sold to our customers through the state transport network too. In this case how can we define our opportunities knowing that we have no private competitors?
Answer:
Although your organization has no private competitors, perhaps it has performance objectives aligned with its mission, or perhaps to comply with legal or regulatory obligations. Your organization can determine opportunities that can increase the likelihood of meeting expected results or reducing the probability of undesired results.
My second question is: for example, a maintenance process, our agents maintain the power station using our own spare part. in this case how to define the opportunities of the process?
Answer:
What are the expected results for the maintenance process?
Uptime of the power plant? Mean time between failure of the po wer plant? Average failure time? Maintenance costs?
Can your organization determine opportunities that, if followed, can help meet improved performance? For example, the substitution of an old equipment can pay itself in three years by reducing failure time and improving process efficiency. For example, a practical training with a particular equipment, very expensive in terms of maintenance, can reduce maintenance costs very much.
The following material will provide you information about opportunities:
- ISO 9001 – How to address risks and opportunities in ISO 9001 - https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
- Free course – ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-9001-internal-auditor-course/
· - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Certification process and cost
Question 1:
> Where can I find the certification bodies?
Answer 1:
You should look for certification bodies operating in your country and accredited by accreditation bodies belonging to the International Accreditation Forum.
Question 2:
> Where are the guidelines available to implement? I want to implement it in my factory
Answer 2:
Bellow you can find information about guidelines to implement a QMS according to ISO 9001:2015 requirements.
The following material will provide you more information about QMS implementation:
- Article – Checklist of ISO 9001 implementation & certification steps - https://advisera.com/9001academy/knowledgebase/checklist-of-iso-9001-implementation-certification-steps/
- How long does it take to implement an ISO 9001-based QMS? - https://advisera.com/9001academy/blog/2016/07/05/how-long-does-it-take-to-implement-an-iso-9001-based-qms/
- ISO 9001 DOCUMENTATION - https://advisera.com/9001academy/
- Free course – ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- Book - Discover ISO 90 01:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Topics for auditing a datacenter
Answer:
First of all you must select competent and independent auditors to perform the audit (by independent you must understand people that are not involved with datacenter operations). After that you must identify which requirements are applicable to your datacenter, by means of identifying legal requirements, relevant risks and applicable controls. Once these issues are identified you should elaborate a checklist to help you cover these issues with proper questions and evidences to be verified.
These articles will provide you further explanation about preparing for an audit:
- How to prepare for an ISO 27001 internal audit https://advisera.com/27001academy/blog/2016/07/11/how-to-prepare-for-an-iso-27001-internal-audit/
- How to make an Internal Audit checklist for ISO 27001 / ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/
These materials will also help you re garding internal audit:
- ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
- ISO 27001:2013 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/
Additionally, this toolkit can help you plan and perform an audit compliant with ISO 27001: https://advisera.com/27001academy/iso-27001-22301-internal-audit-documentation-toolkit/
At this site you can download a free preview of the documents to see how they look like and if they can fulfill your needs. -
Document review
1. How can I explain to management that we need to have someone to review our documents before final approval by owner of department.
2. Can the reviewer be Managing Director? Do reviewer need to have knowledge of ISO?
3. Can you advise what is the best way to define the terms of 'Reviewed by' before approved & released the document?
Answer:
1. ISO 9001:2015 requires organizations to control and maintain its documentantation. This includes:
- The approval of documents for adequacy prior to issue
- The update of documents as necessary and its re-approval
In case there are several document levels, for example policies, procedures, instructions, must be approved by different management levels since they should have the necessary knowledge and experience to review them. It may also be requires that differents individuals in the organization review a document before submitting it for approval to the person responsible.
3. You can decide who is the reviewer, but reme mber top management needs to understand what is ISO 9001 and be engaged in its processes to comply with leadership requirements.
3. You can state who review the documents before its final approval. As I previously mentioned what you need to consider is individual or individuals that will check the documentation with the necessary knowledge depending if it is a work instruction, procedure, policy, etc.
For more information about the control of documents see these materials:
- Article - New approach to document and record control in ISO 9001:2015: https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/
- Book – Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Free on-line training – ISO 9001:2015 Foundations: https://advisera.com/training/iso-9001-foundations-course/ -
Two incidents
Answer:
I don't think you should think about it this way. These are two different incidents. Each of them has own impact and urgency (i.e. priority). Therefore, consider them separately. Whether they are Major Incidents - depends on the effect they are causing.
So, depending on priority you will get more important incident. I think that two tickets are needed.
Here are the articles about Incident (and major incident) management:
Major Incident Management – when the going gets tough… https://advisera.com/20000academy/knowledgebase/major-incident-management-going-gets-tough/
ITIL Incident Management https://advisera.com/20000academy/knowledgebase/itil/-incident-management/
and free webinar
ITIL Incident Management Process Demystified [free webinar on demand] https://advisera.com/20000academy/webinar/itil-incident-management-process-demystified-free-webinar-on-demand/