Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11277 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Scope and cost of certification
Answer:
Yes, you can adopt the standards for part of an organization when you define the scope of your QMS. The decision about the scope is a management decision, not a technical decision. For example, a manufacturing organization can decide to certify the part of the business that works for B2B and leave out of the QMS the part that works for B2C.
Also do you have any info on costs for purchasing the accreditation?
Answer:
The correct word is certification. You cannot buy the certification directly. You choose a certification body and that organization, an independent third party, will audit your organization through a set of audits. A first one, called 1st stage audit, will audit the overall design of the management system and documentation. After passing that first stage there will be a 2nd stage audit. This one will audit the whole organization under the scope of the management system, auditors will check implementation, interview employees, observe operations and locations. After passing this 2nd stage audit the certification body will issue a certificate declaring that your organization has a management system operating according to the reference standard (for example, ISO 9001 for a quality management system).
The cost of the certification process will depend on the number of days of the audit. The main criteria for determining that the number of days will depend on the number of employees of the organization. Certification is like any other business, some certification bodies are more expensive than others due to brand recognition, for example.
The following material will provide you information about scope:
- ISO 9001 – How to define the scope of the QMS according to ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/how-to-define-the-scope-of-the-qms-according-to-iso-90012015/
- Certifying different legal entities under one certification scope in ISO 9001 - https://advisera.com/9001academy/blog/2018/03/27/certifying-different-legal-entities-under-one-certification-scope-in-iso-9001/
- Free course – ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-9001-internal-auditor-course/
· - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
ISO 45001: Understanding Annex A 6.1.2.1
Annex A of ISO 45001 is intended to give some explanation of each clause of the standard; in this case, it is explained clause 6.1.2.1, Hazard identification. The intent of the hazard identification requirements in ISO 45001 are to recognize the different hazards that are present in your processes as they apply to the occupational health & safety of your workers. Annex A 6.1.2.1 is stating that the intent is not to address product safety, so if there is an element of your product which poses a hazard to the user, but does not pose a hazard to your workers, then this hazard is not part of this requirement. An example could be an electrical shock hazard from a battery in your product which is not a hazard to workers because the battery is not installed until after delivery.For more information on identifying hazards in the OHSMS, see the article:
- How to identify and classify OH&S hazards, https://advisera.com/45001academy/blog/2015/05/14/how-to-identify-and-classify-ohs-hazards/
-
How to state the scope
Answer:
If you are starting your ISO 9001:2015 QMS implementation project I would choose one or two potential certification bodies and ask them their opinion about a scope statement for that particular case. It can be about pharmaceuticals distribution for certain specialties, for certain geographical markets, and for those 5 hubs listed in the certificate.
The following material will provide you information about scope:
- ISO 9001 – How to define the scope of the QMS according to ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/how-to-define-the-scope-of-the-qms-according-to-iso-90012015/
- Certifying different legal entities under one certification scope in ISO 9001 - https://advisera.com/9001academy/blog/2018/03/27/certifying-different-legal-entities-under-one-certification-scope-in-iso-9001/
- Free course – ISO 9001:2015 Internal Auditor Course - https: //advisera.com/training/iso-9001-internal-auditor-course/
· - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Opportunities without private competitors
My first question is: we are a state power station for the production of electricity and our product is sold to our customers through the state transport network too. In this case how can we define our opportunities knowing that we have no private competitors?
Answer:
Although your organization has no private competitors, perhaps it has performance objectives aligned with its mission, or perhaps to comply with legal or regulatory obligations. Your organization can determine opportunities that can increase the likelihood of meeting expected results or reducing the probability of undesired results.
My second question is: for example, a maintenance process, our agents maintain the power station using our own spare part. in this case how to define the opportunities of the process?
Answer:
What are the expected results for the maintenance process?
Uptime of the power plant? Mean time between failure of the po wer plant? Average failure time? Maintenance costs?
Can your organization determine opportunities that, if followed, can help meet improved performance? For example, the substitution of an old equipment can pay itself in three years by reducing failure time and improving process efficiency. For example, a practical training with a particular equipment, very expensive in terms of maintenance, can reduce maintenance costs very much.
The following material will provide you information about opportunities:
- ISO 9001 – How to address risks and opportunities in ISO 9001 - https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
- Free course – ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-9001-internal-auditor-course/
· - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Certification process and cost
Question 1:
> Where can I find the certification bodies?
Answer 1:
You should look for certification bodies operating in your country and accredited by accreditation bodies belonging to the International Accreditation Forum.
Question 2:
> Where are the guidelines available to implement? I want to implement it in my factory
Answer 2:
Bellow you can find information about guidelines to implement a QMS according to ISO 9001:2015 requirements.
The following material will provide you more information about QMS implementation:
- Article – Checklist of ISO 9001 implementation & certification steps - https://advisera.com/9001academy/knowledgebase/checklist-of-iso-9001-implementation-certification-steps/
- How long does it take to implement an ISO 9001-based QMS? - https://advisera.com/9001academy/blog/2016/07/05/how-long-does-it-take-to-implement-an-iso-9001-based-qms/
- ISO 9001 DOCUMENTATION - https://advisera.com/9001academy/
- Free course – ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- Book - Discover ISO 90 01:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Topics for auditing a datacenter
Answer:
First of all you must select competent and independent auditors to perform the audit (by independent you must understand people that are not involved with datacenter operations). After that you must identify which requirements are applicable to your datacenter, by means of identifying legal requirements, relevant risks and applicable controls. Once these issues are identified you should elaborate a checklist to help you cover these issues with proper questions and evidences to be verified.
These articles will provide you further explanation about preparing for an audit:
- How to prepare for an ISO 27001 internal audit https://advisera.com/27001academy/blog/2016/07/11/how-to-prepare-for-an-iso-27001-internal-audit/
- How to make an Internal Audit checklist for ISO 27001 / ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/
These materials will also help you re garding internal audit:
- ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
- ISO 27001:2013 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/
Additionally, this toolkit can help you plan and perform an audit compliant with ISO 27001: https://advisera.com/27001academy/iso-27001-22301-internal-audit-documentation-toolkit/
At this site you can download a free preview of the documents to see how they look like and if they can fulfill your needs. -
Document review
1. How can I explain to management that we need to have someone to review our documents before final approval by owner of department.
2. Can the reviewer be Managing Director? Do reviewer need to have knowledge of ISO?
3. Can you advise what is the best way to define the terms of 'Reviewed by' before approved & released the document?
Answer:
1. ISO 9001:2015 requires organizations to control and maintain its documentantation. This includes:
- The approval of documents for adequacy prior to issue
- The update of documents as necessary and its re-approval
In case there are several document levels, for example policies, procedures, instructions, must be approved by different management levels since they should have the necessary knowledge and experience to review them. It may also be requires that differents individuals in the organization review a document before submitting it for approval to the person responsible.
3. You can decide who is the reviewer, but reme mber top management needs to understand what is ISO 9001 and be engaged in its processes to comply with leadership requirements.
3. You can state who review the documents before its final approval. As I previously mentioned what you need to consider is individual or individuals that will check the documentation with the necessary knowledge depending if it is a work instruction, procedure, policy, etc.
For more information about the control of documents see these materials:
- Article - New approach to document and record control in ISO 9001:2015: https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/
- Book – Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Free on-line training – ISO 9001:2015 Foundations: https://advisera.com/training/iso-9001-foundations-course/ -
Two incidents
Answer:
I don't think you should think about it this way. These are two different incidents. Each of them has own impact and urgency (i.e. priority). Therefore, consider them separately. Whether they are Major Incidents - depends on the effect they are causing.
So, depending on priority you will get more important incident. I think that two tickets are needed.
Here are the articles about Incident (and major incident) management:
Major Incident Management – when the going gets tough… https://advisera.com/20000academy/knowledgebase/major-incident-management-going-gets-tough/
ITIL Incident Management https://advisera.com/20000academy/knowledgebase/itil/-incident-management/
and free webinar
ITIL Incident Management Process Demystified [free webinar on demand] https://advisera.com/20000academy/webinar/itil-incident-management-process-demystified-free-webinar-on-demand/ -
Intellectual property rights
A) This is the document which is stipulating the requirement: It is being divided in different 'rights' so to say: Patents, Brands, Copyrights, etc. (Copyrights would be the 'Requirement' so to say)
Answer: Your assumption is correct when you say that "Intellectuele eigendomsrechten" is the document stipulating the requirement. Patents, Brands, and Copyrights are not about requirements yet, because they not define what you must accomplish.
As an example of requirement for copyright you may have something like "the organization must ensure the use of licensed software", because in this case it is clear what you must accomplish in terms of information security.
B) The intellectual property rights law (the requirement) is a part of Economic Law Code (document stipulating the requirement) Which one do you think is more suitable?
Answer: First it is important to understand that both are documents stipulating the requirement (only the Economic Law Code is a higher level document, embracing the intellectual property rights law). Regarding which one is more suitable, you should use the law which is more concrete on what needs to be done - therefore, it is probably your national law.
c) One more question regarding this document: As for the regulation of cryptographic controls, we do not have a specific law for cryptography. However, cryptography is being used in the GDPR as you've mentioned a couple of days ago. Does this mean that the control A.18.1.5 is applicable?
Answer: If the use of cryptography helps your organization to comply with GDPR , then controls A.18.1.5 is applicable. -
Clause 8.3, documented information and risks
1) where clause 8.3 applicable?
2) how do you diifferentiate between documented info and documents
3) do you give eg. Of risk and opportunity register of QMS? There is confusion. People are mixing environmental aspects in qms risk register. So pls differentiate iso 9001 and 14001 by risk and opportunity.
Response:
1) It is applicable when the company conducts any design or development process within the scope of the organization.
For more information about clause 8.3, you can see this article:
- What clauses can be excluded in ISO 9001:2015: https://advisera.com/9001academy/blog/2015/07/07/what-clauses-can-be-excluded-in-iso-90012015/2015/
2) Documented information is referred to all documents. According to ISO 9001:2015 documented information can be mantained, commonly known as procedures or documented information can be retained, commonly known as records.
To learn more about document and record control, see this article:
- New approach to document and record control in ISO 9001:2015 : https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/
3) Risks and opportunities in ISO 9001 are related to customer satisfaction while risks and opportunities in ISO 14001 are related to the protection of the environment, i.e. environmental aspects. For instance a risk in ISO 9001 can be a short assemblig capacity in a manufacturing company, while a risk in ISO 14001 in the same manufacturing company can be wrongdoing in waste classification.
For more information about risks and opportunities in ISO 9001:2015, see these articles:
- How to address risks and opportunities in ISO 9001: https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
- How to identify risk significance in ISO 9001:2015: https://advisera.com/9001academy/blog/2019/01/14/how-to-identify-risk-significance-in-iso-90012015/
These materials can also help you with IS 9001 requirements:
- Book – Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Free on-line training – ISO 9001:2015 Foundations: https://advisera.com/training/iso-9001-foundations-course/