Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11271 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
How to Monitor/Update the Risks in Risk Register?
Here are the answers:
1) ISO 27001 does not prescribe how to version your risk register - therefore, you can use a new version number and/or you can simply use a date to define the latest version.
2) You should keep all your risks in the risk register, even though they are mitigated - of course, this means that the risk level for such risks will be lower.
3) You should definitely add new risks; you should retain “old” risks if they still exist however you need to assess again their likelihood and impact.
4) You should update your risk register at least once a year, but also more often if there is some big change - e.g. new product, new technology, new process, change in the environment, etc. -
ISO 27002
Answer:
If you're looking for a detailed description of each control, the best way is to purchase ISO 27002 standard, you can find it here: https://www.iso.org/standard/54533.html
This article might also help you: ISO 27001 vs ISO 27002 https://advisera.com/27001academy/knowledgebase/iso-27001-vs-iso-27002/ -
Post-delivery activities
Answer:
ISO 9001:2015 clause 8.5.5 is not about complaints, but about the commitment’s organizations make about the after delivery. For example, warranty provisions, or availability of spare parts, or maintenance services, or recycling services.
The following material will provide you information about post-delivery activities:
- ISO 9001 – ISO 9001:2015 clause 8.5 Product realization – Practical examples for compliance - https://advisera.com/9001academy/blog/2015/11/03/iso-90012015-clause-8-5-product-realization-practical-examples-for-compliance/
- Managing Production an d Service Provision using ISO 9001 - https://advisera.com/9001academy/blog/2017/11/21/managing-production-and-service-provision-using-iso-9001/
- ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Evaluating opportunities and suppliers
Answer:
I will give you a simple example about how opportunities can be evaluated. You can consider the potential impact or consequence of the opportunity, and the effort needed to take advantage of the opportunity.
So, you can develop a scale both for effort and consequence like in this example:
Also, how to evaluate our suppliers, if you have some model.
Answer:
What do you want or need from suppliers? An organization can evaluate, for example, subcontractors based on three parameters: responsiveness, quality and delivery date.
The following material will provide you information about risk evaluation and supplier evaluation:
• - ISO 9001 – Methodology for ISO 9001 Risk Analysis - https://advisera.com/9001academy/blog/2015/09/01/methodology-for-iso-9001-risk-analysis/
• - How to identify risk significance in ISO 9001:2015 - https://advisera.com/9001academy/blog/2019/01/14/how-to-identify-risk-significance-in-iso-90012015/
• - How to evaluate supplier performance according to ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/10/27/how-to-evaluate-supplier-performance-according-to-iso-90012015/
• - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
• - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Procedure for document and record control
Answer:
ISO 27001 allows you to use Procedure for document and record control in a way that suits you best - if you want it can be applied only to your ISMS, or you can use it for all the documents in your company if you find it useful.
Learn more here:
- Document management in ISO 27001 https://advisera.com/27001academy/blog/2010/03/30/document-management-within-iso-27001-bs-25999-2/
- Records management in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/11/24/records-management-in-iso-27001-and-iso-22301/ -
Management review meeting
Answer:
Top management will need to review at least the following inputs during the the process of management review:
- Audit results
- Customer Feedback
- Process Performance and product conformity
- Status of Corrective Actions
- Follow-up Actions from previous Management Reviews
- Changes that could affect the Quality Management System
- Recommendations for Improvement
Other inputs could be added as desired by the company and also, you can choose how to organize your management review, either through routinely scheduled meetings or through a more continuous review process,
For more information about management review you can see see these materials s:
- Article - How to make management review more useful in your QMS: https://advisera.com/9001academy/blog/2014/01/21/make-management-review-useful-qms/
- Book – Discover ISO 9001: 2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Free on-line training – ISO 9001:2015 Foundations: https://advisera.com/training/iso-9001-foundations-course/ -
Book Secure & Simple
Answer:
The book Secure & Simple is not necessary for completing Advisera's ISO 27001 Foundations Course, however if you want to use them both I would suggest you finish the course first, and then start reading the book - this is because the course gives you an excellent overview of the standard, while the book is much more detailed, and gives you more implementation tips. -
An organization cannot be certified without clients
Answer:
An organization cannot be certified without clients. I already worked with a client that could not be certified until the company had clients. Best advice is: please contact your certification body to see how you can manage the situation.
The following material will provide you information about audits:
- ISO 9001 – How to prepare your company for the ISO 9001 certification audit - https://advisera.com/9001academy/03/how-to-prepare-your-company-for-the-iso-9001-certification-audit/
- Free webinar – How to perform an ISO 9001:2015 internal audit - https://advisera.com/9001academy/we binar/how-to-perform-an-iso-9001-2015-internal-audit-free-webinar/
- book - Preparing for ISO Certification Audit: A Plain English Guide - https://advisera.com/books/preparing-for-iso-certification-audit-plain-english-guide/ -
Subject to GDPR
Answer:
All processes that involve the processing of personal data will fall under the EU GDPR.
To learn more about the EU GDPR check out this EU GDPR Foundations Course; (https://advisera.com/training/eu-gdpr-foundations-course/) -
Use of electronic signature
Answer:
Yes, an organization can use digital/electronic signatures to approve documents rather than hand written signatures. ISO 9001:2015 and ISO TS 9002:2016 both mention that an organization can use hard copy, electronic or both to provide documented information. Just a warning, certain regulators or official bodies like FDA can request a formal validation of the system for electronic signatures.
The following material will provide you information about document control:
- ISO 9001 – How to set up document approval/withdrawal within your QMS based on ISO 9001:2015 - https://advisera.com/9001academy/blog/2016/04/12/how-to-set-up-document-approvalwithdrawal-within-your-qms-based-on-iso-90012015/
- see this example - What kind of Document Management System (DMS) do you need for handling ISO documents? - https://advisera.com/conformio/blog/2020/08/11/what-kind-of-dms-you-need-for-handling-iso-27001-documents/
- Should you keep your ISO documents in the cloud or on paper? - https://advisera.com/conformio/
- book - Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/