Search results

Home / Search

Category:
Select
Select

11277 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • ISO 45001:2018 Opportunity determination and assessment

    The idea of the entire clause 6.1 is to assess the hazards, identify risks associated with the hazards (OH&S risks) as well as other strategic risks that could affect the OHSMS. Then you identify OH&S opportunities that could help the hazards as well as other strategic opportunities for the OHSMS. Following this you identify the legal requirements that could affect your OH&S and then plan to address all the previous items. This planning will include the controls needed for the hazards, and this is where the hierarchy of controls in section 8 is planned.

    As for the risk assessment process ISO 45001 does not dictate how this is done as it may differ from industry to industry, and location in the world. Where you don’t have a direct legal requirement on how to assess risks you can certainly use ISO 31000 if you wish.

     

    You can learn how the process works in the article: The basics of ISO 45001 hazards, risks, and opportunities, https://advisera.com/45001academy/blog/2021/02/22/the-basics-of-iso-45001-hazards-risks-and-opportunities/

  • Can ISO 45001 have a global scope?

    Q1. the client doesn't want us to make other policy rather global policy only. Do we have to create our own QHSE policy stipulating scope of COO is within the warehouse operation even if the signatories representing the site only?

    Answer:
    The ISO 45001:2018 standard does not make a specific statement about how you write your policy, so it is acceptable to have one global policy that is applicable to your organization. The important thing is that the you use the policy to guide your management system as it is intended to be the overall focus for the company.
    To better understand the requirements of the ISO 45001:2018 standard, see this free whitepaper: Clause-by-clause explanation of ISO 45001:2018, https://info.advisera.com/45001academy/free-download/clause-by-clause-explanation-of-iso-45001

  • What form of signature does ISO 13485 accepts

    Yes, it can. 

  • Applicability of ISO procedures


    Answer:

    If you want to find out if the employees are complying with the written rules, you have to find some evidence of what they are doing - for example, if your Backup Policy defines that the backup needs to be performed every 6 hours, then you have to look for the backup logs and see how often the backup is made.

    The best method to verify is something is done is through an internal audit - here you will find a free online training to learn auditing techniques: ISO 27001 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/

  • ISO 27017/27018 controls


    Answer:

    The best way to see which controls are specific for ISO 27017 and ISO 27018 is to open a template Statement of Applicability (folder 06 Applicability of Controls in the ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit), and scroll to sections "3.2. ISO 27017 specific controls cloud services" and "3.3. ISO 27018 specific controls for processing Personally Identifiable Information (PII)" - there you will see controls from both of these standards.

    To see which of the controls is covered in which of the templates in the toolkit, open the "List of documents" (a PDF document located in the root folder of the toolkit) - in the column "Relevant clauses in the standard" you will find the necessary information.

  • Reporting in the toolkit


    Answer:
    Reporting is related to all processes in the toolkit. Therefore, in scope of every process document there is a section "Measurement and metrics" where reporting is defined and metrics that will be reported.
    This article can help you also: "Service Reporting: get the picture, big and small" https://advisera.com/20000academy/blog/2013/09/16/service-reporting-get-picture-big-small/

  • How to Monitor/Update the Risks in Risk Register?

    Here are the answers:
    1) ISO 27001 does not prescribe how to version your risk register - therefore, you can use a new version number and/or you can simply use a date to define the latest version.
    2) You should keep all your risks in the risk register, even though they are mitigated - of course, this means that the risk level for such risks will be lower.
    3) You should definitely add new risks; you should retain “old” risks if they still exist however you need to assess again their likelihood and impact.
    4) You should update your risk register at least once a year, but also more often if there is some big change - e.g. new product, new technology, new process, change in the environment, etc.

  • ISO 27002


    Answer:

    If you're looking for a detailed description of each control, the best way is to purchase ISO 27002 standard, you can find it here: https://www.iso.org/standard/54533.html

    This article might also help you: ISO 27001 vs ISO 27002 https://advisera.com/27001academy/knowledgebase/iso-27001-vs-iso-27002/

  • Post-delivery activities


    Answer:
    ISO 9001:2015 clause 8.5.5 is not about complaints, but about the commitment’s organizations make about the after delivery. For example, warranty provisions, or availability of spare parts, or maintenance services, or recycling services.

    The following material will provide you information about post-delivery activities:
    - ISO 9001 – ISO 9001:2015 clause 8.5 Product realization – Practical examples for compliance - https://advisera.com/9001academy/blog/2015/11/03/iso-90012015-clause-8-5-product-realization-practical-examples-for-compliance/
    - Managing Production an d Service Provision using ISO 9001 - https://advisera.com/9001academy/blog/2017/11/21/managing-production-and-service-provision-using-iso-9001/
    - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Evaluating opportunities and suppliers


    Answer:
    I will give you a simple example about how opportunities can be evaluated. You can consider the potential impact or consequence of the opportunity, and the effort needed to take advantage of the opportunity.

    https://www.screencast.com/users/ccruz5284/folders/Default/media/23d761cc-87c0-4f3a-b81c-cfb5f3a89dbd

    So, you can develop a scale both for effort and consequence like in this example:

    https://www.screencast.com/users/ccruz5284/folders/Default/media/454b633c-e70f-4892-b530-76fef1199312

    Also, how to evaluate our suppliers, if you have some model.

    Answer:
    What do you want or need from suppliers? An organization can evaluate, for example, subcontractors based on three parameters: responsiveness, quality and delivery date.

    The following material will provide you information about risk evaluation and supplier evaluation:
    • - ISO 9001 – Methodology for ISO 9001 Risk Analysis - https://advisera.com/9001academy/blog/2015/09/01/methodology-for-iso-9001-risk-analysis/
    • - How to identify risk significance in ISO 9001:2015 - https://advisera.com/9001academy/blog/2019/01/14/how-to-identify-risk-significance-in-iso-90012015/
    • - How to evaluate supplier performance according to ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/10/27/how-to-evaluate-supplier-performance-according-to-iso-90012015/
    • - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
    • - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
Page 577-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +