Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11269 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Post-delivery activities
Answer:
ISO 9001:2015 clause 8.5.5 is not about complaints, but about the commitment’s organizations make about the after delivery. For example, warranty provisions, or availability of spare parts, or maintenance services, or recycling services.
The following material will provide you information about post-delivery activities:
- ISO 9001 – ISO 9001:2015 clause 8.5 Product realization – Practical examples for compliance - https://advisera.com/9001academy/blog/2015/11/03/iso-90012015-clause-8-5-product-realization-practical-examples-for-compliance/
- Managing Production an d Service Provision using ISO 9001 - https://advisera.com/9001academy/blog/2017/11/21/managing-production-and-service-provision-using-iso-9001/
- ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Evaluating opportunities and suppliers
Answer:
I will give you a simple example about how opportunities can be evaluated. You can consider the potential impact or consequence of the opportunity, and the effort needed to take advantage of the opportunity.
So, you can develop a scale both for effort and consequence like in this example:
Also, how to evaluate our suppliers, if you have some model.
Answer:
What do you want or need from suppliers? An organization can evaluate, for example, subcontractors based on three parameters: responsiveness, quality and delivery date.
The following material will provide you information about risk evaluation and supplier evaluation:
• - ISO 9001 – Methodology for ISO 9001 Risk Analysis - https://advisera.com/9001academy/blog/2015/09/01/methodology-for-iso-9001-risk-analysis/
• - How to identify risk significance in ISO 9001:2015 - https://advisera.com/9001academy/blog/2019/01/14/how-to-identify-risk-significance-in-iso-90012015/
• - How to evaluate supplier performance according to ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/10/27/how-to-evaluate-supplier-performance-according-to-iso-90012015/
• - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
• - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Procedure for document and record control
Answer:
ISO 27001 allows you to use Procedure for document and record control in a way that suits you best - if you want it can be applied only to your ISMS, or you can use it for all the documents in your company if you find it useful.
Learn more here:
- Document management in ISO 27001 https://advisera.com/27001academy/blog/2010/03/30/document-management-within-iso-27001-bs-25999-2/
- Records management in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/11/24/records-management-in-iso-27001-and-iso-22301/ -
Management review meeting
Answer:
Top management will need to review at least the following inputs during the the process of management review:
- Audit results
- Customer Feedback
- Process Performance and product conformity
- Status of Corrective Actions
- Follow-up Actions from previous Management Reviews
- Changes that could affect the Quality Management System
- Recommendations for Improvement
Other inputs could be added as desired by the company and also, you can choose how to organize your management review, either through routinely scheduled meetings or through a more continuous review process,
For more information about management review you can see see these materials s:
- Article - How to make management review more useful in your QMS: https://advisera.com/9001academy/blog/2014/01/21/make-management-review-useful-qms/
- Book – Discover ISO 9001: 2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Free on-line training – ISO 9001:2015 Foundations: https://advisera.com/training/iso-9001-foundations-course/ -
Book Secure & Simple
Answer:
The book Secure & Simple is not necessary for completing Advisera's ISO 27001 Foundations Course, however if you want to use them both I would suggest you finish the course first, and then start reading the book - this is because the course gives you an excellent overview of the standard, while the book is much more detailed, and gives you more implementation tips. -
An organization cannot be certified without clients
Answer:
An organization cannot be certified without clients. I already worked with a client that could not be certified until the company had clients. Best advice is: please contact your certification body to see how you can manage the situation.
The following material will provide you information about audits:
- ISO 9001 – How to prepare your company for the ISO 9001 certification audit - https://advisera.com/9001academy/03/how-to-prepare-your-company-for-the-iso-9001-certification-audit/
- Free webinar – How to perform an ISO 9001:2015 internal audit - https://advisera.com/9001academy/we binar/how-to-perform-an-iso-9001-2015-internal-audit-free-webinar/
- book - Preparing for ISO Certification Audit: A Plain English Guide - https://advisera.com/books/preparing-for-iso-certification-audit-plain-english-guide/ -
Subject to GDPR
Answer:
All processes that involve the processing of personal data will fall under the EU GDPR.
To learn more about the EU GDPR check out this EU GDPR Foundations Course; (https://advisera.com/training/eu-gdpr-foundations-course/) -
Use of electronic signature
Answer:
Yes, an organization can use digital/electronic signatures to approve documents rather than hand written signatures. ISO 9001:2015 and ISO TS 9002:2016 both mention that an organization can use hard copy, electronic or both to provide documented information. Just a warning, certain regulators or official bodies like FDA can request a formal validation of the system for electronic signatures.
The following material will provide you information about document control:
- ISO 9001 – How to set up document approval/withdrawal within your QMS based on ISO 9001:2015 - https://advisera.com/9001academy/blog/2016/04/12/how-to-set-up-document-approvalwithdrawal-within-your-qms-based-on-iso-90012015/
- see this example - What kind of Document Management System (DMS) do you need for handling ISO documents? - https://advisera.com/conformio/blog/2020/08/11/what-kind-of-dms-you-need-for-handling-iso-27001-documents/
- Should you keep your ISO documents in the cloud or on paper? - https://advisera.com/conformio/
- book - Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/ -
Toolkit content
1. Attached please see the excel sheet and let me know if you have something like this in the toolkit or if it can be produced?
Answer: Most of documents you identified are included in the toolkit (e.g., Information Security Policy, Teleworking Policy, etc.). To see which documents are included in the toolkit, and which clauses of the standard are covered by them, please access the List of documents file on this link: https://advisera.com/27001academy/iso-27001-documentation-toolkit/
Regarding other documents not included in the toolkit, included in it you will find a blank template that you can use to develop them. We do not develop customized documents, but also included in the toolkit, depending on the package you choose, you have a limited number of documents you can submit for our review, where we provide you feedback regarding corrections or improvement to be made. You also can count with an unlimited support through email, and some hours of face to face online meetings, where you can clarify some of your doubts.
2. What goes in "Justification for"? (please see the png attachment)
Answer: In the "Justification" column in the Statement of Applicability document you have to fill in why you are using or not a given control. General justifications for implementing a control are "to treat unacceptable risk XXX", "to fulfill legal requirement from law/regulation/contract YYY", or "implementation required by top management decision". As for justification for not implementing a control you can state that "there are no unacceptable risks or legal requirements demanding to implement this control".
This article will provide you further explanation about Statement of Applicability:
- The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/ -
Information classification
Answer: ISO 27001 does not prescribe which categories to implement, so organizations are free to define the ones that best suit their needs, and these can either be based on legal requirements the organization must comply with (e.g., laws or regulations which define or recommend lists of categories), based on a framework developed by the organization itself, or based on market best practices.
2 . Are there any other categories we can put the information into?
Answer: Other examples you can find are:
- Secret and Top secret
- Unclassified
- non sensitive
For further information, see:
- Information classification according to ISO 27001 https://advisera.com/27001academy/blog/2014/05/12/information-classification-according-to-iso-27001/
3. How do we really choose which categories we would put out information into
Answer: Information is classified according its value to the organization, and the impact to the organization if the information is compromised, and these are some criteria you can use to valuate it:
- cost to replace the information
- cost to acquire the information
- loss of market share
- loss of competitive advantage