Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11269 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Developing policies and procedures
Answer:
The first step to develop polices and procedures is to identify which requirements the policy or procedure must fulfill. For example, your organization may have contracts, laws, or regulations with clauses defining a specific approach for a governance solution. After identifying those requirements you should consider the context of your organization regarding size, processes complexity, and staff maturity.
These articles will provide you further explanation about developing policies and procedures:
- Seven steps for implementing policies and procedures https://advisera.com/27001academy/knowledgebase/seven-steps-for-implementing-policies-and-procedures/
- 8 criteria to decide which ISO 27001 policies and procedures to write https://advisera.com/27001academy/blog/2014/07/28/8-criteria-to-decide-which-iso-27001-policies-and-procedures-to-write/
- How detailed should the ISO 27001 documents be? https://advisera.com/27001academy/blog/2014/09/22/detailed-iso-27001-documents/ -
ISO 27001 naming scheme
Answer:
A ISO 27001 não prescreve nenhum conjunto específico de nomes para uma organização usar, então elas são livres para adotar o esquema que melhor lhes convier.
Como sugestão para organização de arquivos, eu sugiro que você dê uma olhada no demo do nosso Kit de Documentação da ISO 27001 neste link: https://advisera.com/27001academy/pt-br/kit-de-ferramentas-da-documentacao-da-iso-27001/
Os documentos do kit estão organizados em pastas com nomes e em uma sequência didática de implementação que você adotar para a sua estrutura de arquivos.
Para entender os termos usados pela ISO 27001, sugerimos que você dê uma olhada na ISO 27000, que fornece visão geral e vocabulário para segurança da informação, neste lin k: https://www.iso.org/standard/73906.html
A partir desta norma, você pode encontrar termos que você pode aplicar em seu esquema de nomenclatura. -
People and clause 7.1.2
Answer:
The standard requires that an organization has the persons considered necessary to effectively operate and control the quality management system.
For example, a hotel may establish that breakfasts must be serviced by different number of employees as a function of number of guests, a hospital may establish that a certain service must has a certain composition in terms of number of persons and professional categories, a long distance bus company may establish a crew composition as function ok kilometers of the service. In other cases, legislation or regulation may establish a number of persons performing a role and their qualification.
The following material will provide you information about resources:
- ISO 9001 – How to create an ISO 9001:2015 human resources audit Checklist - https://advisera.com/9001academy/blog/2019/02/28/how-to-create-an-iso-90012015-human-resources-audit-checklist/
- Free webinar – The Process Approach - What it i s, why it is important, and how to do it - https://advisera.com/9001academy/webinar/iso-9001-process-approach-free-webinar-on-demand/
- free online training ISO 9001:2015 Internal Auditor Course – https://advisera.com/training/iso-9001-internal-auditor-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ (deeply based on the process approach) -
Risk management and the process approach
Answer:
When I work with organizations in determining their risks, I use three perspectives:
I consider ISO 9001:2015 clause 4.4.1 – what can go wrong in each process
I consider ISO 9001:2015 clause 5.1.2b) – what can go wrong with products and/or services
I consider ISO 9001:2015 clause 6.1a) – what can go wrong with our intended QMS results, QMS objectives.
“Some managers even ask if quality objectives are the same as the performance objectives.”
Answer:
Yes, one can say that quality objectives are performance objectives.
“Can one process be used to meet several objectives.”
Answer:
Yes, one process can be instrumental to meet more than one objective. I like to make the relationship between objectives and processes very clear. That is why I recommend using a matrix like this one:
This way one can find that currently there is no process in place that can help the organization to meet Objective A, and that Processes 1 and 3 do not contribute to any quality objective.
“What is the main difference between process approach and risk management many people ask me.”
Answer:
The matrix above is a representation of the process approach. The intended results of an organization will be met through processes. There are no random results. If we don’t like current performance, we should act upon what we do, one or more of our processes. That is why in Quality there is the saying: Don’t blame the product (the result), blame the process (behind it). Risk management is about determining risks, evaluating them, deciding if some of them are significant, and act to reduce, control or eliminate those significant risks.
The following material will provide you information about risks and the process approach:
- ISO 9001 – How to address risks and opportunities in ISO 9001 - https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
- Free webinar – The Process Approach - What it is, why it is important, and how to do it - https://advisera.com/9001academy/webinar/iso-9001-process-approach-free-webinar-on-demand/
- free online training ISO 9001:2015 Internal Auditor Course – https://advisera.com/training/iso-9001-internal-auditor-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ (deeply based on the process approach) -
ISO 9001 and documentation for a Construction Company
Answer:
I recommend you start describing how the company works as a set of processes. Then, relate those processes with ISO 9001:2015 clauses
When implementing a QMS I see it as a project with two work fronts: A and B.
A is about modeling how the organization works based on what is called the process approach. Describing an organization as a set of interacting processes.
See this generic example:
Then, for each process look for what can go wrong and should be improved, look for opportunities to take advantage, and see if ISO 9001:2015 requirements are already being met. Describe those processes in order to standardize your work.
B is about where is the organization going to. It is about strategic orientation, objectives and plans to meet them. It is about overall risks and opportunities and what to do to manage them.
“(2) How to define SOPs, KPIs and necessary documents?”
Answer:
ISO 9001:2015 clause 4.4.2a ) gives a lot of freedom to organizations about which documents to create. That will be a function of the complexity of your organization, of the experience and turnover of your employees, of the requirements of customers, and current performance challenges.
The following material will provide you information about implementing ISO 9001:2015 in a Construction company:
- ISO 9001 – Case study for ISO 9001:2015 transition in a construction company - https://info.advisera.com/9001academy/free-download/case-study-for-iso-9001-2015-transition-in-a-construction-company
- ISO 9001:2015 Documentation Toolkit - https://advisera.com/9001academy/iso-9001-documentation-toolkit/
- Free webinar – The Process Approach - What it is, why it is important, and how to do it - https://advisera.com/9001academy/webinar/iso-9001-process-approach-free-webinar-on-demand/
- free online training ISO 9001:2015 Internal Auditor Course – https://advisera.com/training/iso-9001-internal-auditor-course/ -
Organization of folder using Advisera template
As we now move towards an ISO 13485 QMS additional to our existing ISO 17025 and maybe more QMS will follow we face the problem that we are doing so far everything manually, print, sign scan etc. The more documents we have the more probable is that we will miss something. Any suggestions from your experience how to simplify this work or how companies with several QMS system deal with this problem? I have seen that you speak about Conformio, would this be a solution or other suggestions?
Answer:
The structure of the folder is meant to give you a base to organize the QMS and to pr ovide you with an ease of accessibility and retrieval during the actual audit. So you can build the structure both ways depending on which suits you better in terms of organization and as long as you have the appropriate documentation in place to comply with ISO 13485.
Notified body does not usually meddle with how the company organizes the structure of the folders so it is only important that you can provide the documentation when being asked for it by the auditors.
Advisera has a platform known as Conformio which is a compliance implementation and maintenance platform that has a document management component that was purpose-built to support the certification process. It has a simple and user-friendly Document management system incorporated. You are able to upload, download, edit and delete your files, create new ones and sort them in folders which you can also add and manage. We will be happy to give you a tour if you are interested, please just let us know. -
Identifying controls for internal audit
1. e.g. I need to audit an E-Health software name X for instance, which controls do I need to use? let's say that I need to audit the authentication, fail over, vulnerability patch, data leaking, Privacy, compliance for GDPR etc....or even physical security. Every questionnaire contains a checklist of "27k2" questions. However, which questions from Chapter 5-18 do I need to use? all? or only the ones that are applicable but how do I know which ones or which controls are applicable or aren't applicable?..I m really lost.
Answer:
The main guidance to identify which controls to audit is the Statement of Applicability document. This document will inform you which controls were identified as applicable to this software and a general overview of the implementation approach and the implementation status. From the controls identification you can identify on the internal audit checklist which questions you should ask in your audit of this software.
This article will provide you further explanation about performing internal audit:
- How to make an Internal Audit checklist for ISO 27001 / ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/
These materials will also help you regarding internal audit:
- ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
- ISO 27001:2013 INTERNAL AUDITOR COURSE https://advisera.com/training/iso-27001-internal-auditor-course/ -
Exclude design?
Answer:
Did your organization introduce new services in the last 5 years? For example, if a new epidemic appears, will your organization supply a new prevention and control service? If a new legislation requires changing the service specifications how will your organization plan and introduce those changes? If your answer is yes to one of these questions ISO 9001:2015 clause 8.3 is applicable.
The following material will provide you information about the exclusions:
- ISO 9001 – What clauses can be excluded in ISO 9001:2015? - https://advisera.com/9001academy/blog/2015/07/07/what-clauses-can-be-excluded-in-iso-90012015/2015/
- - free online training ISO 9001:2015 Internal Auditor Course – https://advisera.com/training/ course/iso-90012015-internal-auditor-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
OHSAS 18001 to ISO 45001 Transition
Answer:
If you have already implemented another standard such as Iso 89001:2015 or Iso 14001:2015, then you will have implemented most of the new requirements for ISO 45001:2018 standard (such as context of the organization and interested parties) since the main changes in the standard have come from the re-formatting to Annex SL. Apart from this the most important thing to review are the requirements for consultation and participation of workers in the standard as this is also new.
One of the best ways to ensure that you have everything is to perform a gap analysis. You can use a simple gap analysis such as this free ISO 45001 Gap Analysis Tool (https://advisera.com/45001academy/iso-45001-gap-analysis-tool/), or you can take each ‘shall’ statement of the standard and place this is a table with a column to assess if you already do this and where the information is located. You can then find what you are not doing, which are th e gaps that you need to address.
For some help planning the transition from OHSAS 18001 to ISO 45001 see the whitepaper: Twelve-step transition process from OHSAS 18001 to ISO 45001, https://info.advisera.com/45001academy/free-download/twelve-step-transition-process-from-ohsas-18001-to-iso-45001 -
Melhorar a assertividade das metas
Há outros fatores que possam melhorar a assertividade das metas?”
Answer:
Quando falamos de objectivos e metas a nível de ISO 9001:2015. Podemos estar a falar de objectivos e metas que decorrem da política da qualidade, ou de objectivos e metas que decorrem dos processos da organização.
Os objectivos e metas que decorrem da política da qualidade serão tanto mais relevantes e assertivos quanto mais a política da qualidade estiver sintonizada com a orientação estratégica da organização. Por exemplo, se a estratégia de uma organização passa pela inovação, faz muito mais sentido que os objectivos da qualidade sejam sobre a inovação e os seus resultados, do que sobre a eficiência da organização.
Já quanto aos objectivos e metas associados a processos, uso como técnica, definir primeiro a finalidade do processo, a sua razão de ser, e depois fazer um exercício de traduzir cada afirmação da finalidade em desafios quantificados. Por exemplo, estou a trabalhar com uma empresa que realiza pequenas obras de fibra óptica. Um dos seus processos chama-se “Ganhar adjudicação”. Qual a sua finalidade?
Arranjar trabalho que dê rentabilidade à empresa;
Cumprir o acordado sem falhas.
A partir desta finalidade a empresa definiu os seguintes indicadores:
Volume de trabalho adjudicado em euros;
Rentabilidade EBITDA da empresa;
Número de reclamações recebidas;
Número de garantias accionadas.
Os materiais que se seguem dão mais informação sobre o tema:
- ISO 9001 – How to Write Good Quality Objectives - https://advisera.com/9001academy/knowledgebase/how-to-write-good-quality-objectives/
- Free webinar – Measurement, analysis, and improvement according to ISO 9001:2015 - https://advisera.com/9001academy/webinar/measurement-analysis-and-improvement-according-to-iso-9001-2015-free-webinar/
- free course ISO 9001:2015 Foundations Course -https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/