Search results

Home / Search

Category:
Select
Select

11277 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • ISO 20000 for internet data center

    Yes, ISO 20000 certification for internet data center is good idea.
    Here are few benefits of the ISO 20000 implementation (and certification):
    - proof of excellence in IT Service Management (ITSM)
    - getting ITSM “under control” – meaning managed, measured and improved processes, clear roles&responsibilities, etc.
    - distinctiveness from other, non ISO 20000 certified, companies
    - integration of ITSM and business operation as well as stakeholders (and their expectations)
    - “same language” inside organization
    You can find out more in the article “5 key benefits of ISO 20000 implementation” https://advisera.com/20000academy/blog/2016/02/09/5-key-benefits-of-iso-20000-implementation/

  • Planning communication


    Answer:
    Your organization, with ISO 9001:2015 clause 4.2, determined relevant interested parties and their relevant requirements and/or expectations. So, considering those relevant interested parties, your organization should determine what needs to be communicated to each party in terms of the quality management system. For example, your organization may want to communicate process performance to employees, or health care results to clients or their families or the local community. For each “what to communicate” your organization should plan (I use a table):
    when to communicate – once per month? once per year? Every quarter?
    to whom communicate – clearly state who will be the recipients of communication
    how will you communicate? – a newsletter? An internal meeting? An e-mail? A press release? An internal report?
    Who will communicate? – Which function or functions will be responsible for the communication?

    The following material will provide you information about communication:
    - Communication requirements according to ISO 9001:2015 - https://advisera.com/9001academy/blog/2016/11/01/communication-requirements-according-to-iso-9001-2015/
    - You can enroll for free in this ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Looking for consultancy work

    I am a ISO lead auditor with 14 yrs experience in the standards and am looking also at expanding my portfolio to include IT ISO auditing
    Any ideas or help appreciated.”

    Answer:
    Based on your experience description, I would start by contacting consultancy organizations in the market to offer my services as a freelance consultant. At the same time, I would start my commercial activity in order to find clients on my own, and I would develop my marketing activities by starting a blog, or any other way of showing my know-how and experience. About entering IT ISO auditing I can say that it is a very hot job right now with strong demand worldwide:

    The following material will provide you information about getting clients as a consultant:
    - How to get new clients for your ISO 9001 consultancy - https://advisera.com/9001academy/blog/2019/03/05/how-to-get-new-clients-for-your-iso-9001-consultancy/
    - You c an enroll for free in this ISO 9001:2015 Lead Implementer Course - https://advisera.com/training/iso-9001-lead-implementer-course/
    - ISO 27001:2013 Foundations Course - https://advisera.com/training/iso-27001-foundations-course/
    - book - SECURE & SIMPLE: A Small-Business Guide to Implementing ISO 27001 On Your Own - https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/

  • Preparing an environmental risk assessment


    Answer:
    To prepare an environmental risk assessment I consider the definition of risk, the effect of uncertainty that can promote a deviation from intended results. This definition should focus out attention upon intended and unintended results. Then, considering clause 6.1.1 I look into environmental aspects and impacts and determine what possible positive or negative deviations can occur. For example, your organization can control and monitor wastewater quality. What can go wrong with that control or monitoring operation? Look also into compliance obligations, what can go wrong that impair your organization’s capability of complying with water quality discharge permit requirements? Look also into what comes out of context analysis, clauses 4.1 and 4.2. For example, can your organization take advantage of technological developments to improve raw materials consumption? Or consider trends in legislation that can increase environmental performance in a near future.

    The follo wing material will provide you information about handling of environmental risks:
    - Should you use a risk register for the ISO 14001 EMS? - https://advisera.com/14001academy/blog/2016/10/17/should-you-use-a-risk-register-for-the-iso-14001-ems/
    - Risks and opportunities in ISO 14001:2015 – What they are and why they are importante - https://advisera.com/14001academy/blog/2016/03/07/risks-and-opportunities-in-iso-140012015-what-they-are-and-why-they-are-important/
    - ISO 14001 risks and opportunities vs. environmental aspects - https://advisera.com/14001academy/blog/2016/06/06/iso-14001-risks-and-opportunities-vs-environmental-aspects/
    - free online training ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
    - book - THE ISO 14001:2015 COMPANION – A A Straightforward Guide to Implementing an EMS in a Small Business - https://advisera.com/books/the-iso-14001-2015-companion/

  • Queries about management review

    #1 9.3.2. c) 1) -Does this section may include received certificates from different sponsorships as appreciation like from schools, or clearances/certificates for compliance/registration from different government agencies as required by law?

    Answer:
    Yes, as long as they allow your organization to perceive your client’s perception about your work. You can also include complaints, praises, client’s evaluations, for example.

    #2 9.3.2. e) - What are the specific documents to be inserted or evaluated as source for presentation during the management review meeting/presentation?

    Answer:
    Your organization previously evaluated risks and opportunities and classified some of them as relevant. According to clause 6.1.2 a) your organization planned some actions to handle those relevant risks and opportunities. Later, your organization will upda te the list of risks and opportunities and their classification. At the management review organizations evaluate if their action plans were effective in reducing, minimizing or controlling risks, or taking advantage of opportunities. This can be evidenced through a risk and opportunities register with a column for evaluating action plans effectiveness.

    #3 9.3.2. f)- Previous management review presented a SWOT Analysis, does this said document be updated for this coming new management review or is there any specific documents to be inserted or evaluated as source for presentation during the management review meeting/presentation?”

    Answer:
    SWOT analysis is more about clause 9.3.2. b).
    Clause 9.3.2. f) is about general improvement opportunities resulting from considering all the inputs to the management review.

    The following material will provide you information about management review:
    - ISO 9001 – How to make Management Review more useful in the QMS - https://advisera.com/9001academy/blog/2014/01/21/make-management-review-useful-qms/
    - How to Make Management Review More Practical - https://advisera.com/9001academy/blog/2013/12/10/make-management-review-practical/
    - You can enroll for free in this ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
    - Free webinar on demand – How to perform management review according to ISO 9001:2015 - https://advisera.com/9001academy/webinar/how-to-perform-management-review-according-to-iso-9001-2015-free-webinar-on-demand/
    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • ISO 27001 implementation and certification


    Answer:

    Applying the standard is not the same as certifying for it. The certification requires a certification body to audit your implementation and verify if it is compliant with all requirements from the standard.

    You can implement the standard and not pursue certification. In this case what happens is that this way you gather only partial benefits of the standard (e.g., better internal organization and reduced costs from incidents), but cannot use this implementation as a proper market tool and competitive differential.

    To know more about ISO 27001, I recommend these materials:
    - What is ISO 27001 https://advisera.com/27001academy/what-is-iso-27001/
    - ISO 27001 implementation checklist h ttps://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
    - ISO 27001/ISO 22301: The certification process [free webinar on demand] https://advisera.com/27001academy/webinar/iso-27001iso-22301-certification-process-free-webinar-demand/
    - Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

  • Validation of IT Service Management System

    We are currently implementing a new Service Management System, i.e. the system to handle tickets from users when having Incidents or service requests regarding their use of IT.
    Off course we have many validated IT systemes - and tickets regarding these systems are also handled in this new SMS.
    I have now gotten into discussion around validation of this new Service Management System.
    In my perception the tickets are Quality Records - and a system handling quality records would need validation.
    However I cannot not find a direct link anywhere in ISO13485:2016 - or elsewhere describing this scenario and the requirement to validate.
    Am i wrong in my conclusion ?

    Answer:

    Indeed, you are right that this is a quality record system, therefore, it should be validated. You can refer to clause 4.1.6 and 7.5.4 Servicing activities in ISO 13485 for more information.

    This material will help you regarding the validation of your system:

    Procedure for Documentation and Validation of Computer Softwar e
    https://advisera.com/13485academy/documentation/procedure-for-validation-of-computer-software-iso-13485-2016/

  • Risk assessment


    Answer:

    For an asset-threat-vulnerabilty risk assessment approach a reasonable quantity of identified threats will depend on the quantity of identified assets. A good parameter is to consider 5 threats for each asset identified. Less than 5 threats per asset and you may left out a relevant risk related to that asset. More than 5 threats per asset and you will probably have a big number of minor risks that will only make your work unnecessarily complex. It is important to note that a same threat can be associated to different assets, so, for example, for 3 assets you do not need to identify 15 different threats.
    This article will provide you further explanation about risk assessment:
    - ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/

    These materials will also help you regarding risk as sessment:
    - The basics of risk assessment and treatment according to ISO 27001 [free webinar] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/
    - Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/

  • Risks and opportunities


    In our Integrated Management System we have implemented Risks and we have qualified very well in the audits, but insist that we need to better determine the Opportunities according to this common requirement for the 2 Norms (9001 and 27001).

    Can you guide me to implement in a strategic and simple way this of the Opportunities, to fulfill of a part with the requirement and to qualify in the audits but mainly to administer properly this in our Integrated System of Management.)

    Answer:

    The most straightforward way to fulfill this treatment of opportunities is by means of continual impr ovements implemented to fulfill interested party requirements and achieve the ISMS expected goals. For example, if one of the ISMS's objectives is to increase employees productivity, implementing teleworking may be an opportunity to achieve that.

    This article will provide you further explanation about risks and opportunities:
    - How to address opportunities in ISO 27001 risk management using ISO 31000 https://advisera.com/27001academy/blog/2018/04/13/how-to-address-opportunities-in-iso-27001-risk-management-using-iso-31000/
Page 588-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +