Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11270 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Providing SoA to customers
Answer:
In fact customers can ask for your Statement of Applicability to have an overview of your information security posture and approach, but since it contains sensitive information about how you protect information, I'd recommend you to use some cost-benefit method or criteria to identify if providing this document would be worthy, considering the risks to the business regarding the confidentiality of the information provided, and the value of this customer to your business. In case you decide to provide the Statement of Applicability you should ask customer to sign a non disclosure agreement (NDA) before you send such confidential information. -
ISO 27001 and ITIL
Answer:
If you are looking for Information Security implementation only, than ISO 27001 would be better fit. But, if you plan to implement/improve other aspects (organization, functions, processes, management of the services) than ITIL is better. ITIL will give you opportunity to manage various standards and best practices, like ISO 27001, Agile, DevOps, etc.
Learn more about ITIL and ISO 27001 in the article „Similarities and differences between ISO 27001 and ISO 20000 https://advisera.com/20000academy/blog/2018/05/09/similarities-and-differences-between-iso-27001-and-iso-20000/“. It relates ISO 27001 and ISO 20000, which is ISO standard for IT Service Management. -
Relationship between activities and stakeholders
Answer:
ISO 9001:2015 no longer require mandatory procedures. That does not mean that procedures are forbidden. So, if your organization want to use procedures they are allowed. These activities will not make part of the QMS Scope document. These activities can be related to relevant stakeholders through:
-Procedures;
-Flowcharts;
-Job descriptions;
-Templates;
-Training records
The following material will provide you information about certification:
- ISO 9001 – How to document roles and responsibilities according to ISO 9001 - https://advisera.com/9001academy/blog/2018/02/26/how-to-document-roles-and-responsibilities-according-to-iso-9001/
- Free online ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- ISO 9001:2015 Documentation Toolkit - https://advisera.com/9001academy/iso-9001-documentation-toolkit/
- Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
ISO45001:2018 vs HSG65
Answer:
While I am not an expert on HSG65, both ISO 45001:2018 and HSG65 both seem to be Occupational Health & Safety Management System (OHSMS) requirements that can be implemented in a company. Both requirements follow the Plan-Do-Check-Act methodology, and include auditing to maintain the standard. One difference seems to be that ISO 45001 focuses on worker consultation and participation in the OHSMS, where I do not see this in HSG65. There may be some differences within the standards, but the biggest difference I can see is that ISO 45001 is an internationally recognized standard, where as HSG65 is only recognized in the UK. If you are looking at an international market for your customers, this could be a determining factor.
One thing to remember is that ISO 45001:2018 also does not require certification if the const of cer tification is the driving factor to not implement this standard. The standard does give you the option to implement all aspects of the standard and then be able to claim compliance to ISO 45001:2018 (as opposed to “certification to ISO 45001:2018”). So, if the only drawback to ISO 45001 is the certification, you could compare the 2 standards to see which would be a better fit for your organization. Both will have implementation costs, and both will give you a working OHSMS, but which one will benefit you in the long term. With ISO 45001, even if you do not certify right away, you also have the choice of certifying in the future if this becomes something that will be useful to you. You will not have this choice with HSG65.
For more information on the benefits of ISO 45001:2018, see the article: 4 key benefits of ISO 45001 for your business, https://advisera.com/45001academy/blog/2015/09/30/4-key-benefits-of-iso-45001-for-your-business/ -
Business continuity plan
Answer:
Once you have identified the disruptive scenarios you have to handle, broadly speaking, the development of a continuity plan based on ISO 22301: 2012 requires the development of:
- incident response plans, with emergency actions to be performed right after the disruption being identified;
- continuity actions to bring activities back to minimum agreed levels;
- recovery actions to bring activities back to normal operations.
These materials will provide you further explanation about developing a continuity plan:
- Business continuity plan: How to structure it according to ISO 22301 https://advisera.com/27001academy/knowledgebase/business-continuity-plan-how-to-structure-it-according-to-iso-22301/
- How to write business continuity plans? https://advisera.com/27001academy/blog/2010/04/08/how-to-write-business-continuity-plans/
- Writing a business continuity plan according to ISO 22301 [free webinar on demand] https://advisera.com/27001academy/webina r/writing-a-business-continuity-plan-according-to-iso-22301-free-webinar-on-demand/
- Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/ -
ISO 9001 applicability
Answer:
Yes, your organization can implement a quality management system and certify it. Certification grew precisely with the development of international trade after the ’80s to facilitate it.
The following material will provide you information about certification:
- ISO 9001 – Six Key Benefits of ISO 9001 Implementation - https://advisera.com/9001academy/knowledgebase/six-key-benefits-of-iso-9001-implementation/
- ISO 9001 Implementation diagram - https://info.advisera.com/9001academy/free-download/iso-9001-implementation-diagram
- Free online ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- ISO 9001:2015 Documentation Toolkit - https://advisera.com/9001academy/iso-9001-documentation-toolkit/
- Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Internal audit frequency
Answer:
ISO 27001 does not prescribes frequency to perform internal audits, but requires that audits mus be planned considering the importance of the processes involved and the results of previous audits. For a certified ISO 27001 ISMS you have to ensure all elements in the scope are internally audited at least once during the certification period (three years).
This article will provide you further explanation about planning internal audits:
- How to prepare for an ISO 27001 internal audit https://advisera.com/27001academy/blog/2016/07/11/how-to-prepare-for-an-iso-27001-internal-audit/
These materials will also help you regarding internal audits:
- ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
- ISO 27001:2013 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/ -
ISO 45001:2018 Opportunities
Answer:
OH&S opportunities and other opportunities as per clause 6.1.2.3 is asking you to have a process to assess both of these types of opportunities. OH&S opportunities (clause 6.1.2.3 a) are any opportunities that may exist to improve your OH&S performance within your organization. This could include adapting work to make it safer, organizing work in way that reduces workplace injury or eliminating hazards that may exist in the workplace. An example would be replacing a cleaning chemical that is a known carcinogen with a safer chemical to clean parts in your facility.
Other opportunities (clause 6.1.2.3 b) come from outside of your organization such as changing legal compliance obligations or changes in external issues. An example of one of these other opportunities could be: if you find out that a supplier will not be able to provide you with a chemical that is critical for your product, and you can’t find the chemical anywhere else. This could be an opportunity to find a safer chemical to replace the chemical that is being made obsolete.
In both cases, you assess these opportunities to decide which need to be addressed with planning actions (clause 6.1.4).
For a more thorough discussion of opportunities in ISO 45001:2018, see the article: What are the new requirements for risks and opportunities according to ISO 45001?, https://advisera.com/45001academy/blog/2018/04/25/what-are-the-new-requirements-for-risks-and-opportunities-according-to-iso-45001/ -
How to get started with the documentation?
Answer:
We have a free webinar on how to get started with the documentation: How to use a Documentation Toolkit for the implementation of ISO 13485: https://advisera.com/13485academy/webinar/how-to-use-a-documentation-toolkit-for-the-implementation-of-iso-13485-free-webinar/
The next step would be to gather all your internal documents and information and start to create a quality manual followed by the relevant standard operating procedure (SOP) required by the Standard. -
Applicability of ISO 13485 for medical device store
Answer:
In the context of a medical device store, Good Distribution Practice (country specific regulation) would be more applicable in your case . ISO 13485 is an international standard and guideline to provide medical device companies a framework to establish their Quality Management System (QMS). For the context of a medical device store, your role would be more involved in ensuring that product that does not conform to requirements are identified, segregated, stored appropriately to prevent their unintended use or delivery.