Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11269 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
ISO 27017 certification
We've received additional question:
>Thanks for the answer, but I still have not received a response to the question, are there any documents that can only be used for 27017 assuming that I already have prepared documents for 27001?
Answer:
First of all, sorry for this confusion.
Most of the adjustments to include ISO 27017 recommendations can be made on existent ISO 27001 documents. The only documents you should create specifically for ISO 27017 are a Cloud Security Policy and a Policy for Data Privacy in the Cloud.
To see an example on how ISO 27017 recommendations relate to ISO 27001 documents, please take a look at the List of documents file of our ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit at this link: https://advisera.com/wp-content/uploads//sites/5/2019/03/List_of_documents_ISO_27001_ISO_27017_ISO_27018_Cloud_Documentation_Toolkit_EN.pdf -
Integrating Quality and Environment in a Management System
1. How is ISO 9001 to my industry?
Answer:
Look into clause 4.2 of ISO 9001:2015. Determine the relevant interested parties, the stakeholders, and determine their requirements and expectations. Quality in most organizations is about satisfying requirements and expectations of interested parties, quality is about having hydropower availability when expected, quality is about minimizing costs. Model the functioning of your organization as a set of processes that want to deliver satisfied interested parties, availability, and efficiency.
“2. How do I easily integrate both management systems since they are both being manned by one person?”
Answer:
You can compare both standards and realize that there is a lot in common. When I implement integrated management systems, I describe the organization as a set of processes that deliver the purpose, the mission of the organization. Then, after an initial environmental assessment, I determine what processes or activities must be improved or standardized in order to eliminate or minimize significant environmental impacts. That translates into making changes in some of the processes. Concerning top management, the policy, objectives, context, interested parties and part of the risks are common.
The following material may help you with that challenge:
- How to integrate ISO 14001 and ISO 9001 - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/how-to-integrate-iso-14001-and-iso-9001/
- How to implement integrated management systems - https://advisera.com/articles/how-to-implement-integrated-management-systems/
- ISO 9001 Implementation diagram - https://info.advisera.com/9001academy/free-download/iso-9001-implementation-diagram
- Free ISO 9001:2015 Gap Analysis Tool - https://advisera.com/9001academy/iso-9001-gap-analysis-tool/
- Free webinar on demand – How to integrate ISO 9001:2015 and ISO 14001:2015 - https://advisera.com/9001academy/webinar/how-to-integrate-iso-90012015-and-iso-140012015-free-webinar-on-demand/
- Free online ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- Free online ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-9001-lead-implementer-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Requirements to become consultant
Do I need to be certified, in some way, to help them design and implement a Quality management policy that will eventually be audited by an ISO auditor?”
Answer:
No, you do not need to be certified in any way. As long as you have project management skills, as long as you have communication skills and as long as you know the management system standard.
The following material may help you with that challenge:
- ISO 9001 – Checklist of ISO 9001 implementation & certification steps - https://advisera.com/9001academy/knowledgebase/checklist-of-iso-9001-implementation-certification-steps/
- ISO 9001 Implementation diagram - https://info.advisera.com/9001academy/free-download/iso-9001-implementation-diagram
- Free ISO 9001:2015 Gap Analysis Tool - https://advisera.com/9001academy/iso-9001-gap-analysis-tool/
- Free course - ISO 9001:2015 Found ations Course - https://advisera.com/training/iso-9001-foundations-course/
- Free course - ISO 9001:2015 Lead Implementer Course - https://advisera.com/training/iso-9001-lead-implementer-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
ISO 9001 and Construction
1. Where should we start?
Answer:
When implementing a QMS I see it as a project with two work fronts A and B.
A is about modeling how the organization works based on what is called the process approach. Describing an organization as a set of interacting projects.
See this generic example:
Then, for each process look for what can go wrong and should be improved, look for opportunities to take advantage, and see if ISO 9001:2015 requirements are already being met. Describe those processes in order to standardize your work.
B is about where is the organization going to. It is about strategic orientation, objectives, and plans to meet them.
2. Is it beneficial that we already have SOP in place?
Answer: It is very beneficial. That means that there is a culture of organizing the work, there is already experience of having internal standards.
3. As a construction company, what part of physical construction work needs to be outlined and documented within the QMS?
Answer: One of the first activities in B, mentioned above, is defining the QMS scope. Your organization can do a lot of construction work and define that will be only about bridge construction, for example.
4. How is remove and replace construction work defined? Product or service?
Answer: Trust me that is not important. For example, there is a marketing approach called service-dominant logic that defends that everything is the service. When a customer contracts your organization they do not care about construction. They want the outcome of your organization's work
5. How do most construction companies define their organizations?
Answer: List a number of construction companies that you know and are certified and search the internet for their certificate and check what is their scope.
The following material will provide you information about implementing a QMS:
- ISO 9001 – How to define the scope of the QMS according to ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/how-to-define-the-scope-of-the-qms-according-to-iso-90012015/
- Would construction companies benefit from ISO 9001? - https://advisera.com/9001academy/blog/2016/06/07/would-construction-companies-benefit-from-iso-9001/
- Case study for ISO 9001:2015 transition in a construction company - https://info.advisera.com/9001academy/free-download/case-study-for-iso-9001-2015-transition-in-a-construction-company
- Free online ISO 9001:2015 Lead Implementer Course - https://advisera.com/training/iso-9001-lead-implementer-course/
- Free webinar on demand – Overview of ISO 9001 implementation steps - https://advisera.com/9001academy/webinar/overview-of-iso-9001-implementation-steps-free-webinar-on-demand/
- Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Does the medicinal product licence holder need to comply with ISO 13485 ?
Answer:
As a product license holder (with no manufacturing responsibilities including primary assembly of products), you are not required to comply with ISO 13485 however your contract manufacturer has to comply with ISO 13485.
For further information, please look at the following article:
-What are the consequences of noncompliance with ISO 13485 for manufacturers of medical devices? https://advisera.com/13485academy/blog/2017/11/02/what-are-the-consequences-of-noncompliance-with-iso-13485-for-manufacturers-of-medical-devices/ -
Diagram of ISO 27001 Risk Assessment and Treatment Process
Answer:
This diagram was created as a visual practical example on how to perform risk assessment and treatment considering the asset-threat-vulnerability risk assessment approach, so unfortunately there are not other examples available
This article will provide you further explanation about risk assessment:
- ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
These materials will also help you regarding risk assessment:
- The basics of risk assessment and treatment according to ISO 27001 [free webinar] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/ -
Use of certification bodies and their selection
Thank you very much Carlos for your time and helpfull answers. -
Articles and documents update
Answer:
Toolkit documents are updated more often than articles, because while articles aim to provide general examples on relevant topics of ISO 27001 and other standards covered by Advisera, documents must provide deeper information that must be compliant with standard's requirements. -
Inputs/Outputs in a process
Answer:
Every organization consists of a set of interacting processes. Each process includes a series of activities that utilize certain resources transforming the inputs into outputs:
- Inputs are the resources used or needed in the execution of a process or process step. They can be information, raw materials, ect.
- Outputs are the results of a process or process step.
When determining the inputs and outputs of each process, you don´t need to get into much detail, since identifying each step of every process could be a task with no end. Your company just need to understand how the transformation is carried out through a process to create the product or service offered by the organization.
For more information, see:
- Article - ISO 9001:2015 process vs procedure- some practical examples: ht tps://advisera.com/9001academy/blog/2016/01/19/iso-90012015-process-vs-procedure-some-practical-examples/
- Article - ISO 9001- The importance of the process approach: https://advisera.com/9001academy/blog/2015/12/01/iso-9001-the-importance-of-the-process-approach/
- Free white paper - How to create an ISO 9001 process flowchart: https://info.advisera.com/9001academy/free-download/how-to-create-an-iso-9001-process-flowchart
- Book – Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Free on-line training – ISO 9001:2015 Foundations: https://advisera.com/training/iso-9001-foundations-course/ -
Appointment of Project Managers
Answer:
There are not specific requirements in ISO 9001:2015 for appointing a project manager in an organization. The company just need to make sure that the person hired is competent to perform the tasks related to the position.
What it is a requirement in the standard is having job descriptions, which specify daily tasks and objectives of a role. Basically this job description organize and describe the responsibilities and authorities of each role and states the external qualification (e.g. engineer, architect, ect.) and internal qualification (e.g. training on a certain work procedure) needed.
For more information about appointing a project manager in ISO 9001, see these materials:
- Article - How to create an ISO 9001:2015 human resources audit checklist: https://advisera.com/9001academy/blog/2019/02/28/how-to-create-an-iso-90012015-human-resources-audit-checklist/
- Book – Discover ISO 9001:2015 throug h practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Free on-line training – ISO 9001:2015 Foundations: https://advisera.com/training/iso-9001-foundations-course/