Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11269 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Planning to attain objectives
Answer:
Based on your organization’s strategic orientation, environmental policy and environmental assessment (aspects & impacts, risks & opportunities; compliance obligations) your organization can determine its environmental objectives and targets.
Each objective and target represent an improvement challenge. To win that challenge your organization has to change something in the way it works presently. Today’s performance is a natural outcome of today’s way of working. If the organization wants to improve performance in a sustainable way it has to change something.
Does the organization know what are the causes of present performance?
Does the organization know what are the actions needed to improve performance?
Until the answer is yes to both questions the organization should perform an investigation on root-cause analysis and/or alternative actions.
As soon as your organization knows what should be done to meet the objecti ve and target it can develop an action plan:
* What activities should be done;
* By whom;
* Until when;
* With what resources; and
* With what monitorization.
The following material will provide you more information about meeting objectives and targets:
ISO 14001 – How to Use Good Environmental Objectives - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/how-to-use-good-environmental-objectives/
Ensuring that environmental objectives are aligned with the company’s strategic direction - https://advisera.com/14001academy/blog/2017/02/06/ensuring-that-environmental-objectives-are-aligned-with-the-companys-strategic-direction/
ISO 14001 document template: Environmental Objectives and Plans for Achieving Them - https://advisera.com/14001academy/documentation/environmental-objectives-targets-and-programs/
Free online training ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
Book - THE ISO 14001:2015 COMPANION – A A Straightforward Guide to Implementing an EMS in a Small Business - https://advisera.com/books/the-iso-14001-2015-companion/ -
AS9100 Rev D differences from ISO 9001:2015
Answer: As per the title of the document, AS9100 Rev D is applicable to aviation, space and defence organizations (commonly called the aerospace industry). This document includes all of ISO 9001:2015, with some additional requirements that are necessary for the aerospace industry. Along with some minor inclusions throughout the standard, some of the main additional are operational risk management, product safety, configuration management, product safety and prevention of counterfeit parts.
For a better understanding of the AS9100 Rev D requirements, see this whitepaper: Clause-by-clause explanation of AS9100 Rev D, https://info.advisera.com/9100academy/free-download/clause-by-clause-explanation-of-as9100-rev-d -
Scope of Certification
What are all the products to be added in the Scope of Certification?
You can add all the products that the company is producing for automotive in the scope of certification.
If the product is is in under development stage (4th Phase in APQP) No PPAP approval got from the customer. Will it be possible to add in the Scope of Certification?
Yes, it is possible to add it in the scope product that is under development based on 4.3. the requirement of IATF 16949.
The following material will provide you more information about the scope: How to define the scope of the QMS according to IATF 16949:2016 https://advisera.com/16949academy/blog/2017/06/28/how-to-define-scope-of-the-qms-according-to-iatf-16949/ -
Document preservation
Answer:
No, ISO 9001:2015 does not mandate the use of plastic covers.
I believe that that idea came to life because of ISO 9001:2015 clause 7.5.3.2 b) about preservation.
If preservation is an issue because the flyer, for example, will be posted on a place where sun and rain can deteriorate its legibility, perhaps the plastic cover makes sense as protection. But it is not mandatory nor needed everywhere.
You can find more information about document control here:
The following material will provide you more information on ISO 9001:
ISO 9001 – Some Tips to make Document Control more useful for your QMS - https://advisera.com/9001academy/blog/2014/05/20/tips-make-document-control-useful-qms/
You can enroll for free at ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-9001-internal-auditor-course/
ISO 9001 – How to set up doc ument approval/withdrawal within your QMS based on ISO 9001:2015 - https://advisera.com/9001academy/blog/2016/04/12/how-to-set-up-document-approvalwithdrawal-within-your-qms-based-on-iso-90012015/
Book - Managing ISO Documentation: A Plain English Guide - https://advisera.com/books/managing-iso-documentation-plain-english-guide/ -
Fake ISO certificate?
Answer: Look into the certificate that you want to check and identify the name of the accreditation body under which the certificate was issued. Then with that name, you can follow the procedure mentioned in this article – How to know whether ISO 9001 certificate is valid? –https://advisera.com/9001academy/blog/2018/05/23/how-to-know-whether-iso-9001-certificate-is-valid/ – to see if the accreditation body is authorized by the International Accreditation Forum (IAF). If the accreditation body belongs to IAF and you have doubts about the certificate you should contact the accreditation body and explain your concerns. The following material will provide you more information on ISO 9001: You can enroll for free at ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-9001-internal-auditor-course/ Book – Discover ISO 9001: 2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Scope template
Answer:
To see how an ISMS Scope Document looks like, I suggest you to take a look at the free demo of ours at this link: https://advisera.com/27001academy/documentation/isms-scope-document/
This document will help you clearly define the boundaries of the ISMS in terms of your process and services, business units, locations, and IT infrastructure. -
Template content
(Action) takes place "outside" the organization. The process can be: Registered shipping, encryption via TLS /SMTP, or similar. What exactly is meant by that? In my opinion, there are two interpretations:
a) The operation is actually outside the organizational unit. For example, an email is sent from a home office workstation. In this case, the email would be encrypted.
b) The process goes outside the organizational unit, so the shipment would be from internal to external.
The document is: Information Classification Policy
For shipping outside the organization, the document must be sent by a registered mail.
For shipping outside the organization area, the shipping method registered mail with acknowledgment of receipt must be selected.
The sending of email outside the organization must be encrypted.
Answer:
In the context of the Information Classification Policy "outside" means people or other entities not under responsibility or contro l of the organization (e.g., suppliers, customers, government, etc.). For example, when a regulator body issues a new regulation the organization must comply with, this regulation comes from outside the organization. Information that comes from people (e.g., employees, contractors) or other entities under control of the organization (e.g., subsidiaries) must be considered to come from "inside", even if they come from out of premises.
This article will provide you further explanation about information handling:
- Information classification according to ISO 27001 https://advisera.com/27001academy/blog/2014/05/12/information-classification-according-to-iso-27001/ -
Toolkit content
1. 'Security Procedures for IT Department'. XXXX is an IT company, this means there is no specific IT department. Is it still obligatory for us to make this document?
Answer: First it is important to understand that this document is intended to the "department" that runs the IT systems that support the organization's business. In your case this document would be intended to the area that runs your internal IT systems, but also could be applied to IT processes you run for your customers.
Second, this document is mandatory only if controls that ISO 27001 Annex covers are required by your business, considering that:
- There are risks identified as unacceptable in the risk assessment that require the implementation of controls covered by this document
- There are legal requirements (e.g., contracts, laws, and regulations) that require the implementation of the controls covered by this document
- There is a top management decision requiring the implementation of the controls covered by this document
If none of these options occur for the controls related to this document there is no need to implement this document.
This article will provide you further explanation about selecting controls:
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
2. Risk Treatment Table: Regarding the zero's at the last column (which is Risk), are these put as an example?
Answer: The zero is the result of the formula used to calculate risk (consequence plus likelihood, on columns L and M respectively), and on the template the zero is because the template is empty. Included in the toolkit you have access to a video tutorial that will guide you on filling the Risk Treatment Table with real data.
3. Statement of Applicability: Aren't we supposed to tick the controls which are mandatory for ISO 27001 (the ones affiliated with the documentation in your PDF, ex. Statement of Acceptance of ISMS Documents is mandatory, so A.7.1.2 is applicable) ?
Answer: The Statement of Applicability goes beyond ticking applicable controls, because you also have to document the justification to apply, or not to apply, a control from Annex A, and the implementation status of each control. Additionally, considering your example, in fact it is the other way around (i.e., because A.7.1.2 is applicable the Statement of Acceptance of ISMS Documents is mandatory).
This article can provide you further information about SoA:
- The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/
4. Validity and document management (which is at the bottom of nearly each document): required or not? If it is required, may we present it on a different way (ex. in a table) ?
Answer: Validity helps fulfill requirements regarding clause 7.5.2 Creating and updating documented information, while document management helps to identify and control records related to the document, fulfilling clause 7.5.3 Control of documented information. Since ISO 27001 does not prescribe how to present this information, you can use any presentation that you see best for your organization.
These materials can provide you further information about document management:
- Document management in ISO 27001 & BS 25999-2 https://advisera.com/27001academy/blog/2021/06/27/how-to-manage-documents-according-to-iso-27001-and-iso-22301/
- Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/
5. Confidentiality Statement. Is the Policy for Handling Classified Information the same Policy as the Information Classification Policy? I could not find this in the toolkit.
Answer: These are the old and new name for the same policy, which covers both the information classification process and the handling of classified information.
This article will provide you further explanation about information classification:
- Information classification according to ISO 27001 https://advisera.com/27001academy/blog/2014/05/12/information-classification-according-to-iso-27001/ -
Periodicidad de las calibraciones
Respuesta:
Para establecer la periodicidad de calibración su organización debe tomar en cuenta por un lado las recomendaciones del fabricante así como otras consideraciones en función de las características del equipo. Estas consideraciones tienen que ver con los resultados que se van obteniendo en el tiempo y de la información de que la empresa dispone sobre el equipo.
No obstante, si su organización de trata de un laboratorio es muy común que haya una legislación o normativa específica que indique la periodicidad con la que se tienen que calibrar los equipos
Para más información puede ver estos materiales:
- Artículo https://advisera.com/9001academy/blog/2014/05/06/monitoring-measurement-equipment-control/
- Libro - Discover ISO 9001:2015 through practical examples: https://advisera.com /books/discover-iso-9001-2015-through-practical-examples/
- Curso Gratuito en línea -Fundamentos de la norma ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/