Search results

Home / Search

Category:
Select
Select

11277 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • SWOT, context, interested parties and risks


    Answer:
    So, you want to link:
    * internal context;
    * external context;
    * interested parties and their needs and expectations;
    * SWOT analysis;
    * risk analysis.

    I would start by your SWOT analysis and made a “retro-engineering” exer cise: https://www.screencast.com/t/NjDSTYI7AtT

    Your Strengths and Weaknesses are internal issues with positive and negative connotations.
    Your Opportunities and Threats are external issues with positive and negative connotations.

    Not all those issues have the same weight or the same impact for your organization. Use the needs and expectations of interested parties to evaluate which issues are more relevant.

    Then, pick those relevant positive issues (internal or external) and see if you can find relevant opportunities to evaluate and act upon.
    Then, pick those relevant negative issues (internal or external) and see if you can find relevant risks to evaluate and act upon.

    You can find more information in the following links:
    - How to address risks and opportunities in ISO 9001 - https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
    - How to identify the context of the organization in ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/how-to-identify-the-context-of-the-organization-in-iso-90012015/
    - Free online ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
    - Book - ISO Internal Audit: A Plain English Guide - https://advisera.com/books/iso-internal-audit-plain-english-guide/

  • ISO 45001 legal requirements and risks

    Answer:
    Strictly speaking, clause 6.1.3, determination of legal requirements and other requirements, talks about having a process to determine what laws and other requirements apply to your OHSMS, how they apply, and what you need to do about them. This section does not necessarily link to the previous clauses about risks and opportunities. They are only together in clause 6.1, actions to address risks and opportunities, because the final sub-clause 6.1.4, planning action, applies to everything in the clause (hazards, risks, opportunities and legal requirements). Plans need to be made for all four of these things which have been determined.
    That being said, it is possible that legal requirements could result in risks and opportunities. For instance, if you found out that a legal requirement was changing that would make a chemical that was critical to your operations impossible to use this could be a risk or opportunity for you r company. If the easy replacement chemical is more hazardous to use, this is a risk for your organization. Likewise, finding a less hazardous chemical to use would be an opportunity to improve your OH&S performance, and this opportunity may only have come around due to the change in legal requirements.
    For a better understanding of all the ISO 45001:2018 requirements, see the whitepaper; Clause-by-clause explanation of ISO 45001:2018, https://info.advisera.com/45001academy/free-download/clause-by-clause-explanation-of-iso-45001

  • Scope of ISO 27001 and ISO 9001


    Answer:
    This article, How to define the ISMS scope - https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/, starts with this: “The main purpose of setting the ISMS (information security management system) scope is to define which information you intend to protect. Therefore, it doesn’t matter whether this information is stored within your company offices, or somewhere in the cloud; it doesn’t matter whether this information is accessed from your local network, or through remote access. The point is that you will be responsible for protecting this information no matter where, how, and by whom this information is accessed.”

    So, if you only intend to protect the information around the scope of your QMS (quality management system) you could use the same scope.

    The following material will provide you more information about ISMS scope and about ISMS and QMS integration:
    Problems with defining the scope in ISO 2700 1 - https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/
    Defining the ISMS scope if the servers are in the cloud - https://advisera.com/27001academy/blog/2017/05/22/defining-the-isms-scope-if-the-servers-are-in-the-cloud/
    Using ISO 9001 for implementing ISO 27001 - https://advisera.com/27001academy/blog/2010/03/08/using-iso-9001-for-implementing-iso-27001/
    How to integrate ISO 9001 and ISO 27001 - https://advisera.com/9001academy/blog/2016/09/27/how-to-integrate-iso-9001-and-iso-27001/
    Free online ISO 27001:2013 Foundations Course - https://advisera.com/training/iso-27001-foundations-course/
    Book – Secure & Simple - A Small-Business Guide to Implementing ISO 27001 on Your Own - https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/

  • ISO 27001 controls and ISO 20000


    Answer:
    ISO 20000, different than in ISO 27001, does not have defined (explicit) security controls, like Annex A in ISO 27001. However, There is Information Security Management process in ISO 20000 and that process requires that risk assessment has to be performed and controls should be determined, implemented and operated. But, it doesn't define any particular controls, yet it refers to ISO 27001 for further details.
    Meaning, if you have ISO 27001 in place, you can use controls applied in scope of the implementation.

    See more details about relation between ISO 20000 and ISO 27001 in the article "Similarities and differences between ISO 27001 and ISO 20000" https://advisera.com/20000academy/blog/2018/05/09/similarities-and-differences-between-iso-27001-and-iso-20000/

  • Reports Date

    The date of the audit report can be after the final date of the audit process, but you should not take too long to deliver the report, because there is the risk the scenario changes and the results of the audit cannot be used to correct or improve the audited process (in your example the time difference is one month, and normally it should not take more than 5 days).

    This material will provide you further explanation:
    - ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
    - ISO 27001:2013 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/

  • ISO 9001 and complaints handling


    Answer:
    In ISO 9001:2015 you can find mention to complaints in clauses 8.2.1 c); 9.1.2 (in a note) and 10.2.1. There is no reference to a mandatory procedure, but an organization with a quality management system:

    must plan how to communicate with customers when handling complaints;
    can include complaints as an input to the customer satisfaction assessment methodology; and
    should evaluate the need for corrective action after receiving a complaint

    The following material will provide you more information:
    ISO 9001 – Effective complaints management in a QMS - https://advisera.com/9001academy/blog/2014/09/16/effective-complaints-management-qms/
    Free online ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
    Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Becoming lead auditor and trainer


    Answer:
    If you work at an organization certified several years ago you already have experience as an internal auditor at your own organization. What I can recommend is following two parallel ways:

    Contact your professional network and offer your services to perform internal audits at other organizations: That will give you valuable experience in contacting other management systems, and different interpretations and uses of the management system standards; That will train your communication skills with strangers.
    Enroll in a certified and recognized Lead Auditor Course, like this one from Advisera - ISO 9001:2015 Lead Auditor Course - https://advisera.com/training/iso-9001-lead-auditor-course/ - and offer your services to certification bodies (your experience as an internal auditor at several organizations will be highly valued)

    2. I would like to become a trainer on QMS and EMS what will be the steps?

    Answer:
    I assume that you don’t wan t to be a full-time trainer. So, in that case, you should list and contact training or consulting organizations in your country that could be in need of an experienced practitioner. Many times, trainers have no hands-on experience, you can and should use your work experience as a competitive advantage. If you feel you need to certify your knowledge about management systems standards you can enroll in this course ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/

    BTW, if you consider starting to work as a consultant, somewhere in the future, perhaps this article could be useful for you - How to get new clients for your ISO 9001 consultancy - https://advisera.com/9001academy/blog/2019/03/05/how-to-get-new-clients-for-your-iso-9001-consultancy/

  • Retaining time for records


    Answer:
    Retention time will depend on several issues once there is no prescribed time in ISO standards:
    *Are there legal or regulated issues? For example, do you need to keep evidence that you tested your product before delivery to the customer for as long as a warranty is valid?
    * Are there after sale issues? For example, do you need to keep evidence to help you service customers a long time after delivery? Customers can order you parts or inquire you about parts or specifications long after the warranty period. Do your organization intend to serve them?
    * Are there contract issues? For example, does a contract with a customer requires keeping certain records/evidence for a certain number of years?
    * Are there internal issues? For example, does your organization has learning or improvement challenges that require a certain organizational memory? That may imply keeping certain records for a certain time.

    You may find more information about doc ument control in the following links:
    - Article - Records management in ISO 27001 and ISO 22301 - https://advisera.com/27001academy/blog/2014/11/24/records-management-in-iso-27001-and-iso-22301/
    - New approach to document and record control in ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/
    - Free online ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
    - Book – Managing Documentation: A Plain English Guide - https://advisera.com/books/managing-iso-documentation-plain-english-guide/

  • Planning to attain objectives


    Answer:

    Based on your organization’s strategic orientation, environmental policy and environmental assessment (aspects & impacts, risks & opportunities; compliance obligations) your organization can determine its environmental objectives and targets.

    Each objective and target represent an improvement challenge. To win that challenge your organization has to change something in the way it works presently. Today’s performance is a natural outcome of today’s way of working. If the organization wants to improve performance in a sustainable way it has to change something.

    Does the organization know what are the causes of present performance?
    Does the organization know what are the actions needed to improve performance?

    Until the answer is yes to both questions the organization should perform an investigation on root-cause analysis and/or alternative actions.

    As soon as your organization knows what should be done to meet the objecti ve and target it can develop an action plan:
    * What activities should be done;
    * By whom;
    * Until when;
    * With what resources; and
    * With what monitorization.

    The following material will provide you more information about meeting objectives and targets:
    ISO 14001 – How to Use Good Environmental Objectives - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/how-to-use-good-environmental-objectives/
    Ensuring that environmental objectives are aligned with the company’s strategic direction - https://advisera.com/14001academy/blog/2017/02/06/ensuring-that-environmental-objectives-are-aligned-with-the-companys-strategic-direction/
    ISO 14001 document template: Environmental Objectives and Plans for Achieving Them - https://advisera.com/14001academy/documentation/environmental-objectives-targets-and-programs/
    Free online training ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
    Book - THE ISO 14001:2015 COMPANION – A A Straightforward Guide to Implementing an EMS in a Small Business - https://advisera.com/books/the-iso-14001-2015-companion/

  • AS9100 Rev D differences from ISO 9001:2015


    Answer: As per the title of the document, AS9100 Rev D is applicable to aviation, space and defence organizations (commonly called the aerospace industry). This document includes all of ISO 9001:2015, with some additional requirements that are necessary for the aerospace industry. Along with some minor inclusions throughout the standard, some of the main additional are operational risk management, product safety, configuration management, product safety and prevention of counterfeit parts.
    For a better understanding of the AS9100 Rev D requirements, see this whitepaper: Clause-by-clause explanation of AS9100 Rev D, https://info.advisera.com/9100academy/free-download/clause-by-clause-explanation-of-as9100-rev-d
Page 602-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +