Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11277 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Scope of Certification
What are all the products to be added in the Scope of Certification?
You can add all the products that the company is producing for automotive in the scope of certification.
If the product is is in under development stage (4th Phase in APQP) No PPAP approval got from the customer. Will it be possible to add in the Scope of Certification?
Yes, it is possible to add it in the scope product that is under development based on 4.3. the requirement of IATF 16949.
The following material will provide you more information about the scope: How to define the scope of the QMS according to IATF 16949:2016 https://advisera.com/16949academy/blog/2017/06/28/how-to-define-scope-of-the-qms-according-to-iatf-16949/ -
Document preservation
Answer:
No, ISO 9001:2015 does not mandate the use of plastic covers.
I believe that that idea came to life because of ISO 9001:2015 clause 7.5.3.2 b) about preservation.
If preservation is an issue because the flyer, for example, will be posted on a place where sun and rain can deteriorate its legibility, perhaps the plastic cover makes sense as protection. But it is not mandatory nor needed everywhere.
You can find more information about document control here:
The following material will provide you more information on ISO 9001:
ISO 9001 – Some Tips to make Document Control more useful for your QMS - https://advisera.com/9001academy/blog/2014/05/20/tips-make-document-control-useful-qms/
You can enroll for free at ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-9001-internal-auditor-course/
ISO 9001 – How to set up doc ument approval/withdrawal within your QMS based on ISO 9001:2015 - https://advisera.com/9001academy/blog/2016/04/12/how-to-set-up-document-approvalwithdrawal-within-your-qms-based-on-iso-90012015/
Book - Managing ISO Documentation: A Plain English Guide - https://advisera.com/books/managing-iso-documentation-plain-english-guide/ -
Fake ISO certificate?
Answer: Look into the certificate that you want to check and identify the name of the accreditation body under which the certificate was issued. Then with that name, you can follow the procedure mentioned in this article – How to know whether ISO 9001 certificate is valid? –https://advisera.com/9001academy/blog/2018/05/23/how-to-know-whether-iso-9001-certificate-is-valid/ – to see if the accreditation body is authorized by the International Accreditation Forum (IAF). If the accreditation body belongs to IAF and you have doubts about the certificate you should contact the accreditation body and explain your concerns. The following material will provide you more information on ISO 9001: You can enroll for free at ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-9001-internal-auditor-course/ Book – Discover ISO 9001: 2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Scope template
Answer:
To see how an ISMS Scope Document looks like, I suggest you to take a look at the free demo of ours at this link: https://advisera.com/27001academy/documentation/isms-scope-document/
This document will help you clearly define the boundaries of the ISMS in terms of your process and services, business units, locations, and IT infrastructure. -
Template content
(Action) takes place "outside" the organization. The process can be: Registered shipping, encryption via TLS /SMTP, or similar. What exactly is meant by that? In my opinion, there are two interpretations:
a) The operation is actually outside the organizational unit. For example, an email is sent from a home office workstation. In this case, the email would be encrypted.
b) The process goes outside the organizational unit, so the shipment would be from internal to external.
The document is: Information Classification Policy
For shipping outside the organization, the document must be sent by a registered mail.
For shipping outside the organization area, the shipping method registered mail with acknowledgment of receipt must be selected.
The sending of email outside the organization must be encrypted.
Answer:
In the context of the Information Classification Policy "outside" means people or other entities not under responsibility or contro l of the organization (e.g., suppliers, customers, government, etc.). For example, when a regulator body issues a new regulation the organization must comply with, this regulation comes from outside the organization. Information that comes from people (e.g., employees, contractors) or other entities under control of the organization (e.g., subsidiaries) must be considered to come from "inside", even if they come from out of premises.
This article will provide you further explanation about information handling:
- Information classification according to ISO 27001 https://advisera.com/27001academy/blog/2014/05/12/information-classification-according-to-iso-27001/ -
Toolkit content
1. 'Security Procedures for IT Department'. XXXX is an IT company, this means there is no specific IT department. Is it still obligatory for us to make this document?
Answer: First it is important to understand that this document is intended to the "department" that runs the IT systems that support the organization's business. In your case this document would be intended to the area that runs your internal IT systems, but also could be applied to IT processes you run for your customers.
Second, this document is mandatory only if controls that ISO 27001 Annex covers are required by your business, considering that:
- There are risks identified as unacceptable in the risk assessment that require the implementation of controls covered by this document
- There are legal requirements (e.g., contracts, laws, and regulations) that require the implementation of the controls covered by this document
- There is a top management decision requiring the implementation of the controls covered by this document
If none of these options occur for the controls related to this document there is no need to implement this document.
This article will provide you further explanation about selecting controls:
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
2. Risk Treatment Table: Regarding the zero's at the last column (which is Risk), are these put as an example?
Answer: The zero is the result of the formula used to calculate risk (consequence plus likelihood, on columns L and M respectively), and on the template the zero is because the template is empty. Included in the toolkit you have access to a video tutorial that will guide you on filling the Risk Treatment Table with real data.
3. Statement of Applicability: Aren't we supposed to tick the controls which are mandatory for ISO 27001 (the ones affiliated with the documentation in your PDF, ex. Statement of Acceptance of ISMS Documents is mandatory, so A.7.1.2 is applicable) ?
Answer: The Statement of Applicability goes beyond ticking applicable controls, because you also have to document the justification to apply, or not to apply, a control from Annex A, and the implementation status of each control. Additionally, considering your example, in fact it is the other way around (i.e., because A.7.1.2 is applicable the Statement of Acceptance of ISMS Documents is mandatory).
This article can provide you further information about SoA:
- The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/
4. Validity and document management (which is at the bottom of nearly each document): required or not? If it is required, may we present it on a different way (ex. in a table) ?
Answer: Validity helps fulfill requirements regarding clause 7.5.2 Creating and updating documented information, while document management helps to identify and control records related to the document, fulfilling clause 7.5.3 Control of documented information. Since ISO 27001 does not prescribe how to present this information, you can use any presentation that you see best for your organization.
These materials can provide you further information about document management:
- Document management in ISO 27001 & BS 25999-2 https://advisera.com/27001academy/blog/2021/06/27/how-to-manage-documents-according-to-iso-27001-and-iso-22301/
- Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/
5. Confidentiality Statement. Is the Policy for Handling Classified Information the same Policy as the Information Classification Policy? I could not find this in the toolkit.
Answer: These are the old and new name for the same policy, which covers both the information classification process and the handling of classified information.
This article will provide you further explanation about information classification:
- Information classification according to ISO 27001 https://advisera.com/27001academy/blog/2014/05/12/information-classification-according-to-iso-27001/ -
Periodicidad de las calibraciones
Respuesta:
Para establecer la periodicidad de calibración su organización debe tomar en cuenta por un lado las recomendaciones del fabricante así como otras consideraciones en función de las características del equipo. Estas consideraciones tienen que ver con los resultados que se van obteniendo en el tiempo y de la información de que la empresa dispone sobre el equipo.
No obstante, si su organización de trata de un laboratorio es muy común que haya una legislación o normativa específica que indique la periodicidad con la que se tienen que calibrar los equipos
Para más información puede ver estos materiales:
- Artículo https://advisera.com/9001academy/blog/2014/05/06/monitoring-measurement-equipment-control/
- Libro - Discover ISO 9001:2015 through practical examples: https://advisera.com /books/discover-iso-9001-2015-through-practical-examples/
- Curso Gratuito en línea -Fundamentos de la norma ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/ -
Reviewing documentation
Answer:
Since ISO 9001:2015 does not mention “mission statement” I believe you are really mentioning the quality policy. There is no requirement for a quality policy updating frequency. Your organization should evaluate, for example, at management review if the current policy is still useful or should be updated.
“2. The same question for ISO 9001 2015 needs and expectation of the interested parties, how often it has to be updated?”
Answer:
There is no requirement for an updating frequency about needs and expectations of the interested parties. Your organization should monitor and evaluate the need to update or not who are those interested parties and what are their needs and expectations.
“3. Are there any other ISO 9001 2015 documentation that does have lifespan limitations?”
Answer:
There are no lifespan limitations in what concerns ISO 9001:2015 documentation. There maybe lifespan limitations in the result of re gulation or legislation, not because of ISO 9001:2015.
Be aware that the word “review” in ISO 9001:2015 does not necessarily mean updating a document or something. Review means “critical analysis”. For example, your organization should make a critical analysis of its quality policy and evaluate if it still is actual or needs some change.
The following material will provide you more information:
- ISO 9001 – How to set up document approval/withdrawal within your QMS based on ISO 9001:2015 - https://advisera.com/9001academy/blog/2016/04/12/how-to-set-up-document-approvalwithdrawal-within-your-qms-based-on-iso-90012015/
- You can enroll for free at ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-9001-internal-auditor-course/
- Book - Managing ISO Documentation: A Plain English Guide - https://advisera.com/books/managing-iso-documentation-plain-english-guide/ -
Evidencing version control
Answer: No, a version number does not have to remain on the actual document.
2. Does a version number have to be on the documents at all as long as you have version history showing under the Standard Documents under your QMS?
Answer: No, please check ISO 9001:2015 clause 7.5.3.2 c) about version control. You need to figure out how you will identify documents so that the people who need to use them know there is a change, as well as ensure that if a user has two versions of a document, they know which is the latest version to use. So, how does your QMS guarantee that users are aware that they are using the latest version? Some organizations instead of a version number use a date, others use a name, others only control digital versions and whenever a document is printed it has a warning to users saying that they don’t control documentation on paper.
The followin g material will provide you more information:
ISO 9001 – Some Tips to make Document Control more useful for your QMS - https://advisera.com/9001academy/blog/2014/05/20/tips-make-document-control-useful-qms/
You can enroll for free at ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-9001-internal-auditor-course/
Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/