Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Customer-specific requirements


    Answer:
    Specific requirements should be included in the scope of the organization as required in IATF 16949 Clause 4.2.3. Therefore, the document that best suits is a Quality Manual or similar document in which an organization has defined the scope. The customer-specific requirements can change designed or actual scope of the organization, that is why it is important to use a document where an organization defines the scope.

    Also, matrix indicating where within the organization Customer-Specific requirements are addressed should be included in the document. You can use a procedure or work instruction depending on your organization documentation scheme.

    For more information, please look at the following materials:
    - Quality Manual:https://advisera.com/16949academy/documentation/quality-manual/
    - List of Int erested Parties and Customer Specific Requirements: https://advisera.com/16949academy/documentation/list-of-interested-parties-and-customer-specific-requirements/

  • Career on ISO 27001


    Answer:

    Let's see by parts:
    - To become an ISO 27001 trainer you have to select a training provider you want to work for and follow its rules regarding how to become a certified trainer.
    - To become an ISO 27001 Auditor you have to attend an accredited course. To become an internal auditor you only have to finish the course. To become a Lead Auditor (a more interesting path for a career in ISO 27001), you also have to be approved on a final exam. To become certified, besides passing the exam you also have to perform some audits for a certification body.
    - To become an ISO 27001 Lead Implementer, you have to attend an accredited course, and be approved on a final exam.

    The best pathway will depend on your professional objectives. If you plan to work on an Information Security Management System certification process, then you should consid er the Lead Implementer certification. If you plan to ensure the operation of an ISMS, then you should consider the Lead Auditor certification. The training path should be considered if your purpose is to use your knowledge and experience to help other in ISO 27001 career.

    These articles will provide you further explanation about ISO 27001 certifications:
    - What does ISO 27001 Lead Implementer training look like? https://advisera.com/27001academy/blog/2016/11/28/what-does-iso-27001-lead-implementer-training-look-like/
    - What does ISO 27001 Lead Auditor training look like? https://advisera.com/27001academy/blog/2016/08/29/what-does-iso-27001-lead-auditor-training-look-like/

    This material will also help you regarding ISO 27001 certifications:
    - ISO 27001:2013 LEAD AUDITOR COURSE https://advisera.com/training/iso-27001-lead-auditor-course/
    - ISO 27001:2013 LEAD IMPLEMENTER COURSE https://advisera.com/training/iso-27001-lead-implementer-course/

  • ISO 27001 clauses 6 and 8


    Answer:

    Clauses 6.1.2 and 6.1.3 refer to the planing phase, i.e., the requirements your adopted risk assessment and risk treatment methodology must fulfill, while clauses 8.2 and 8.3 refer to performing the risk assessment and risk treatment, i.e., the effective identification, analysis, evaluation and treatment of the risks perceived by your organization.

    This article will provide you further explanation about risk assessment and treatment:
    - ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/

    These materials will also help you regarding risk assessment and treatment:
    - The basics of risk assessmen t and treatment according to ISO 27001 [free webinar] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/
    - Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/

  • Identifying legal requirements

    Some background info:
    https://advisera.com/27001academy/knowledgebase/laws-regulations-information-security-business-continuity/

    The concern on my managers is: Do we need to read all of these legislation , its huge list of laws? What exactly do wee need to do for passing the context of iso 27001 req.?

    Answer: For fulfilling ISO 27001 clause 4 (context of the organization) you have to:
    - identify relevant interested parties (e.g., shareholders, top management, employees, customers, etc.) and their requirements (e.g., business objectives, products or services specifications, clauses of laws, regulations and contracts your organization must follow, etc.) for information security.
    - define the boundaries and applicability of the ISMS (i.e., the ISMS scope)

    Your company must comply with all applicable laws and regulations anyway, so in any case responsible persons in your company need to read them - ISO 27 001 helps you focus on information security-related laws and regulations.

    These articles will provide you more information:
    - How to identify interested parties according to ISO 27001 and ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-identify-interested-parties-according-to-iso-27001-and-iso-22301//
    - How to identify ISMS requirements of interested parties in ISO 27001 https://advisera.com/27001academy/blog/2017/02/06/how-to-identify-isms-requirements-of-interested-parties-in-iso-27001/
    - How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
    - Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/

    2. Just to copy paste the relevant laws for Australia from your website in the 'MSS_REC_4.2' relevant doc?

    My managers needs extra clarification about how to pass this legal thing, thanks

    Answer: Unfortunately, the list in the link you provided is not fully up-to-date because it depends on voluntary contributions from our readers – therefore, it is likely that not all regulations related to Australia are listed. To make sure you have the latest list of laws and regulations relevant to your business, it would be best to hire a local legal adviser.

  • Medical data and GDPR


    Answer: There is no restriction for hospitals to send patient data to a third party if the hospital has proper privacy notice to inform the patients of such data and if there are binding legal arrangements in place to ensure that the recipients of data comply with the requirement of Article 28 of the EU GDPR.

    2. Does the GDPR restrict hospitals in any way from having the third party conduct computations on the encrypted data in order to anonymize and erase the data?

    Answer: Hospitals as data controllers can instruct the third processors to anonymize the data and strip it form any attributes that can be linked to a data subject.

    3. Does the GDPR restrict hospitals in any way from subsequently using the fully anonymized data for purposes without direct consent, i.e. even commercial purposes?

    Answer: If the data is fully anonymized then it is no longer personal data and the GDPR is not applicable. If you want to find out more about the EU GDPR, check out this EU GDPR Foundations Course (https://advisera.com/training/eu-gdpr-foundations-course//).

  • BCMS mandatory and non mandatory documents


    Answer:

    Unfortunately, it is not possible to view non-mandatory documents as supporting documents because this is not how the requirements from ISO 22301 are structured.

    This article will provide you further explanation about mandatory and non-mandatory documents for ISO 22301:
    - Mandatory documents required by ISO 22301 https://advisera.com/27001academy/knowledgebase/mandatory-documents-required-by-iso-22301/

    This material will also help you regarding documents for ISO 22301:
    - Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/

  • Life Cycle Perspective non-conformity


    Response:

    You will need to analyse the life cycle again to make sure you can identify all environmental aspects related to each phase and carry out the necessary operational controls. When doing so you must consider your product or service from the beginning of its life cycle, including the raw materials used, design, production, transportation, delivery until the end of the product’s or service’s use, and final disposal.

    For more information, see the following materials:
    - Article - Lifecycle perspective in ISO 14001:2015: what does it mean?: https://advisera.com/14001academy/blog/2017/02/20/lifecycle-perspective-in-iso-140012015-what-does-it-mean/
    - Article: How does product lifecycle incluence environmental aspects according to ISO 14001:2015?: https://advisera.com/14001academy/blog/2016/03/21/how-does-product-life-cycle-influence-environmental-aspects-according-to-iso-140012015/
    - Book – The ISO 14001:2015 companion: https://advisera.com/books/the-iso-14001-2015-companion/
    - Free on-line training – ISO 14001:2015 Foundations: https://advisera.com/training/iso-14001-internal-auditor-course/

  • ISO45001 Documented information and main changes

    Answer:
    There is a fairly long list of required documented information for ISO 45001:2018. This starts with the scope, the OHS policy and the objectives, and includes the numerous procedures and records needed.
    For a complete list I would like to refer you to our free whitepaper, Checklist of Mandatory Documentation Required by ISO 45001, https://info.advisera.com/45001academy/free-download/checklist-of-mandatory-documentation-required-by-iso-45001

    I received the following question:
    2.What are the Key changes between BS OHSAS 18001 and ISO 45001?
    Answer:
    The key changes are to meet the Annex SL format of ISO for management systems, which includes new requirements for context of the organization (including identifying internal and external issues and interested parties). The other main highlight of the ISO 45001:2018 requirements is the inclusion of requirements for the consultation and participati on of workers in the OHSMS.
    For more details please see the whitepaper, Twelve-step transition process from OHSAS 18001 to ISO 45001, https://info.advisera.com/45001academy/free-download/twelve-step-transition-process-from-ohsas-18001-to-iso-45001

  • ISO 45001 Hazards and opportunities


    Answer:
    Clause 6.1.2 is titled “Hazard identification and assessment of risks and opportunities”, and is separated into several subsections. Clause 6.1.2.1 is about hazard identification and talks about identifying the hazards present in the processes of your organization. Clause 6.1.2.2 is about assessing risks of the OH&S management system, both related to the hazards and all other risks. Clause 6.1.2.3 is about assessing opportunities of the OH&S management system. These are linked together under one clause not because there is a relationship between hazards an opportunities.
    Clause 6.1.4 identifies planning activities to be put in place for clause 6.1.2.2 and 6.1.2.3. The link in this clause is due to the link of risks in clause 6.1.2.2 (against the hazards as well as the overall risks of the organization) that need to be planned for. The standar d is not saying the hazards could become an opportunity.
    For a better understanding of the ISO 45001:2018 requirements, see this whitepaper: Clause-by-clause explanation of ISO 45001:2018, https://info.advisera.com/45001academy/free-download/clause-by-clause-explanation-of-iso-45001

  • Change is present in several ISO 9001 clauses


    Answer:
    Clause 6.3 is about planning how to handle changes without breaking the quality management system. For example, when an organization moves to a new location or introduces a set of new production equipment it is necessary to plan the introduction of these changes in a controlled way. In your case, it could be the introduction of a new production line for sterile or wanting to get approval to export to South America a product developed for the European market. Both would require new procedures and practices.

    Clause 8.1 is a general clause. Other clauses of section 8 have more precise references to changes. It can be, changes to planning, changes to the design, changes to raw materials, changes to people, changes to … For example, your production planning could be changed due to an urgent need in the market for a product currently out-of-stock.

    Clause 8 .5.6 is about changes in the day-to-day of the organizations by the most varied reasons. For example, due to a delivery delay, your organization will use in production a raw material from a different supplier. Due to an equipment breakdown, production will be done at a different production line.

    The following material will provide you more information about planning and controlling changes:

    - ISO 9001 – QMS Change Management in 7 steps - https://advisera.com/9001academy/blog/2016/11/29/qms-change-management-in-7-steps/
    - Free online training ISO 9001:2015 Foundations Course: https://advisera.com/training/iso-9001-foundations-course/
    - Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
Page 609-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +