Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11271 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
ISO 45001 Hazards and opportunities
Answer:
Clause 6.1.2 is titled “Hazard identification and assessment of risks and opportunities”, and is separated into several subsections. Clause 6.1.2.1 is about hazard identification and talks about identifying the hazards present in the processes of your organization. Clause 6.1.2.2 is about assessing risks of the OH&S management system, both related to the hazards and all other risks. Clause 6.1.2.3 is about assessing opportunities of the OH&S management system. These are linked together under one clause not because there is a relationship between hazards an opportunities.
Clause 6.1.4 identifies planning activities to be put in place for clause 6.1.2.2 and 6.1.2.3. The link in this clause is due to the link of risks in clause 6.1.2.2 (against the hazards as well as the overall risks of the organization) that need to be planned for. The standar d is not saying the hazards could become an opportunity.
For a better understanding of the ISO 45001:2018 requirements, see this whitepaper: Clause-by-clause explanation of ISO 45001:2018, https://info.advisera.com/45001academy/free-download/clause-by-clause-explanation-of-iso-45001 -
Change is present in several ISO 9001 clauses
Answer:
Clause 6.3 is about planning how to handle changes without breaking the quality management system. For example, when an organization moves to a new location or introduces a set of new production equipment it is necessary to plan the introduction of these changes in a controlled way. In your case, it could be the introduction of a new production line for sterile or wanting to get approval to export to South America a product developed for the European market. Both would require new procedures and practices.
Clause 8.1 is a general clause. Other clauses of section 8 have more precise references to changes. It can be, changes to planning, changes to the design, changes to raw materials, changes to people, changes to … For example, your production planning could be changed due to an urgent need in the market for a product currently out-of-stock.
Clause 8 .5.6 is about changes in the day-to-day of the organizations by the most varied reasons. For example, due to a delivery delay, your organization will use in production a raw material from a different supplier. Due to an equipment breakdown, production will be done at a different production line.
The following material will provide you more information about planning and controlling changes:
- ISO 9001 – QMS Change Management in 7 steps - https://advisera.com/9001academy/blog/2016/11/29/qms-change-management-in-7-steps/
- Free online training ISO 9001:2015 Foundations Course: https://advisera.com/training/iso-9001-foundations-course/
- Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Dates in ISO certificates
1. Which one is important?
Answer: Both are important.
2. What is the meaning of these dates?
Answer: Certificate expires date is the last day the certificate is valid. So, if you look to a certificate beyond the expire date you know it is no longer valid. Certification is valid for a cycle of three years. To avoid breaking the chain of certification, before a cycle ends an organization should recertify its management system. The recertification date is the last date to do it.
3. In an ISO Certificate Which date is mandatory to see? I mean if certification due date is lapped and Re-certification date is not lapped then Is certificate is valid?”
Answer: Certificate Expiry
The following material will provide you information about certification audits:
- ISO 9001 – How to know whether ISO 9001 certificate is valid? - https://advisera.com//9001academy/blog/2018/05/23/how-to-know-whether-iso-9001-certificate-is-valid/
- Surveillance visits vs. certification audits - https://advisera.com/27001academy/knowledgebase/surveillance-visits-vs-certification-audits/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Smartphones in an ISMS environment
Answer:
First of all, you have to perform a risk assessment to identify which risks related to smartphones you have to treat, and which legal requirements (e.g. clauses of contracts, laws or regulations) you have to fulfill. After that you have to identify proper controls to be implemented. In general, to protect smartphones and other mobile devices you have to consider the following controls:
- A.6.2.1 Mobile device policy
- A.6.2.2 Teleworking
- A.13.2.1 Information transfer policies and procedures
- A.13.2.3 Electronic messaging
Normally these are implemented through a BYOD policy, which you can see how it looks like at this link: https://advisera.com/27001academy/documentation/bring-your-own-device-byod-policy/
This article will provide you further explanation abou t BYOD policy:
- How to write an easy-to-use BYOD policy compliant with ISO 27001 https://advisera.com/27001academy/blog/2015/09/07/how-to-write-an-easy-to-use-byod-policy-compliant-with-iso-27001/ -
Template content
https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
Answer:
Although the name of the document refers to Information Technology (IT), its content also covers controls for protection of communication technologies. The terms Information and Communication Technology (ICT) and Information Technology (IT) are often used interchangeably. -
Mandatory documents
Answer:
It is possible to exclude documents that are not mandatory for IATF 16949 certification totally from the scope. That means you don’t need to write documents you have excluded from the scope.
My suggestion is for you to perform a risk analysis that can show you whether you need the procedure or work instruction or not. Basically, if after performing the risk analysis you determine that the procedure or work instruction is not necessary for you and also not mandatory by the standard itself, you can exclude it.
For more information, please take a look at some of our articles and materials:
- List of mandatory documents required by IATF 16949:2016: https://advisera.com/16949academy/knowledgebase/list-of-mandatory-documents-required-by-iatf-16949-2016/
- How to structure IATF 16949:2016 d ocumentation: https://advisera.com/16949academy/knowledgebase/how-to-structure-iatf-16949-2016-documentation/
- IATF 16949 document template: Procedure for FMEA Risk Assessment
https://advisera.com/16949academy/documentation/procedure-for-fmea-risk-assessment/ -
Change authority
Answer:
If we stick to ITIL or ISO 20000 - there is no Change control board. ITIL defines only Change Advisory Board as an authority to authorize changes. But, you will need to define what kind and what levels of changes you have and who authorizes them.
Here are the articles that can help you:
Change Advisory Board in ITIL – advise, approve or what? https://advisera.com/20000academy/knowledgebase/change-advisory-board-itil-advise-approve/
ITIL V3 Change Management – at the heart of Service Management https://advisera.com/20000academy/knowledgebase/itil-v3-change-management-at-the-heart-of-service-management/
Also, our free webinar can help you as well: An overview of the ITIL Change Management Process https://advisera.com/20000academy/webinar/an-overview-of-the-itil-change-management-process-free-webinar/ -
Difference between IATF 16949 and ISO 9001
Answer:
IATF 16949:2016 is a standard specialized in the automotive industry, we may say it is the ISO 9001:2015 for automotive.
Requirements of IATF 16949 are more detailed than ISO 9001 and it is harder to comply compared to ISO 9001.
Please look at following checklists of both standards so that you can compare mandatory documentation:
Checklist of Mandatory Documentation Required by ISO 9001:2015- https://info.advisera.com/9001academy/free-download/checklist-of-mandatory-documentation-required-by-iso-90012015
Checklist of Mandatory Documentation Required by IATF 16949:2016- https://info.advisera.com/16949academy/free-download/checklist-of-mandatory-documentation-required-by-iatf-16949 -
Make the transition
Answer:
A registered ISO 9001 Lead Assessor Training course seems to be too much if you only need to document that you have taken a transition course.
The following material will provide you information about the risk-based approach:
- ISO 9001 – ISO 9001 Training - https://advisera.com/9001academy/knowledgebase/iso-9001-training/
- ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/