Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11269 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Certification costs
Answer:
The costs with the certification process will depend on the size and complexity of the scope, so without more detailed information it is not possible to provide you a precise estimation.
Regarding on how to find a certification body, you can use this link to enter your profile, we will find the registrar that best fits your needs: https://advisera.com/
This article will provide you further explanation about selecting a certification body:
- How to choose a certification body https://advisera.com/blog/2021/01/11/how-to-choose-an-iso-certification-body/ -
Calibration
Answer:
Yes, in IATF 16494 clause 7.1.5.2.1 Calibration/verification records refer to the subject of the question and you should follow those requirements.
First, the organization must have a documented process for managing calibration records and those records must be retained. So, if there is no documented process first step is to create one.
The calibration activities must include the following additions:
Assessment of the risks of the intended use of the product caused by the out-of-specification condition. Here you can use the FMEA method;
Documented information on the validity of previous measurement results, if there were in place before you take the process.
For all future measurements please have this in mind; If the software is in place for the product or process control (example SCADA) there must be verification and confirmation that the software version specified for the product and process control is being used.
Also, you have to align with Japanese law on the calibration of equipment and please look at instruction on calibration that every equipment have.
Please also take a look at 7.1.5.3 Laboratory requirements, if your company has an internal laboratory.
Also, it may help the following article „How to establish Measurement System Analysis according to IATF 16949“: https://advisera.com/16949academy/blog/2017/11/08/how-to-establish-measurement-system-analysis-according-to-iatf-16949/ -
Linearity and Stability
Answer:
First, based on customer requirements, you should set specification limits (Lower specification limit and Upper specification limit) for measurement mistakes. Based on that you have to show that bias is in specification limits by doing MSA (Measurement system analysis).
Based on Six Sigma methodology for an instrument, we have Machine bias, that is the case when different instrument gets detectably different averages for the same measurements on the same parts.
For the stability, you should compare the measurements at one point of time to measurements taken at another point in time. If there is consistency across time than it is stable.
Linearity exists when accuracy is consistent across the entire range of possible values. So you can draw a diagram with at least 30 measures to see is linearity achieved. -
Building Business Continuity strategy
Answer:
For the whole organization you should consider first performing a Business Impact Analysis (BIA), so you can identify and prioritize the most critical business process for your organization.
With the results of the BIA you can start defining your business continuity strategy. To see how a business continuity strategy looks like, please access this free demo: https://advisera.com/27001academy/documentation/business-continuity-strategy/
These material will provide you further explanation about Business Continuity Strategy:
- Can business continuity strategy save your money? https://advisera.com/27001academy/blog/2010/03/15/can-business-continuity-strategy-save-your-money/
- Developing the business continuity strategy according to ISO 22301 [free webinar] https://advisera.com/27001academy/webinar/developing-the-business-continuity-strategy-according-to-iso-22301-free-webinar/
- B ook Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/ -
Career on information security
Answer:
As ways to enhance your chances in a information security career, besides our site, I suggest you to look for contacts and training opportunities in the websites of organizations such as ISACA (www.isaca.org), ISC2 (www.isc2.org/), SANS (www.sans.org/) and NIST (www.nist.gov/).
Specifically for ISO 27001, you can consider two certifiable courses:
- ISO 27001 Lead Implementer – this certification recognizes people who have competency on the ISO 27001 implementation process.
- ISO 27001 Lead Auditor – this certification recognizes people who have competency on auditing an ISMS against ISO 27001 requirements and want to become certification auditor (and with this provides more confidence to an organization for being certified).
These articles will provide you further explanation about ISO 27001 personnel certifications:
- What does ISO 27001 Lead Implementer training look like? https://advisera.com/27001academy/blog/2016/11/28/what-does-iso-27001-lead-implementer-training-look-like/
- What does ISO 27001 Lead Auditor training look like? https://advisera.com/27001academy/blog/2016/08/29/what-does-iso-27001-lead-auditor-training-look-like/
- Lead Auditor Course vs. Lead Implementer Course – Which one to go for? https://advisera.com/27001academy/blog/2014/06/16/lead-auditor-course-vs-lead-implementer-course-which-one-to-go-for/
This material will also help you regarding ISO 27001 personnel certifications:
- ISO 27001 Lead Auditor Course preparation training [free webinar on demand] https://advisera.com/training/iso-27001-lead-auditor-course/ -
Control de los procedimientos
Respuesta:
Es la propia organización la que decide cómo llevar a cabo el control de la información documentada, que incluiría entre otros, los procedimientos. Efectivamente hay que realizar un control de cambios según la norma ISO 9001:2015 como establece la cláusula 7.5, y esto se puede hacer de muchas maneras para las cuales no sería necesario firmar todos los documentos en caso de que estén en papel, ya que si se encuentran en formato digital ni siquiera la firma sería imprescindible. Mi recomendación es hacer un seguimiento de cada documento, por ejemplo teniendo un historial de cambios en el mismo documento que refleje las versiones y los cambios realizados en cada versión así como el responsable de esos cambios. También es muy importante establecer una codificación en los documentos que nos ayudará a poder hacer el debido seguimiento de los cambios realizados. Una alternativa comúnmente empleada es redactar un procedimiento para la información documentada que establezca todos estos parámetros. En este enlace puede descargar una vista previa de nuestro Procedimiento para el Control de Documentos y Registros: https://advisera.com/9001academy/es/documentation/procedimiento-para-control-de-documentos-y-registros/
Estos materiales pueden ayudarle en cuanto al control de la información documentada:
- Artículo - New approach to document and record control in ISO 9001:2015: https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/
- Artículo - Some tips to make document control more useful in your QMS: usefulhttps://advisera.com/9001academy/blog/2014/05/20/tips-make-document-control-useful-qms/
- Libro - Gestión de documentación ISO: una guía en un lenguaje sencillo: https://advisera.com/books/gestion-de-documentacion-iso-una-guia-en-un-lenguaje-sencillo/
- Curso gratuito en línea - Curso de fundamentos e la norma ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/ -
Change priority
Answer:
Priority 2 seems pretty high. But I don't know your SLY with the client. Change, as well as incident/problem, priorities should be described in the SLA in order to avoid such situation. If it is not done yet (from your question I assume - it's not) then I would suggest you do it. One of the purposes of the SLA is to clarify "rules of the game".
These articles can help you:
"Three key elements of assessment and evaluation of changes according to ITIL" https://advisera.com/20000academy/blog/2015/06/30/three-key-elements-of-assessment-and-evaluation-of-changes-according-to-itil/
"What’s the content of an ITIL/ISO 20000 SLA?" https://advisera.com/20000academy/blog/2016/06/14/whats-the-content-of-an-itiliso-20000-sla/ -
Toolkit content
Answer:
Sorry for this confusion, but the toolkit has all documents to cover the requirements of the main clauses of the standard.
In the List of documents file the mandatory documents that address requirements from sections 4 to 10 are identified by simple check marks on the column "Mandatory according ISO 27001"
It is important to note that the toolkit structure does not follow the standard sections, but the steps of the implementation project.
For more detailed information, on column called "Relevant clauses in the standard", you can identify which requirements from the standard are covered by each document.
For example, clauses from section 5 are covered by the Information Security Policy located on folder 4 Information Security Policy. -
Opportunities in ISO 45001
Answer:
For clause 6.1.1 of ISO 45001:2018 the standard is referring to opportunities at the organizational planning level which can affect your OH&S performance. An example could be finding out that a supplier has made a cleaning chemical that is much safer for your workforce to use that the chemical that you currently employ to clean your product. You could then determine that you will investigate if this chemical will work for you, and if the trials are successful then using this new chemical will reduce the hazards that your have for cleaning your product. Another example could be the identification of a new robot that could perform a particularly hazardous activity in your organization.
The best practice for after identifying the opportunities is to treat them exactly as you would a risk: document and assess the opportunity, determine what, if anything, needs to be done, make a plan to achieve the opportunity and then track his plan to completi on. Then you will be certain that no opportunities to improve your OH&S performance are forgotten.
For a better understanding of the ISO 45001:2018 requirements see our whitepaper: Clause-by-clause explanation of ISO 45001:2018, https://info.advisera.com/45001academy/free-download/clause-by-clause-explanation-of-iso-45001 -
Mobile device and BYOD policies
Answer:
A Mobile device policy refers to any portable device, owned or not by the organization, while a BYOD policy refers to devices not owned by the organization (e.g., owned by employees, visitors, outsourced consultants, etc.), either fixed (e.g., PCs) or mobile (e.g., cellphones and tablets).
Another difference is that the main purpose of a mobile device policy is to prevent unauthorized access to these devices, while the BYOD aims to protect information bring access through devices not owned by the organization.
You can take a look on how policies which handle these issues look like at these links:
- Bring Your Own Device (BYOD) Policy https://advisera.com/27001academy/documentation/bring-your-own-device-byod-policy/
- Mobile Device and Teleworking Policy https://advisera.com/27001academy/documentation/mobile-device-and-teleworking-policy/
These articles will provide you further explanation about mobile devices and BYOD:
- How to write an easy-to-use BYOD policy compli ant with ISO 27001 https://advisera.com/27001academy/blog/2015/09/07/how-to-write-an-easy-to-use-byod-policy-compliant-with-iso-27001/
- How to apply information security controls in teleworking according to ISO 27001 https://advisera.com/27001academy/blog/2021/10/27/how-to-use-iso-27001-to-secure-data-when-working-remotely/