Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11272 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Toolkit content
Answer:
Sorry for this confusion, but the toolkit has all documents to cover the requirements of the main clauses of the standard.
In the List of documents file the mandatory documents that address requirements from sections 4 to 10 are identified by simple check marks on the column "Mandatory according ISO 27001"
It is important to note that the toolkit structure does not follow the standard sections, but the steps of the implementation project.
For more detailed information, on column called "Relevant clauses in the standard", you can identify which requirements from the standard are covered by each document.
For example, clauses from section 5 are covered by the Information Security Policy located on folder 4 Information Security Policy. -
Opportunities in ISO 45001
Answer:
For clause 6.1.1 of ISO 45001:2018 the standard is referring to opportunities at the organizational planning level which can affect your OH&S performance. An example could be finding out that a supplier has made a cleaning chemical that is much safer for your workforce to use that the chemical that you currently employ to clean your product. You could then determine that you will investigate if this chemical will work for you, and if the trials are successful then using this new chemical will reduce the hazards that your have for cleaning your product. Another example could be the identification of a new robot that could perform a particularly hazardous activity in your organization.
The best practice for after identifying the opportunities is to treat them exactly as you would a risk: document and assess the opportunity, determine what, if anything, needs to be done, make a plan to achieve the opportunity and then track his plan to completi on. Then you will be certain that no opportunities to improve your OH&S performance are forgotten.
For a better understanding of the ISO 45001:2018 requirements see our whitepaper: Clause-by-clause explanation of ISO 45001:2018, https://info.advisera.com/45001academy/free-download/clause-by-clause-explanation-of-iso-45001 -
Mobile device and BYOD policies
Answer:
A Mobile device policy refers to any portable device, owned or not by the organization, while a BYOD policy refers to devices not owned by the organization (e.g., owned by employees, visitors, outsourced consultants, etc.), either fixed (e.g., PCs) or mobile (e.g., cellphones and tablets).
Another difference is that the main purpose of a mobile device policy is to prevent unauthorized access to these devices, while the BYOD aims to protect information bring access through devices not owned by the organization.
You can take a look on how policies which handle these issues look like at these links:
- Bring Your Own Device (BYOD) Policy https://advisera.com/27001academy/documentation/bring-your-own-device-byod-policy/
- Mobile Device and Teleworking Policy https://advisera.com/27001academy/documentation/mobile-device-and-teleworking-policy/
These articles will provide you further explanation about mobile devices and BYOD:
- How to write an easy-to-use BYOD policy compli ant with ISO 27001 https://advisera.com/27001academy/blog/2015/09/07/how-to-write-an-easy-to-use-byod-policy-compliant-with-iso-27001/
- How to apply information security controls in teleworking according to ISO 27001 https://advisera.com/27001academy/blog/2021/10/27/how-to-use-iso-27001-to-secure-data-when-working-remotely/ -
Clause 5 of ISO 45001:2018
Answer:
Clause 5 of ISO45001:2018 gives requirements for what top management of the company needs to do to ensure that the management system is in place and will be successful. This relates to the fact that is top management does not support the OHSMS it will be difficult to maintain if it does not fail completely. The clause starts with a list of what top management needs to demonstrate to show commitment (clause 5.1), then gives the requirements for creating the OH&S policy (clause 5.2) which provides the overall goal for the OHSMS.
Following this are the roles and responsibilities (clause 5.3) of the OHSMS which need to be assigned by top management to ensure that the system works properly, and the requirements to ensure that you have adequate worker participation in the OHSMS (clause 6.4) since workers are one of the key interested parties in the successful OHSMS.
For a better understanding of the ISO 45001:2018 standard, see this whitepaper: Clause-by-clause explanat ion of ISO 45001:2018, https://info.advisera.com/45001academy/free-download/clause-by-clause-explanation-of-iso-45001 -
Auditor competency
First, it is your organization that has the authority to establish competency requirements for internal auditors. Second, your organization should, as a good practice, update those requirements. Normally, updating includes knowing ISO 9001:2015 and knowing good auditing practices, perhaps considering an update for ISO 19011:2018. So, if you updated your ISO 9001 training to the 2015 version and you answer to all internal requirements for internal auditors there would be no problem.
The following material will provide you with information about internal audits:
- ISO 9001 – Five Main Steps in ISO 9001 Internal Audit
https://advisera.com/9001academy/knowledgebase/five-main-steps-in-iso-9001-internal-audit/
- free online training ISO 9001:2015 Internal Auditor Course
– https://advisera.com/training/iso-9001-internal-auditor-course//
- book - ISO Internal Audit: A Plain English Guide
https://advisera.com/books/iso-internal-audit-plain-english-guide/ -
Experiencia en SGC y formación
Respuesta:
Gracias por su pregunta. Experiencia previa en calidad se refiere a la experiencia propiamente dicha, ya sea por ejemplo como consultora, realizando auditorías internas o implementando la norma o como personal dentro del departamento de calidad de una empresa en la que se hace la implementación y el seguimiento de la norma ISO 9001 o incluso la auditoría interna, entre otros.
Para poder tener experiencia obviamente el primer paso es tener conocimientos para lo que es más que recomendable realizar algún curso y si se quieren demostrar esos conocimientos contar con algún tipo de certificado.
Nosotros en Advisera contamos con varios cursos online a los que puedes asistir de manera gratuita y que muestro a continuación:
- Curso de fundamentos de la norma ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/
- ISO 9001 Lead Implementer Course: https://advisera.com/training/iso-9001-lead-implementer-course/
- Curso de auditor interno de ISO 9001:2015: https://advisera.com/es/formacion/curso-auditor-interno-iso-9001/ -
Cómo demostrar que cumples con 7.1 - Recursos
Respuesta:
El auditor verificará que los recursos de la organización, que son tratados a lo largo de esta cláusula 7.1, incluyen el personal pertinente para poder llevar a cabo un efectivo funcionamiento del sistema de gestión de calidad, la infraestructura necesaria para el eficiente funcionamiento de los diferentes procesos, así como otro tipo de recursos como los necesarios para que exista el ambiente prop icio para la ejecución de los procesos, los recursos para llevar a cabo el seguimiento y medición del sistema, etc.
Para poder demostrarlo, entre otros, la organización puede añadir en las especificaciones de cada uno de los procesos los recursos que va a emplear, tanto humanos, como materiales, económicos, de infraestructura, etc. Por otro lado, vamos a necesitar tener en cuenta los recursos que inicialmente existen dentro de la organización para poder determinar aquellos que debemos obtener de proveedores externos.
Para más información sobre los requisitos de esta cláusula 7.1, puede consultar los siguientes materiales:
- Informe - Clause by clause explanation of ISO 9001:2015: https://info.advisera.com/9001academy/free-download/clause-by-clause-explanation-of-iso-90012015
- Libro - The ISO 14001:2015 companion: https://advisera.com/books/the-iso-14001-2015-companion/
- Curso gratuito en línea - Fundamentos de ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/ -
Certification for services
Answer:
ISO 27001 cannot be used to certify products and services, but to certify the processes that support them (e.g. e-mail administration and operation processes).
After getting support for your project (through approval of the ISMS project plan) and approval of the Procedure for Document and Record Control, the steps for ISO 27001 implementation you should consider are:
1) defining ISMS basic framework (e.g., scope, objectives, organizational structure), by understanding organizational context and requirements of interested parties;
2) development of risk assessment and treatment methodology;
3) perform risk assessment and define the risk treatment plan;
4) controls implementation (e.g., policies and procedures documentation, acquisitions, etc.);
5) people training and awareness;
6) controls operation;
7) performance monitoring and measurement;
8) perform internal audit;
9) perform management critical review; and
10) address nonconformities, corrective actions and opport unities for improvement.
During this process you can select and hire the certification body to perform the certification audit.
These articles will provide you further explanation about ISMS implementation and certification:
- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
- How to choose a certification body https://advisera.com/blog/2021/01/11/how-to-choose-an-iso-certification-body/
These materials will also help you regarding ISO 27001 implementation:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- ISO 27001/ISO 22301: The certification process [free webinar on demand] https://advisera.com/27001academy/webinar/iso-27001iso-22301-certification-process-free-webinar-demand/
- ISO 27001:2013 Lead Implementer Course https://advisera.com/training/iso-27001-lead-implementer-course/ -
Estructura de la documentación
Respuesta:
Si se refiere a la estructura definida de los distintos tipos de documentos del Sistema de Gestión de Calidad por el estándar internacional ISO 10013:2001 se trata únicamente de una recomendación y no coincidiría con algunos de los documentos actualmente obligatorios por la norma ISO 9001:2015.
En concreto el estándar ISO 10013:2001 contiene las siguientes recomendaciones en cuanto al contenido y estructura de ISO 9001:
1) Manual de calidad. Actualmente este documento no es obligatorio en ISO 9001:2015 aunque puede ser mantenido por la organización
2) Política de Calidad. Sigue siendo un documento obligatorio en ISO 9001:2015
3) Procedimientos de calidad. Los procedimientos ya no se tratan de información documentada obligatoria aunque la organización puede definir su necesidad e implantarlos en sus procesos.
4) Instrucciones técnicas. Es la organización la que decide qué instrucciones técnicas podrían ser necesarias para la implementación del estándar.
5) Registros. Puede revisar en este artículo la lista de registros y otra información documentada obligatoria en ISO 9001:2015 - Lista de documentos obligatorios requeridos por la ISO 9001:2015: https://advisera.com/9001academy/pt-br/kit-de-documentacao-da-iso-9001/nowledgebase/lista-de-documentos-obligatorios-requeridos-por-la-iso-90012015/
Estos materiales pueden ayudarle con la estructura de la documentación en ISO 9001:2015:
- Artículo - Cómo estructurar la documentación del sistema de gestión de calidad: https://advisera.com/9001academy/pt-br/kit-de-documentacao-da-iso-9001/nowledgebase/como-estructurar-la-documentacion-del-sistema-de-gestion-de-calidad/
- Libro - Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Curso gratuito en línea – Fundamentos de ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/ -
Kick off ISO 9001 Project
Answer:
You should perform a GAP analysis to check your level of compliance with the standard. You can access this free GAP analysis tool: https://advisera.com/9001academy/iso-9001-gap-analysis-tool/
Also, you must learn each clause of the standard so you can have a better idea of which requirements your organization needs to fulfill. You can check this whitepaper for that purpose - Clause by clause explanation of ISO 9001:2015: https://info.advisera.com/9001academy/free-download/clause-by-clause-explanation-of-iso-90012015
Once you know which requirements you need to comply with then you can start writing a Project Plan where you assign responsibilities within the company related to the implementation of ISO 9001:2015, define the documented information to be written and determine milestones along the project. Although this is not a mandatory requirement can help you to organize your implementation of the standard. You can download this free document - Project Plan for ISO 9001 implementation: https://info.advisera.com/9001academy/free-download/project-plan-for-iso-9001-implementation-ms-word
After you can start the different steps of ISO 9001:2015 the implementation, from defining the quality policy and objectives, the context of the organization and the scope... until the internal audit and management review.
Regarding the documentation, you can download a free preview of this toolkit to comply with the necessary requirements - ISO 9001 documentation toolkit: https://advisera.com/9001academy/iso-9001-documentation-toolkit/
You can see these materials to help you to begin with the implementation process:
- Article – Checlist of ISO 9001 implementation and certification steps: https://advisera.com/9001academy/knowledgebase/checklist-of-iso-9001-implementation-certification-steps/
- Checklist - Project checklist for ISO 9001:2015 implementation: https://info.advisera.com/9001academy/free-download/project-checklist-for-iso-9001-2015-implementation
- Book – The ISO 14001:2015 companion: https://advisera.com/books/the-iso-14001-2015-companion/
- Free on-line training – ISO 14001:2015 Foundations: https://advisera.com/training/iso-14001-internal-auditor-course/