Search results

Home / Search

Category:

Sort by:

Select

Types of user:

Select

11270 results

Guest

Create New Topic As guest or Sign in

Business department* About business* Organization size*

Title *

Body *

HTML tags are not allowed

Category *

Select

Assign topic to the user

Select user

Documenting risks and opportunities in ISO 9001:2015
Risk & Opportunities - Connected to above internal & external issue as to how we mitigated those risk that's what we need to do correct. Do we need to create a document for that.

Answer:

You need to demonstrate somehow that you are complying with section 6.1, for that you can choose a risk register and a risk assesment document, both commonly used in the implementation of ISO 9001. However, ISO 9001 does not state that you need to document anything related to risks and opportunities, just that you must perform the processes in section 6.1, including:
- identify your risks and opportunities,
- plan a response with the necessary actions,
- integrate those plans into your QMS and
- evaluate its efectiveness.
In addition, the organization must update the risks and opportunities as an outcome of process non-conformities (section 10.2). So the answer i s that according to the standard, although documented information is not mandate, your company may have a different need for documented information and records regarding QMS risks and opportunities, such a risks and opportunities register or a risk assesment document. But this is up to your organization how to do it, for example, you can evaluate your risks at a management meeting and decide what actions to take without having a specific document written and still be compliant with the standard requirements.

You can see a free pre-view of our risk management toolkit here: https://advisera.com/9001academy/iso-90012015-risk-management-toolkit/

To learn more about how to document risks and opportunities see these materials:
- Article - Does ISO 9001 require a procesure for addressing risks and opportunities?: https://advisera.com/9001academy/blog/2017/10/10/does-iso-9001-require-a-procedure-for-addressing-risks-and-opportunities/
- Article - How to address risks and opportunities in ISO 9001: https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
- Book – Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Free on-line training – ISO 9001 Foundations course: https://advisera.com/training/iso-9001-foundations-course/
Performing BIA

Answer:

Considering your need for a DIY BIA, I recommend you to take a look at these articles:
- How to implement business impact analysis (BIA) according to ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-implement-business-impact-analysis-bia-according-to-iso-22301/
- Five Tips for Successful Business Impact Analysis https://advisera.com/27001academy/blog/2010/06/10/five-tips-for-successful-business-impact-analysis/

I also recommend you to take a look at the free demo of our ISO 22301 Business Impact Analysis Toolkit at this link: https://advisera.com/27001academy/iso22301-business-impact-analysis-documentation-toolkit/

In this toolkit you have templates for Business Impact Analysis Methodology, and Business Impac t Analysis Questionnaire, which can help you perform a business impact analysis according ISO 22301, the ISO standard for business continuity.

With this toolkit you also have access to business impact analysis video tutorials that will help you fill the documents and perform the BIA.

This material will also help you regarding business impact analysis:
- Implementing Business Impact Analysis according to ISO 22301 [free webinar] https://advisera.com/27001academy/webinar/implementing-business-impact-analysis-according-to-iso-22301-free-webinar/
Supplier security

Answer:

If this software that serves your prime customer is part of the ISMS scope, then probably these partners of yours will have to fulfill security requirements related to ISO 27001 Annex A, as result of risk assessment, or by means of security clauses included in contracts or service agreements.

These articles will provide you further explanation about supplier security:
- 6-step process for handling supplier security according to ISO 27001 https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/
- Which security clauses to use for supplier agreements? https://advisera.com/27001academy/blog/2017/06/19/which-security-clauses-to-use-for-supplier-agreements/
Templates content

1. User Registration and De-registration Policy
2. User Registration and De-registration Register
Privileged access rights and user access rights
3. Encryption Policy
Encryption to be implemented across the assets of the organization including personal devices. New employees are to be provided with company assets that will ensure consistency of security.
Encryption Policy to be developed that will outline Capen’s approach to use and the lifecycle of Encryption keys across all assets of the business.
4. Information Backup Policy
Outlining the procedures, frequency of backups, logging of backups
5. Event Logging Policy
Outlining the procedures, logging of events subject to the risk to the business and escalation to the Risk Management procedures being adopted by the business.

Answer:

To fulfill your needs, I suggest you to look at the following documents:

1. User Registration and De-registration Policy - Look at the Access C ontrol Policy template: https://advisera.com/27001academy/documentation/access-control-policy/

2. User Registration and De-registration Register - There is no specific template for this register.

3. Encryption Policy - Look at the Policy on the Use of Cryptographic Controls template: https://advisera.com/27001academy/documentation/policy-on-the-use-of-encryption/

4. Information Backup Policy - Look at the Backup Policy template: https://advisera.com/27001academy/documentation/backup-policy/

5. Event Logging Policy - Look at the Operating Procedures for Information and Communication Technology template: https://advisera.com/27001academy/documentation/security-procedures-for-it-department/
Is it possible to integrate ISO 9001 with other standards?

Answer:

I understand that you want to mean ISO 9001 which is a standard within the ISO 9000 family. ISO 9000 is a series, or family of quality management standards. You can implement ISO 9001 alone or integrate it with other standards, the most common are ISO 14001, ISO 45001 and ISO 27001.

To learn more about integrating ISO 9001 with other standards see the following materials:
- Article - How to integrate ISO 14001 and ISO 9001: https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/how-to-integrate-iso-14001-and-iso-9001/
- Article - How to integrate ISO 9001 and ISO 27001: https://advisera.com/9001academy/blog/2016/09/27/how-to-integrate-iso-9001-and-iso-27001/
- Article - How to integrate ISO 45001 with ISO 9001 and ISO 14001: https://advisera.com/45001academy/blog/2018/09/12/how-to-integrate-iso-45001-with-iso-9001-and-iso-14001/
- Book – Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Free on-line training - ISO 9001 Foundations course: https://advisera.com/training/iso-9001-foundations-course/
Información sobre la gestión de riesgos

Respuesta:

Los siguientes artículos pueden serle de ayuda para ampliar información sobre la gestión de riesgos en su organización:
- El enfoque basado en riesgos reemplazando las acciones preventivas en la ISO 9001:2015: los beneficios: https://advisera.com/9001academy/pt-br/kit-de-documentacao-da-iso-9001/nowledgebase/el-enfoque-basado-en-riesgos-reemplazando-las-acciones-preventivas-en-la-iso-90012015-los-beneficios/
- How to address risks and opportunities in ISO 9001: https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
- Does ISO 9001 require a procedure for addressing riks and opportunities?: https://advisera.com/9001academy/blog/2017/10/10/does-iso-9001-require-a-procedure-for-addressing-risks-and-opportunities/
- How to identify risk significance in ISO 9001:2015: https://advisera.com/9001academy/blog/2019/01/14/how-to-identify-risk-significance-in-iso-90012015/

Además puede asistir de forma gratuita a este webinar que será impartido en mayo o descargar el último desde la página web - Cómo implementar la gestión de riesgos en ISO 9001:2015:
https://advisera.com/9001academy/es/webinar/how-to-implement-risk-management-in-iso-90012015-free-webinar/

También están disponibles los siguientes materiales que pueden interesarle:
- Libro - Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Curso gratuito en línea - Curso de Fundamentos de la norma ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/

Por otro lado puede descargar una versión gratuita del paquete de documentos para la gestión de riesgos en ISO 9001:2015: https://advisera.com/9001academy/es/paquete-de-gestion-de-riesgos-iso-9001/
ISO 27001 Toolkit content

Answer:

First of all, sorry for this confusion.

The documents from sections A.5 and A.18 are not missing from the toolkit – you can find them here:
- A.5 – all the documents from folder “08 AnnexA” cover the requirements about information security policies (A.5.1.1 and A.5.1.2)
- A.18 – these documents are covered in the toolkit in folder "02 Procedure for identification of requirements”

Included in the toolkit there is a List of Documents file that shows which documents cover which clauses of the standard.
Tratamiento de un producto no conforme

Respuesta:

Con la información que me facilita entiendo que se trata de una no conformidad que ha sido detectada durante el proceso de fabricación del producto u otro proceso. En tal caso es una forma de tratar una salida (producto realizado) no conforme mediante el método de aceptación bajo concesión. Para ello necesita obtener la autorización de una autoridad relevante, por ejemplo un laboratorio que realice el análisis técnico de su producto, y si fuera necesario la aceptación del cliente. Esta concesión debe ser recogida en el registro de no-conformidades.

Puede echar un vistazo a estos materiales que le ayudarán a entender cómo tratar un producto no-conforme:
- Artículo - Understanding dispositions for ISO 9001 non-conforming product: https://advisera.com/9001academy/blog/2014/11/18/understanding-dispositions-iso-9001-nonconforming-product/
- Libro - Discover ISO 9001 :2015 though practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Curso gratuito en línea - Curso de fundamentos de la norma ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/
Procedure for performance evaluation

Answer:

In order to comply with clause 9, performance evaluation, Advisera has available 3 different procedures which can be completed with other relevant documents and records. Check the following links to download a free preview of this documentation:
- Procedure for measuring customer satisfaction: https://advisera.com/9001academy/documentation/procedure-measuring-customer-satisfaction/
- Procedure for internal audit: https://advisera.com/9001academy/documentation/procedure-internal-audit/
- Procedure for management review: https://advisera.com/9001academy/documentation/procedure-management-review/
- Matrix of key performance indicators: https://advisera.com/9001academy/documentation/matrix-key-performance-indicators/

When performing evaluation i ISO 9001:2015 you basically need to determine first what need to be measured, then how and where to measure those aspects and finally when to analyze and evaluate the measurements.

These materials can help you to create procedures for performance evaluation:
- Article - How to implement the check phase (performance evaluation) in the QMS according to ISO 9001:2015: https://advisera.com/9001academy/blog/2015/11/17/how-to-implement-the-check-phase-performance-evaluation-in-the-qms-according-to-iso-90012015/
- Article - Monitoring and measuring: the basis for evidence-based decisions: https://advisera.com/9001academy/blog/2020/09/21/how-to-perform-monitoring-and-measurement-according-to-iso-9001/
- Book - Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Free on-line training - ISO 9001:2015 Foundations Course : https://advisera.com/training/iso-9001-foundations-course/
Audit follow up steps

Answer:
After an audit, in the follow up phase, for each nonconformity found, the manager of the area where the nonconformity was found, and the environmental manager should first correct the situation. That means, eliminate the nonconformity. For example, sort different types of wastes that should not be mixed, and train employees in sorting those different types of wastes. Then, evaluate the need for a corrective action, an action to target the cause behind the nonconformity. For example, what is wrong in our environmental management system that allows that employees without the necessary training are put to work in an area with significative environmental impacts? Imagine that the corrective action includes updating requirements for initial training of employees in certain functions.

Then, someone should be responsible to check if correction and corrective action were implemented. And later, at a moment determined during the definition of the corrective action someone should check if the corrective action is effective. For example, after new employees enter the area, do wastes continue to be sorted correctly?

So, the steps are:
* determine a correction and implement it as soon as possible;
* check correction implementation;
* determine the cause and a corrective action and implement it;
* check corrective action implementation;
* check corrective action effectiveness;
* close the nonconformity.

The following material will provide you information about following up and audit:

- ISO 14001 – Internal Audits in the EMS: Five Main Steps - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/internal-audits-in-the-ems-five-main-steps/
- Dealing with nonconformities from the ISO 14001:2015 certification audit - https://advisera.com/14001academy/blog/2015/11/02/dealing-with-nonconformities-from-the-iso-140012015-certification-audit/
- free online training ISO 14001:2015 Internal audit Course - https://advisera.com/training/iso-14001-internal-auditor-course/
- book - THE ISO 14001:2015 COMPANION – A A Straightforward Guide to Implementing an EMS in a Small Business - https://advisera.com/books/the-iso-14001-2015-companion/

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +

Search results

11270 results

Create New Topic As guest or Sign in

Assign topic to the user

Want to vote?

Documenting risks and opportunities in ISO 9001:2015

Performing BIA

Supplier security

Templates content

Is it possible to integrate ISO 9001 with other standards?

Información sobre la gestión de riesgos

ISO 27001 Toolkit content

Tratamiento de un producto no conforme

Procedure for performance evaluation

Audit follow up steps

Didn’t find an answer?