Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11278 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Documentation required
Answer:
I believe you are using QMH as Qualitätsmanagementhandbuch. We can start with the mandatory documentation required by ISO 9001:2015 and then, add those other documents that your organization considers useful, although not mandatory. Please consider the information available at List of mandatory documents required by ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/
If you check ISO 9001:2015 clause 4.4.2 you see that organizations are invited to consider what kind of other documentation they need (procedures, instructions, videos, records, …)
We at Advisera developed a Document Tool Kit that organizations can adapt and use - ISO 9001:2015 Documentation Toolkit - https://advisera.com/9001academy/iso-9001-documentation-toolkit/ This free webinar – How to use a Documentation Toolkit f or the implementation of ISO 9001 - https://advisera.com/9001academy/webinar/how-to-use-a-documentation-toolkit-for-the-implementation-of-iso-9001-free-webinar-on-demand/ can be seen as a webinar on demand
Check also this book - Managing ISO Documentation: A Plain English Guide - https://advisera.com/books/managing-iso-documentation-plain-english-guide/ -
Management representative in ISO 14001:2015
Answer:
In the new version of the standard ISO 9001:2015 it is not mandatory to appoint a management representative, instead organizations have different ways to appoint responsibility. Actually, the standard states that the responsibilities can be assigned to an individual, several individuals or a member of top management.
So if you choose to use a management representative, this person needs to have the necessary training and knowledge of the standard and also the ability to coordinate all aspects of the QMS. Therefore if you think the office manager meets these requirements he/she can take up this role.
You can see these materials to help you with the role of the management representative:
- Article – Is the management representative still the best option to coordinate EMS according to ISO 14001:2015?: https://advisera.com/14001academy/blog/2016/02/08/is-the-management-representative-still-the-best-option-to-coordinate-ems-according-to-iso-140012015/
- Book – The ISO 14001:2015 companion: https://advisera.com/books/the-iso-14001-2015-companion/
- Free on-line training – ISO 14001:2015 Foundations: https://advisera.com/training/iso-14001-internal-auditor-course/ -
Writing a good quality policy and objectives
Answer:
Regarding the quality policy, it should comply with the following statements:
- is appropriate to the purpose and context of the organization
- supports the strategic direction of the organization
- is the basis for establishing quality objectives
- includes a commitment to comply with ISO 9001 requirements
- includes a commitment to continual improvement
You also need to consider that the quality policy needs to be documented and available to the interested parties and also must be understood by the employees so they can apply it.
To learn more about the quality policy see these articles:
- How to write a good quality policy: https://advisera.com/9001academy/blog/2014/03/25/write-good-quality-policy/
- How does the ISO 9001:2015 revision affect the quality policy: https://advisera.com/9001academy/blog/2018/04/10/how-does-the-iso-90012015-revision-affect-the-quality-policy/
When it comes to the quality objectives, make sure they are S.M.A.R.T (specific, measurable, achievable, realistic and time-based) but also that they are relevance at all levels of the organization, that is, each employee should understands the objectives and how their job helps meeting those the Quality Objectives.
To learn more about the quality objectives see these articles:
Article – How to write good quality objectives: https://advisera.com/9001academy/knowledgebase/how-to-write-good-quality-objectives/
You can also see these materials to help you with the quality policy and quality objectives:
- Book – Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Free on-line training – ISO 9001:2015 Foundations: https://advisera.com/training/iso-9001-foundations-course/ -
Missing documents from the toolkit
Chapter 5 Information security Policies
Chapter 18 Compliance
Both chapters are missing in the Dutch toolkit and no documents included. Are these missing or are these chapter not obligatory and can I forget these? Will no questions asked about these chapters during an audit?
Answer:
First of all, sorry for this confusion.
The documents from sections A.5 and A.18 are not missing from the toolkit – you can find them here:
- A.5 – all the documents from folder “08 AnnexA” cover the requirements about information security policies (A.5.1.1 and A.5.1.2)
- A.18 – these documents are covered in the toolkit in folder "02 Procedure for identification of requirements”
Included in the toolkit there is a List of Documents file that shows which documents cover which clauses of the standard. -
Costs and time for certification
Answer:
Without detailed information about the certification scope it is not possible to give you a precise answer.
Regarding costs, what I can tell you are some cost issues you should consider:
- Training and literature
- External assistance
- Technologies to be updated / implemented
- Employee's effort and time
- The certification process
These materials can provide you more information:
- How much does ISO 27001 implementation cost? https://advisera.com/27001academy/blog/2011/02/08/how-much-does-iso-27001-implementation-cost/
- 5 ways to avoid overhead with ISO 27001 (and keep the costs down) https://advisera.com/27001academy/blog/2012/06/19/5-ways-to-avoid-overhead-with-iso-27001-and-keep-the-costs-down/
- How to Budget an ISO 27001 Implementation Project https://info.advisera.com/27001academy/free-download/how-to-budget-an-iso-27001-implementation-project/
For the duration of the implementation, use this Calculator: https://advisera.com/27001academy/free-tools/free-calculator-duration-of-iso-27001-iso-22301-implementation/
These materials will also help you regarding ISO 27001 project:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/ -
Interpretation of audit report
Is the auditor looking for a documented procedure and a record of the type and extent of control?”
Answer:
In my interpretation the auditor is not asking for documented procedures. In my interpretation the auditor is asking for a clear and systematic answer to the questions: Is there any kind of planned control for purchasing? Does your organization control all incoming materials, services and subcontracted processes the same way? For each incoming materials, services and subcontracted processes: What do you control? Who controls? What are the specifications? What are the sampling quantities? Where are results recorded? Do you need to check subcontracted processes? By whom? With what frequency? Where do you record those control activities?
As far as I remember “old” ISO 9001 vocabulary, “special processes”, now in clause 8.5.1 f), need to have some kind of process capacity control. For example, in welding we require welder professional certification, in pasteurization we require temperature and process control. Your organization should require some kind of evidence that special processes such as NDE are done correctly, with people and equipment able to deliver the right results.
The following material will provide you information about purchasing requirements:
- ISO 9001 – How to establish process validation in the QMS - https://advisera.com/9001academy/blog/2017/01/31/how-to-establish-process-validation-in-the-qms/
- How to control outsourced processes using ISO 9001 - https://advisera.com/9001academy/blog/2015/05/05/how-to-control-outsourced-processes-using-iso-9001/
- free online training ISO 9001:2015 Internal Auditor Course
– https://advisera.com/training/iso-9001-internal-auditor-course/
- book - ISO Internal Audit: A Plain English Guide - https://advisera.com/books/iso-internal-audit-plain-english-guide/ -
Becoming an expert in ISO 45001
Answer:
The best way to become more well versed on ISO 45001 is by using it. I would recommend going through the standard and working out for yourself how it would be implemented for an organization. Probably the 2 things that you would need to study for the particular teaching organization that you want to be an expert for are the legal requirements and the OH&S hazard and risk assessment.
Knowing the legal requirements that an organization needs to meet is very often specific to the organization at the location indicated. Likewise, understanding the processes of the organization, as well as the hazards that these different processes can present for workers, is a very specific skill that the OH&S expert in any organization needs to master.
For more on complying with legal requirements, see this article: How to identify and comply with legal requirements in IS O 45001, https://advisera.com/45001academy/blog/2015/06/24/how-to-identify-and-comply-with-legal-requirements-in-iso-45001/ -
Approaching management
Answer:
For situations like that you have to explain them that the proper approach would be base for their decision on which controls to use as results of risk assessment and legal requirements (e.g., contracts, laws and regulations). This way you can decrease friction, because you would be working only on risks that people consider relevant, or that they have to treat because they have external enforcement to do that (by means of clauses on service agreements, on customer contracts, or on laws/regulations).
This article will provide you further explanation about selecting security controls:
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
For a better commitment you should convince your top management about the benefits of information security - here's the article that will help you: Four key benefits of ISO 27001 implementation https://advisera.com/27001academy/knowledgebase/four-key-benefits-of-iso-27001-implementation/
These materials will also help you regarding selecting controls:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/ -
Documenting risks and opportunities in ISO 9001:2015
Risk & Opportunities - Connected to above internal & external issue as to how we mitigated those risk that's what we need to do correct. Do we need to create a document for that.
Answer:
You need to demonstrate somehow that you are complying with section 6.1, for that you can choose a risk register and a risk assesment document, both commonly used in the implementation of ISO 9001. However, ISO 9001 does not state that you need to document anything related to risks and opportunities, just that you must perform the processes in section 6.1, including:
- identify your risks and opportunities,
- plan a response with the necessary actions,
- integrate those plans into your QMS and
- evaluate its efectiveness.
In addition, the organization must update the risks and opportunities as an outcome of process non-conformities (section 10.2). So the answer i s that according to the standard, although documented information is not mandate, your company may have a different need for documented information and records regarding QMS risks and opportunities, such a risks and opportunities register or a risk assesment document. But this is up to your organization how to do it, for example, you can evaluate your risks at a management meeting and decide what actions to take without having a specific document written and still be compliant with the standard requirements.
You can see a free pre-view of our risk management toolkit here: https://advisera.com/9001academy/iso-90012015-risk-management-toolkit/
To learn more about how to document risks and opportunities see these materials:
- Article - Does ISO 9001 require a procesure for addressing risks and opportunities?: https://advisera.com/9001academy/blog/2017/10/10/does-iso-9001-require-a-procedure-for-addressing-risks-and-opportunities/
- Article - How to address risks and opportunities in ISO 9001: https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
- Book – Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Free on-line training – ISO 9001 Foundations course: https://advisera.com/training/iso-9001-foundations-course/ -
Performing BIA
Answer:
Considering your need for a DIY BIA, I recommend you to take a look at these articles:
- How to implement business impact analysis (BIA) according to ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-implement-business-impact-analysis-bia-according-to-iso-22301/
- Five Tips for Successful Business Impact Analysis https://advisera.com/27001academy/blog/2010/06/10/five-tips-for-successful-business-impact-analysis/
I also recommend you to take a look at the free demo of our ISO 22301 Business Impact Analysis Toolkit at this link: https://advisera.com/27001academy/iso22301-business-impact-analysis-documentation-toolkit/
In this toolkit you have templates for Business Impact Analysis Methodology, and Business Impac t Analysis Questionnaire, which can help you perform a business impact analysis according ISO 22301, the ISO standard for business continuity.
With this toolkit you also have access to business impact analysis video tutorials that will help you fill the documents and perform the BIA.
This material will also help you regarding business impact analysis:
- Implementing Business Impact Analysis according to ISO 22301 [free webinar] https://advisera.com/27001academy/webinar/implementing-business-impact-analysis-according-to-iso-22301-free-webinar/