Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Certification importance and costs


    Answer:
    If that matters or not is up to you, or your customers, to decide. Do you, or your customers, think that ISO certification can be an advantage, for example, to prevent quality problems? If that is so, you should work with ISO certified manufacturers or ask them to get it in a time-frame

    2. Also, what would be the cost of such a simple business getting certified be?

    Answer:
    What costs will be included in your organization’s certification? What options will you take? Will you be creating everything on your own by studying ISO 9001? Or will you buy and use documentation templates? Or will you hire a consultant? Then, you will have certification body costs. Organization dimension is very relevant to determine the number of audit days for the c ertification body costs.

    The following material will provide you with information about certification costs and templates:
    - ISO 9001 – How much does the ISO 9001 implementation cost? - https://advisera.com/9001academy/blog/2016/12/20/how-much-does-the-iso-9001-implementation-cost/
    - ISO 9001:2015 Documentation Toolkit - https://advisera.com/9001academy/iso-9001-documentation-toolkit/
    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Record retaining time


    Answer:
    As long as there are no legal requirements, and as long as there are no customer requirements, for example on contracts, organizations are free to determine the retention time for their records.

    Normally, in these cases, I advise keeping records for 3 or 4 years, to assure that records generated during a certification cycle will be available.

    The following material will provide you information about retaining records:
    - ISO 9001 – New approach to document and record control in ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/
    - free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Using templates on Conformio


    Answer:

    The folders are listed in the order the documents are to be implemented to make your implementation easier, so you must follow their sequence.

    Regarding skipping folder 00, this happens because the Procedure for Document and Record Control is not mandatory for ISO 27001, and Conformio platform already complies with all standard's requirements for document and record control.

    Included in the toolkit you bought there is a List of Documents file which shows which documents are mandatory to be compliant with ISO 27001.

  • What is AS9101 Rev F?


    Answer:
    While AS9100 is the document which provides organizations in the aerospace industry requirements for creating a Quality Management System (QMS), the AS9101 document is used by the certification body auditors to guide them on auditing the QMS which has been created by the organization. This document gives information on how to structure the audits and also provides a checklist to score the different parts of the QMS as required by AS9100. The update to AS9101 Rev F is to bring this document inline with the updated structure of AS9100 Rev D.
    For more information on this see the article, “How Does AS9101, AS9102 & AS9103 Relate to AS9100 Rev D?”, https://advisera.com/9100academy/blog/2017/10/23/how-does-as9101-as9102-as9103-relate-to-as9100-rev-d/

  • Auditor qualifications


    Answer:
    Persons are not ISO 14001 certifiable. So, your question can have two
    meanings:
    1. If a person helped an organization to get its certification, can it be
    a qualified auditor?
    2. If a person passed an exam about ISO 14001, can it be a qualified
    auditor?

    A qualified auditor is a person with knowledge both about the management
    standard used as a reference, and about good auditing practices. Whatever
    the meanings mentioned above, 1 or 2, there is no guarantee that the person
    knows about good auditing practices.

    The following material will provide you information about qualified
    auditors:
    - - ISO 14001 – What competences should an ISO 14001 internal auditor
    have? -
    https://advisera.com/14001academy/blog/2016/07/04/what-competences-should-an-iso-14001-internal-auditor-have/
    - - free online training ISO 14001:2015 Lead Auditor Course -
    https://advisera.com/training/iso-14001-lead-auditor-course/
    - - book - The ISO 14001:2015 Companion

  • Control owners

    Alternatively, should the annex a controls and implementation be owned by the Head of IT/information security?

    Answer:

    You can assign owners to controls applicable to your organization, but for small and mid-size companies this role is normally assumed by the risk owner, the one who is accountable for managing a risk. For small and mid-size companies the number of treated risks normally allows the risk owners also to be control owners, but when the number of risks is too high, or controls are used to treat multiple risks, assigning control owners may be a better approach, since the control owner will have a comprehensive view of how controls are used against multiple risks, while the risks owners can focus on keeping the risks on acceptable levels.

    Considering your alternative, since inf ormation security controls can cover much more then IT-related controls, then the best approach would be for the controls to be owned by the Head of information security. Again, if the number of controls is too high, then you can split responsibilities considering people competencies.

    This article will provide you further explanation about risk owners:
    - Risk owners vs. asset owners in ISO 27001:2013 https://advisera.com/27001academy/knowledgebase/risk-owners-vs-asset-owners-in-iso-270012013/

  • Incident management


    Answer:

    The management understanding is correct. Having a single plan to cover multiple types of incidents or assets would be a big and unpractical document, then the best approach would be to have multiple small documents covering specific assets or incidents.

    These articles will provide you further explanation about incident management:
    - How to handle incidents according to ISO 27001 A.16 https://advisera.com/27001academy/blog/2015/10/26/how-to-handle-incidents-according-to-iso-27001-a-16/
    - Using I TIL to implement ISO 27001 incident management https://advisera.com/27001academy/blog/2015/11/10/using-itil-to-implement-iso-27001-incident-management/t/
    Em 02/01/2019 19:03, Vanda Pentic escreveu:

  • Information Security Policy and Business Continuity Management Policy

    1 - Your Information Security Policy relates to the BCMP, (red below), but can you please advise where is this template?

    Answer: You do not have to keep section 4.4 of the Information Security Policy if you don't have business continuity management implemented in your company, or you do not have plans to implement it together with ISO 27001. The Business Continuity Management Policy is not mandatory for ISO 27001 certification (even if controls from section A.17 of Annex A are applicable), so to not increase unnecessarily customers effort on managing the ISMS, this template is not included in the toolkit you bought.

    2 - During Certification, we are concerned the Business Recovery Plan may be too simplistic even for our small business. We have reviewed your tutorials, but still remain very unclear. We would appreciate your explana tion here to help us move forward please.

    Answer: The Disaster Recovery Plan template included in your toolkit includes all requirements a certification auditor will look for during the certification audit, so if you followed all recommendations in the comments included in the template your document will be fine for the certification audit. In any case, included in your toolkit you have the possibility to send us some of your documents so one of our experts can evaluate them and provide guidance on which adjustments you have to make, if any, so your document is fully compliant with the standard.

  • Mandatory documents and production steps

    We are having an internal debate here regarding "Work Station Signage" requirements. That is, are assembly technicians "required" to initial & date when they complete a particular manufacturing sequence step? Currently we have not required technician signoffs in the past as it is "fairly" obvious as to whether or not the prior Sequence Step was completed correctly or not. Typically there are about 20-30 sequence steps to assemble the products we sell. At the very end, all products receive a Final Calibration report which basically indicates the product manufactured satisfies performance specifications.
    There are a group of individuals here that feel ISO 9001 requires workstation signage and there is a group of individuals her e that is against it. I don't see the harm in having it the signoffs, but I'm not an ISO expert and I'm not able to determine whether this is specifically required or not by the standard. Could you shed some light on this?”

    Answer:
    The fast answer is: ISO 9001:2015 does not require workstation signage as long as that signage is just a confirmation of work done. If that workstation signage is used in your organization as a kind of quality control then it is required.

    The following material will provide you information mandatory documents:
    - ISO 9001 – List of mandatory documents required by ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/
    - free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Auditing risks and opportunities


    Answer:
    You can start by asking if the organization has determined its risks and opportunities. Even if they are not documented, you can check if different people in different places and moments are on the same page about risks and opportunities determination.

    Then you can ask how the organization determines which risks and opportunities are relevant and must be treated. Now is the time to request evidence of examples of actions, developed and implemented, to manage relevant risks and opportunities. Were those actions effective?

    And how the organization monitors and reviews risks and opportunities?

    These are examples of the kind of questions you can ask to audit risks and opportunities.

    The following material will provide you with information about risks and opportunities:
    - ISO 9001 – How to address risks and opportunities in ISO 9001 - https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
    - free online training ISO 9001:2015 Foundatio ns Course – https://advisera.com/training/iso-9001-foundations-course/
    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
Page 633-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +