Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11272 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Alcance de un SIG
Respuesta:
Si ahora mismo su organización sólo quiere implementar una norma, en este caso ISO 9001:2015 sólo debe determinar el alcance para el Sistema de Gestión de Calidad. Si en un futuro decidiese integrar dicha norma con otras entonces debería definir el alcance para ese Sistema Integrado, y contar con un único alcance preferiblemente. También podría establecer alcances distintos para diferentes normas, pero no se lo recomiendo, ya que la integración sería muy compleja.
Estos materiales pueden servirle de ayuda en la definición del alcance de un sistema de gestión:
- Artículo - Cómo definir el alcance del SGC de acuerdo a la ISO 9001:2015: https://advisera.com/9001academy/pt-br/kit-de-documentacao-da-iso-9001/nowledgebase/como-definir-el-alcance-del-sgc-de-acuerdo-a-la-iso-90012015/
- Libro - Discover ISO 9001:201 5 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Curso Fundamentos ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/ -
Data processor's contractual obligations
Answer:
If you receive the data from the controller and you are acting as a processor, you need to only process the data based on the controller's instructions. So, if the controller does not instruct you to enter into contracts with the data subject you may be in breach of the Processing Agreement you have with the controller. Moreover, you may also have a non-competition clause in the commercial agreement with the controller forbidding you to “steal” the controller customers. Anyway is difficult to say unless I have all the details.
To find out more about what processors are allowed to do, check out this article: EU GDPR controller vs. processor – What are the differences? ( https://advisera.com/eugdpracademy/knowledgebase/eu-gdpr-controller-vs-processor-what-are-the-differences/ ) -
Training requirements about ISO 9001:2015
Employees should be trained on the requirements of ISO 9001:2015 that apply to their job titles and duties.
The following material will provide you with information about competency:
- How to ensure competence and awareness in ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/how-to-ensure-competence-and-awareness-in-iso-90012015/
- Free course - ISO 9001 Foundations - https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Risk effectiveness and continual improvement
Answer:
The risk is about what can deviate your organization from expected results or what can promote the occurrence of undesired results.
Your company implemented actions to handle risks and opportunities (risks are negative deviations and opportunities are positive deviations) if you were able to meet the desired results and or avoid the undesired results your actions were effective.
2. What are the examples of continual improvement that can be implemented in my company 10.3
Answer:
Continual improvement is finding ways to make the quality management system more suitable, adequate, and effective in a planned and incremental way. Where you want to make your quality management system better, define a target for improving that process, and then make a plan and assign resources to make this improvement happen. For example, maybe your company want to improve the product development process; or to improve product or service specifications, or to improve new employee integration.
The following material will provide you with information about Risk effectiveness and continual improvement:
- Corrective actions vs. continual improvement in AS9100 - https://advisera.com/9100academy/knowledgebase/corrective-actions-vs-continual-improvement-in-as9100/
- How to address risks and opportunities in ISO 9001 - https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
- Free course - ISO 9001 Foundations - https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Meaning of authority
Answer:
Authority is about the power of decision, the power of command. Responsibility is about obligation. For example, an operator may have the responsibility to perform quality control and identify the nonconforming product (he or she has the obligation to do it, he or she is expected to do it), and may not have the authority to decide what to do with the identified nonconforming product.
The following material will provide you with information about roles and responsibilities:
- ISO 9001 – How to document roles and responsibilities according to ISO 9001 - https://advisera.com/9001academy/blog/2018/02/26/how-to-document-roles-and-responsibilities-according-to-iso-9001/
- [free course] ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-9001-internal-auditor-course/
- book - Discover ISO 9001 :2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
ISO 27001 implementation steps
>1 - We use the Microsoft Azure Public cloud heavily to provide Web Services to clients. One of my executives is asking if we can just include this platform in the scope and have the IT department that ‘interfaces’ with it as an ‘interested party’, therefore reducing the amount of work involved. Only the IT Department interfaces with this platform.
In summary, are we able to only include a ‘platform’ or does the scope have to include an organisational unit.
Answer: You can include cloud environments in your ISMS scope without problems, and the extension you have to include them in your ISMS scope will depend of the type of service you have:
- If you have an Infrastructure as a Service (IaaS) agreement, then software and data should be in the ISMS scope, while physical location and hardware are completely out.
- If you have an Platform as a Service (PaaS) agreement, then data and all application software should be included in the ISMS scope, while everything else is out, including all system software.
- If you have an Software as a Service (SaaS) agreement, then only th e data should be in the ISMS scope.
Regarding who will interface with the cloud provider, you can define the IT department without problem also.
This article will provide you further explanation about ISMS scope and cloud environments:
- Defining the ISMS scope if the servers are in the cloud https://advisera.com/27001academy/blog/2017/05/22/defining-the-isms-scope-if-the-servers-are-in-the-cloud/
>2 - Also, once I have ironed out the requirements of the scope for the meeting, how do I go about recording it efficiently? Am I best using a spreadsheet of some kind?
Answer: To document your ISMS scope, I suggest you to take a look at the free demo of our ISMS Scope Document at this link: https://advisera.com/27001academy/documentation/isms-scope-document/
This document can help clearly define the boundaries of the ISMS fulfilling the requirements of ISO 27001 standard. -
Application of BCP on ISO 27001
Answer:
Any control from ISO 27001 Annex must be applied only if one of the following occurs:
- There are risks identified as unacceptable in the risk assessment that require the implementation of the control
- There are legal requirements (e.g., contracts, laws, and regulations) that require the implementation of the control
- There is a top management decision requiring the implementation of the control
If none of these occur there is no need to implement any control considering ISO 27001 requirements, including BCPs.
So, considering your scenario, besides risks and contracts you should also verify if there are no laws and regulations applicable to your business requiring the implementation of BCPs, and the explicit intention of top management not to implement BCPs for ISO 27001.
This article will provide you further explanation about selecting controls:
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/ -
Certificaton audit
Answer:
To obtain a certification your organization has to hire an accredited certification body to perform the certification audit. And although price is an important criteria, you should consider other aspects like reputation, experience, and flexibility.
To help you find a certification body near your location, I suggest you to use this link: https://advisera.com/
This article will provide you further explanation about certification bodies:
- How to choose a certification body https://advisera.com/blog/2021/01/11/how-to-choose-an-iso-certification-body/
This material will also help you regarding certification audit:
- Preparing for ISO Certification Audit: A Plain English Guide https://advisera.com/books/preparing-for-iso-certification-audit-plain-english-guide/ -
Road Map for implementation of IATF 16949
Answer:
Implementation of the standard should begin with getting support from the management, identifying QMS requirements and definition of the scope of implementation.
You can use a Checklist of IATF 16949:2016 implementation steps- https://advisera.com/16949academy/knowledgebase/checklist-of-iatf-16949-2016-implementation-steps/
Feel free to look at the following materials to know more about the scope:
„How to define the scope of the IATF 16949“: https://advisera.com/16949academy/blog/2017/06/28/how-to-define-scope-of-the-qms-according-to-iatf-16949/
After please look at how to implement the PDCA cycle in the automotive industry as it is basic for the implementation of the standard.
-How to implement the PDCA cycle in the automotive industry: https://advisera.com/16949academy/blog/2017/06/07/how-to-implement-the-pdca-cycle-in-the-automotive-industry-according-to-iatf-16949/
In an implementation diagram please find process steps that you may follow a roadmap.
-IATF 16949:2016 Implementation diagram: https://info.advisera.com/16949academy/free-download/iatf-16949-implementation-diagram
Also, the checklist for documentation required and checklist for project implementation can help:
- Checklist of mandatory documents required by IATF: https://info.advisera.com/16949academy/free-download/checklist-of-mandatory-documentation-required-by-iatf-16949
-Project Checklist for IATF 16949:20 16 Implementation: https://info.advisera.com/16949academy/free-download/project-checklist-for-iatf-16949-2016-implementation
As you had experience with ISO/TS 16949 it will be good to look at these materials:
- The twelve-step transition process from ISO/TS 16949:2009 to IATF 16949:2016 https://info.advisera.com/16949academy/free-download/twelve-step-transition-process-from-iso-ts-16949-2009-to-iatf-16949-2016
- IATF 16949:2016 vs ISO/TS 16949:2009 Matrix: https://info.advisera.com/16949academy/free-download/iatf-16949-2016-vs-iso-ts-16949-2009-matrix -
Format of documents for its control
Answer:
Yes, as long as those documents are documented information that support the operation of processes you will need to register them. ISO 9001:2015 in clause 7.5 requires an organization to “Maintain documented information to the extent necessary to support the operation of processes and retain documented information to the extent necessary to have confident that the processes are being carried out as planned.”
Basically you will need to document, no matter what format you decide to use, the following:
- Documenting critical portions of the quality management system (QMS) such as its scope, key operational processes, policies, and objectives.
Documenting important, but less critical information that supports the QMS such as process flowcharts, specific quality and operational procedures, schedules, information collection approaches (i.e. forms, surveys), business plans, etc.
These materials can help you to understand document control in ISO 9001:2015:
- Article - New approach to document and record control in ISO 9001:2015: https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/
- Book - Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- ISO 9001:2015 Foundations Course: https://advisera.com/training/iso-9001-foundations-course/