Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11270 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
QMS in Higher education
Answer:
ISO published in 2003, IWA 2:2003 - Quality management systems - Guidelines for the application of ISO 9001:2000 in education, a document updated in 2007 by IWA 2:2007 - Quality management systems -- Guidelines for the application of ISO 9001:2000 in education. However, as far as I know this 2007 guideline has been widrawn.
ISO published in 2018, ISO 21001:2018 - Educational organizations -- Management systems for educational organizations -- Requirements with guidance for use. ISO 21001:2018 is a management system standard that is partially aligned with ISO 9001:2015 for quality managent systems.
The following material will provide you information about a QMS in an education setting:
- ISO 9001 – Should universities implement ISO 9001? - https://advisera.com/9001academy/blog/2015/04/21/should-universities-implement-iso-9001/
- free online training I SO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Controller or processor?
Thanks Andrei, very useful answer... as usual! -
Risk, opportunities and external suppliers
Answer:
One ISO definition indicates that risk is the “effect of uncertainty on an expected result. So, what are the expected results of your organization concerning its purchasing process?
What desired results an organization wants from its purchasing process? For example: raw materials at a good price; delivered on time and with quality.
Risks/opportunities are what can contribute to not getting/ or meeting those expected results. For example:
A rise in demand of raw materials can increase prices;
The closing of an important competitor can reduce demand and prices;
Raw materials shortage due to insufficient inventory control;
Raw materials shortage due to deterioration while on warehouse;
Raw materials shortage due to delivery delay;
Raw materials shortage due wrong reference delivered;
Raw materials delivered with insufficient amount;
Raw materials delivered with defects;
…
The following materials will provide you more information about risks and opportunities:
- Article - How to address risks and opportunities in ISO 9001 - https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
- Free webinar – How to implement risk management in ISO 9001:2015 - https://advisera.com/9001academy/webinar/how-to-implement-risk-management-in-iso-90012015-free-webinar-on-demand//
- book - DISCOVER ISO 9001:2015 THROUGH PRACTICAL EXAMPLES - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Integrating ISO 27001 and ISO 9001
Answer: The templates are fully editable, so you can adjust them according to your needs. You only have to pay attention in the comments included in each template to identify which parts you can exclude, if needed, so the templates remain complaint with the standards.
b) I have gone through several of your tutorials to gather a feel for your presentations, and I have faith that by watching your tutorials from the beginning, we can progress step by step. I am slightly confused if / how we can achieve 9001 concurrently. We have an extremely tight deadline to achieve 27001. In relation to achieving 9001, can this be achieved within the scope of 27001, i.e. the same scope? I am sorry if this is a very basic question, but we are quite overwhelmed with the commencement of this project, and hoping to be as efficient as possible. Any guidance here would be most appreciated.
Answer: It is perf ectly possible to implement ISO 27001 and ISO 9001 together, since these standards have several requirements in common. Regarding the scope, you can define a single scope for them, defining which information you want to protect under the information security management system and including the related processes into the scope of the quality management system.
These materials will provide you further explanation about integrated systems:
- How to implement integrated management systems https://advisera.com/articles/how-to-implement-integrated-management-systems/
- ISO 27001 implementation: How to make it easier using ISO 9001 [free webinar on demand] https://advisera.com/27001academy/webinar/iso-27001-implementation-make-easier-using-iso-9001-free-webinar-demand/ -
Training on ISO 27001
Answer:
For providing information security awareness and training material, as well as tools for managing evidences that such activities are achieving their results in a way to fulfill ISO 27001 requirements, I suggest you to take a look our Free Security Awareness Training page on this link: https://advisera.com/training/awareness-session/security-awareness-training/ - this is a series of 25 videos that cover various topics related to security.
For more support on implementing and improving ISO 27001 I suggest this material:
- ISO 27001:2013 Lead Implementer Couse https://advisera.com/training/iso-27001-lead-implementer-course/ -
How does ISO 45001 work for service companies
Answer:
ISO 45001 is for those organizations that want to go beyond the occupational health & safety legal requirements and work towards improvement of the OHS performance for the company. As such the key is to identify the hazards for whichever processes are in your organization, and then identify what controls need to be put in place to deal with these hazards. No matter what your organizational processes are there are hazards, and this is how the ISO 45001 standard can work for you.
To learn more about Iso 45001 benefits see this article; “4 key benefits of ISO 45001 f or your business”, https://advisera.com/45001academy/blog/2015/09/30/4-key-benefits-of-iso-45001-for-your-business/ -
What are minimum personal/roles for the new company per ISO 13485?
Answer:
At the minimum, there should be a competent or appointed leader who has some understanding about the 13485 Standard and the company's Quality Management System. This person is also the Management Representative.
Please refer to below link for more information:
How to define roles and responsibilities within an ISO 13485-based QMS: https://advisera.com/13485academy/blog/2017/11/16/how-to-define-roles-and-responsibilities-within-an-iso-13485-based-qms/ -
Article 9 GDPR (Special Category Personal Data)
Answer:
What you should do is clearly mention in your Terms & Conditions that your users should not introduce any special categories data in the chatbot/social media platform and if they do so they are the only one who is responsible for any damages.
Don’t think there is something more you can do as you can't ask for the consent of processing special category data as you don't actually need to process it. -
ISO 27001 and ISO 22301
Answer:
Business continuity in ISO 27001 covers only the continuity of the information security management and the continuity of information security.
2. What is the basic difference in business continuity in ISO 27001 and ISO 22301?
Answer:
While ISO 27001 covers the continuity of the information security management (e.g. information security chain of command and communication processes) and the continuity of information security (i.e., operation of security controls, like access control and change management), ISO 22301 covers the continuity of the delivery of products and services, as well as the continuity of critical business operations.
These articles will provide you further explanation about ISO 22301 and ISO 27001:
- What is ISO 27001 https://advisera.com/27001academy/what-is-iso-27001/
- What is ISO 22301 https://advisera.com/27001academy/what-is-iso-22301/
The se materials will also help you regarding ISO 22301 and ISO 27001:
- Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/ -
ISO 27001, ITIL and ISO 20000
Answer:
ISO 20000 and ITIL focus on IT services, and one aspect of IT services is the protection of the information that is transmitted, stored and/or processed by information systems, and that is the point where you can use ISO 27001, the management standard which handles information security. On the opposite direction, ISO 27001 handles the protection of information regardless of its format and where it is, and when dealing with information on information systems you can use ISO 20000 and ITIL to support the planning, implementation, operation, control, and improvement of IT related security controls.
These materials will provide you further explanation about ISO 27001, IITL and ISO 20000:
- ISO 27001 vs. ITIL: Similarities and differences https://advisera.com/27001academy/blog/2016/03/07/iso-27001-vs-itil-similarities-and-differences/
- Using ITIL to implement ISO 27001 incident management https://advisera.com/27001academy/blog/2015/11/10/using-itil-to-implement-iso-27001-incident-management/ t/
- How to implement ISO 27001 and ISO 20000 together https://advisera.com/27001academy/blog/2015/03/16/how-to-implement-iso-27001-and-iso-20000-together/
- How to integrate ISO 27001 and ISO 20000 [free webinar on demand] https://advisera.com/27001academy/webinar/how-to-integrate-iso-27001-and-iso-20000-free-webinar-on-demand/