Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11272 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Assets inventory
If we take some examples of the asset list we could easily do a risk assessment of the building or the server room and come to the same risks. f.e. threat: theft and vulnerability: inadequate procedure for protecting the “keys” or threat: interruption of power supply, vulnerability: old “UPS” with no maintenance, etc.
I can come up with many other examples such as air-conditioning, alarm etc. as the risks could be found with other related assets. How should we deal with this ? I suppose it doesn’t matter ? As long as we identify the risks ?
Answer:
The lists provided in the templates are only suggestions for you to use if you can't come up with your own elements, so you can use only your own assets, threats and risks to build you inventory and risk assessment (it seems to me that by your examples you already understood the concepts for performing risk assessment).
It is important to note that you can also group the assets if threats/vulnerabilities are similar.
These articles will provide you further explanation about inventory and risk assessment:
- How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/
- ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/ -
Convincing top management
Answer:
What is your first purpose, it is not clear from the question:
1. Do you need to convince top management that your organization needs to certify?
2. Do you need to convince top management that you are the right person to lead the certification project, already with a go decision?
If your situation is 1, I advise you to tell them about the advantages of certification for the organization. Use their language and motivation: profit, market share, new customers, ...
If your situation is 2, tell them about the advantages of being you the leader of the certification project: your motivation, your knowledge of the organization and its people, your experience, and if you can imagine that they will pont your weak weak points be prepared to presente them a list of actions that you will execute to minimize them.
For both situations you can try to find a sponsor, someone with influence over top management that can be your ally.
The following material will provide you information about convincing top management:
- ISO 9001 – 4 crucial techniques to convince your top management about ISO 9001 implementation - https://advisera.com/9001academy/blog/2017/12/05/4-crucial-techniques-to-convince-your-top-management-about-iso-9001-implementation/
- free online training ISO 9001:2015 Lead Implementer Course - https://advisera.com/training/iso-9001-lead-implementer-course/
- free online training ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Compliance obligation in ISO 14001
Answer:
In the courses we talk about compliance obligation refered to these two sections, 6.1.3 (compliance obligation) and 9.1.2 (evaluation of compliance). Environmental obligations and legal requirements will vary depending on the country, state and even local regulations, so it is not feasible to cover this topic in the course. Usually this kind information is available and easy to obtain from your local authorities.
For more information about legal requirements and environmental obligations, see these materials:
- Article: Compliance requirements according to ISO 14001:2015 - what has changed: https://advisera.com/14001academy/blog/2015/09/14/compliance-requirements-according-to-iso-140012015-what-has-changed/
- ISO 14001:2015 Foundations Course: https://advisera.com/training/iso-14001-internal-auditor-course/
- Book - The ISO 14001:2015 Companion: https://advisera.com/books/the-iso-14001-2015-companion/ -
Flowcharts, tables and processes
Answer:
Many organizations use a high-level flowchart, called map, that describe the processes that constitute the management system and their interrelationship.
For example, a process map for a manufacturing company could be:
Besides mapping processes, some organizations also use tables to clarify what happens inside each process with: main tasks, responsibilities, records, performance indicators, …
For example, consider process “2. Win order”: who’s in charge? Who does what? What are the main tasks? What is kept as records? What are the performance measures?
The use of both tools simultaneously is not incompatible. Truth be said, most companies instead of tables use procedures.
The following material will provide you information about process determination:
- ISO 9001 – ISO 9001:2015 proces s vs. procedure – Some practical exemples - https://advisera.com/9001academy/blog/2016/01/19/iso-90012015-process-vs-procedure-some-practical-examples/
- free online training ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
AS9100 RevD Human Factors
Answer:
The AS9100 Rev D standard does not use the aviation acronym PEARs (People, Environment, Activities, Resources), but instead talks about human factors and human error. This concept only appears in three clauses. First, in a note to clause 7.1.4, Environment for the operation of processes, where it highlights that a suitable environment can be a combination of human and physical factors. Secondly, in clause 8.5.1, Control of Production and service provision, where one controlled condition that should be included are actions to prevent human error. Lastly, clause 10.2.1b where it talks about including human factor considerations when determining the causes of process nonconformities while investigating corrective actions.
For more on human factors see our article, “12 most important human factors to consider according to AS9100 Rev D”, https://advisera.com/9100academy/blog/2018/05/24/12-most-important-human-factors-to-consider-according-to-as9100-rev-d/ -
ISO 9001 is not a requirement for ISO 14001
Answer:
No, ISO 9001 is not a prerequisite to implement ISO 14001. Of course, many requirements related with ISO 9001 can also be found in ISO 14001
The following material will provide you information about implementing an environmental management system, and an integrated management system
· - ISO 14001 – List of ISO 14001 implementation steps - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/list-of-iso-14001-implementation-steps/
· - How to integrate ISO 14001 and ISO 9001 - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/how-to-integrate-iso-14001-and-iso-9001/
· - free online training ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
· - book - THE ISO 14001:2015 COMPANION – A A Straightforward Guide to Implementing an EMS in a Small Business - https://advisera.com/books/the-iso-14001-2015-companion/ -
FMEA training
Answer:
The organization must demonstrate technical competence of employees who are performing FMEA analysis (both PFMEA and DFMEA).
There is no requirement for specific training, but if someone is involved in FMEA core team, the organization must demonstrate that they are competent for that.
If with „basic“ training you can demonstrate the competence of personnel than it is enough, but please do a risk assessment for this decision.
Please find out more about FMEA in the following article:
- What is FMEA, and how to apply it in IATF 16949 https://advisera.com/16949academy/blog/2017/09/06/what-is-fmea-and-how-to-apply-it-in-iatf-16949/ -
Video content
Answer:
First of all, sorry for this inconvenience. Every time you find such discrepancies between the tutorials and documentation, please use the information in the templates, because they are the most updated version. -
Is clause 8.3 applicable?
Hi Pete, thank you for your question.
If by ITSM you mean how IT teams manage the end-to-end delivery of IT services to customers, including all the processes and activities to design, create, deliver, and support IT services. Then, clause 8.3 is applicable to ITSM companies. Here, design is not about the tools (like apps or software), but about the right arrangement of the tools, assets and processes.
-
AS9100 Router Configuration Mgmt
Making so, from there on, any changes are managed by CM department when the major milestones of the build or steps of the build are changed. I have a CM department trying to convince me that they do not only manage, make not e, or do any of the router changes, they also do not associate themselves or notate the request for the router to get loaded at the around same time as CM loads the BOM, on new assemblies. This leaves a gap in our process if CM does not own this configuration sustainability. What are your thoughts, is Router process configuration something with its own revision, needing to be tracked by CM since it is directly related to the configuration to the parts on the BOM?
Answer:
The decision of whether a router is included in the configuration management of a product is taken by the company per the customer and legal requirements for the product. As this document is often the instructions on how to assemble and test a product it is often considered to be part of the configuration listing for the final product that is shipped, and also often maintained by the configuration management department. However, this requirement is not necessarily the case for every customer or company that creates parts for aerospace. If you perceive a gap in your system then I suggest you refer to the customer requirements for configuration management and reporting to ensure that there is no specific requirement from them as to how this is done and reported.
For more information on what is included in AS9100 Rev D see this whitepaper, “Clause-by-clause explanation of AS9100 Rev D”, https://info.advisera.com/9100academy/free-download/clause-by-clause-explanation-of-as9100-rev-d