Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11269 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Monitoring and measuring and customer satisfaction
Answer:
Each organization is an individual case. However, when working with organizations implementing ISO 9001:2015 I follow, as general rules, this framework:
Quality objectives;
Customer and other interested parties satisfaction objectives;
Product or service objectives;
Process performance objectives.
For each objective I want to know what the actual value is and the trend. I always use graphics, and compare results with the target. Whenever possible I like to use control charts in order to help decide if the system should be changed or not in order to meet targets.
Personally I prefer to link performance and processes, but my experience is that most organizations prefer to link with departments.
About measuring customer satisfaction I see organizations using surveys, using interviews with customers, using experts opinion in magazines, using consumer evaluation in websites.
The following material will provide you information about data analysis:
- ISO 9001 – Analysis of data obtained from Monitoring and Measurement - https://advisera.com/9001academy/blog/2014/04/22/analysis-data-obtained-monitoring-measurement/
- free online training ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Getting top management support
And I agree with that fact-based approach. However, many times this is an egg-chicken problem because many organizations before implementing ISO 9001 don’t have enough data. If your organization has data, perhaps you can use figures to support this claim:
We can reduce the cost of quality problems by X% = Y currency units;
We can reduce customers lost due to quality complaints by X% = X% = Y currency units;
We can gain customers that demand ISO 9001 certified suppliers and increase revenue by X% = Y currency units;
We can improve productivity due to better planning and reduce unit production cost by X% = Y currency units;
We can improve our brand awareness in the market and increase our unit price by X% = Y currency units
We can have savings of X% = Y currency units due to better planning and buying with suppliers
Do you think this can help? -
Internal audits and auditor competence
Answer:
To keep your certification, you will be audited annually by the certification body, what is called a surveillance audit. To avoid a major nonconformity at that audit your organization should perform an internal audit to the environmental management system at least annually.
2. Must it be by someone who is certified or just knowledgeable?
Answer:
Your internal auditor should be someone considered competent according to your organization’s own requirements. It is your organization that establishes the required competence needed for an internal auditor.
The following material will provide you with information about internal audits:
- ISO 14001 – Internal Audits in the EMS: Five Main Steps - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/internal-audits-in-the-ems-five-main-steps/
- Creating an ISO 14001 internal audit plan - https://advisera.com/14001academy/blog/2017/01/16/creating-an-iso-14001-internal-audit-plan/
- free online training ISO 14001:2015 Internal Auditor Course
https://advisera.com/training/iso-14001-internal-auditor-course/
- book - The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/ -
Toolkit content
4.1 Understand organization and context
4.2 understanding the needs and expectations of stakeholders
Please inform where I can find this to be able to implement as required by the standard.)
Answer:
ISO 27001 does not require the documentation of organizational context, only that you consider them to identify needs and expectations of stakeholders.
To cover requirements from section 4.2 you can use the "Procedimiento para identificación de requisitos" and the "Apéndice: Lista de requisitos legales, normativos, contractuales y de otra índole" templates, which are located on folder 2 "02_Procedimiento_para_identificacion_de_requisitos"
These articles will provide you further explanation about organizational context and needs and expectations of stakeholders:
- How to define context of the organization according to ISO 27001 htt ps://advisera.com/27001academy/knowledgebase/how-to-define-context-of-the-organization-according-to-iso-27001/
- How to identify ISMS requirements of interested parties in ISO 27001 https://advisera.com/27001academy/blog/2017/02/06/how-to-identify-isms-requirements-of-interested-parties-in-iso-27001/ -
EU GDPR controller vs. processor
Answer:
This depends on what activities you perform. If you process personal data on behalf of the Controller and if you process data based on the controller`s instructions, you are a data processor.
A controller is an entity who, alone or jointly with others, determines the purposes and means of the processing of personal data. In other words, the controller decides “what” personal data will be processed for and “how” it will be done.
A processor is an entity who processes personal data on behalf of a controller. An example might be a company that processes your payroll or a cloud provider that offers data storage. Ho wever, in more complex relationships it can be difficult in practice to work out if someone acts as controller or processor.
To find out more about controllers and processors check out this article EU GDPR controller vs. processor – What are the differences? (https://advisera.com/eugdpracademy/knowledgebase/eu-gdpr-controller-vs-processor-what-are-the-differences/) -
Best Lead Auditor course for food safety
Answer:
Your question really comes down to what aspects of business you have expertise in and what you want to audit as a lead auditor. ISO 22000 is a standard for Food Safety Certification, where as ISO 27001 is the standard requirements for an Information Security Management System (in other words IT management). Within the food safety and hygiene environment you need to ask yourself where your experience and knowledge lie, the aspect of IT or food safety.
For more information on what Iso 27001 is, feel free to look at our website "What is ISO 27001?”, https://advisera.com/27001academy/what-is-iso-27001/ -
ISO 27001 map to NIST
Any thoughts or advice would be appreciated including your products or services that would be most helpful, including the below.
https://advisera.com/27001academy/iso-27001-documentation-toolkit/
https://advisera.com/books/iso-27001-annex-controls-plain-english/
https://advisera.com/books/preparations-for-the-iso-implementation-project-a-plain-english-guide/
Answer:
Considering your demand, I suggest you the ISO 27001 Documentation Toolkit. The templates are almost 80% complete, with comment about hat must be kept and what can be adjusted according your needs.
NIST 800-53 already has a map of its controls to ISO 27001 standard (Annex H), that can help you identify which controls need to be adjusted considering our templates.
NIST CSF and ISO 27001 are closely related, in a sense that they complement each other (CSF provides a structu red framework for controls implementation while ISO 27001 provides a worldwide recognized management framework to ensure the controls pertinence, efficiency and effectiveness), and since CSF controls are mostly based on NIST 880-53 you also can use these to make adjustments on the templates content.
About NYS DFS 500 and GLBA, unfortunately we do not have sufficient information to provide additional guidance.
These article will provide you further explanation about integrating ISO 27001 and NIST practices:
- How to use the NIST SP800 series of standards for ISO 27001 implementation https://advisera.com/27001academy/blog/2016/05/02/how-to-use-the-nist-sp800-series-of-standards-for-iso-27001-implementation/
- How to use NIST SP 800-53 for the implementation of ISO 27001 controls https://advisera.com/27001academy/blog/2016/05/10/how-to-use-nist-sp-800-53-for-the-implementation-of-iso-27001-controls/
- Which one to go with – Cybersecurity Framework or ISO 27001? https://advisera.com/27001academy/blog/2014/02/24/which-one-to-go-with-cybersecurity-framework-or-iso-27001/ -
Exclusions in the scope of the QMS
Answer:
Exclusions doesn´t apply when the standard has been already implemented. In fact one of the first steps when implementing ISO 9001:2015 is determining the scope of the organization and when defining the scope of your QMS you should also determine if any exclusions apply and justify them. For instance, if a company doesn´t do any design work, but it uses designs already given by a customer, you can say that this requirement doesn´t apply to your organization.
These materials can help you to better understand exclusions in the scope of ISO 9001:2015
- Article - What clauses can be excluded in ISO 9001:2015: https://advisera.com/9001academy/blog/2015/07/07/what-clauses-can-be-excluded-in-iso-90012015/2015/
- Articl e: https://advisera.com/9001academy/knowledgebase/how-to-define-the-scope-of-the-qms-according-to-iso-90012015/
- Book - Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- ISO 9001:2015 Foundations Course: https://advisera.com/training/iso-9001-foundations-course/ -
Customer complain log
Answer:
A customer complain log should include the list of complaints received from customers, with its documented response and closure. After receiving a complaint, the organization must evaluate whether the complaint is reasonable or not, and after doing so, the organization will need to suggest a way of resolving the complaint and decide if carrying out a correction or corrective action according to its own organization´s procedure for control of nonconforming product or service.
You can download a free preview of our Registry of Customer Complaints here: https://advisera.com/9001academy/documentation/registry-customer-complaints/
To learn more about customer complaint registers, see these materials:
- Article - Main elements handling customer satisfaction in ISO 9001: https://advisera.com/9001academy/blog/2014/07/01/main-elements-handling-customer-satisfaction-iso-9001/
- Article - Handling customer satisfaction with code of conduct and co mplaints procedure: https://advisera.com/9001academy/blog/2014/07/15/handling-customer-satisfaction-code-conduct-complaints-procedure/
- Book - Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- ISO 9001:2015 Foundations Course: https://advisera.com/training/iso-9001-foundations-course/