Search results

Home / Search

Category:
Select
Select

11270 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Scope determination - a management not a technical decision

    Hi, did you map your organization (Operations Department) as a set of interrelated processes? With what outside parties do those processes interact? Some of those outside parties will be suppliers, other regulators, other maybe partners. Can any of the remaining outside parties be considered as customers? Unzoom yourself from the detail and answer yourself to the question: Who does my organization (Operations Department) serve?

    And if they are insiders, and those whom we serve, in turn, who do they serve?

    Follow the mission of your organization, perhaps that can help find one or more groups of customers, internal and external.

    Does this help you? Let me know.

  • Monitoring and measuring and customer satisfaction


    Answer:
    Each organization is an individual case. However, when working with organizations implementing ISO 9001:2015 I follow, as general rules, this framework:

    Quality objectives;
    Customer and other interested parties satisfaction objectives;
    Product or service objectives;
    Process performance objectives.

    For each objective I want to know what the actual value is and the trend. I always use graphics, and compare results with the target. Whenever possible I like to use control charts in order to help decide if the system should be changed or not in order to meet targets.
    Personally I prefer to link performance and processes, but my experience is that most organizations prefer to link with departments.

    About measuring customer satisfaction I see organizations using surveys, using interviews with customers, using experts opinion in magazines, using consumer evaluation in websites.

    The following material will provide you information about data analysis:
    - ISO 9001 – Analysis of data obtained from Monitoring and Measurement - https://advisera.com/9001academy/blog/2014/04/22/analysis-data-obtained-monitoring-measurement/
    - free online training ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Getting top management support

    And I agree with that fact-based approach. However, many times this is an egg-chicken problem because many organizations before implementing ISO 9001 don’t have enough data. If your organization has data, perhaps you can use figures to support this claim:

    We can reduce the cost of quality problems by X% = Y currency units;
    We can reduce customers lost due to quality complaints by X% = X% = Y currency units;
    We can gain customers that demand ISO 9001 certified suppliers and increase revenue by X% = Y currency units;
    We can improve productivity due to better planning and reduce unit production cost by X% = Y currency units;
    We can improve our brand awareness in the market and increase our unit price by X% = Y currency units
    We can have savings of X% = Y currency units due to better planning and buying with suppliers

    Do you think this can help?

  • Internal audits and auditor competence


    Answer:
    To keep your certification, you will be audited annually by the certification body, what is called a surveillance audit. To avoid a major nonconformity at that audit your organization should perform an internal audit to the environmental management system at least annually.

    2. Must it be by someone who is certified or just knowledgeable?

    Answer:
    Your internal auditor should be someone considered competent according to your organization’s own requirements. It is your organization that establishes the required competence needed for an internal auditor.

    The following material will provide you with information about internal audits:
    - ISO 14001 – Internal Audits in the EMS: Five Main Steps - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/internal-audits-in-the-ems-five-main-steps/
    - Creating an ISO 14001 internal audit plan - https://advisera.com/14001academy/blog/2017/01/16/creating-an-iso-14001-internal-audit-plan/
    - free online training ISO 14001:2015 Internal Auditor Course
    https://advisera.com/training/iso-14001-internal-auditor-course/
    - book - The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/

  • Toolkit content

    4.1 Understand organization and context
    4.2 understanding the needs and expectations of stakeholders
    Please inform where I can find this to be able to implement as required by the standard.)

    Answer:

    ISO 27001 does not require the documentation of organizational context, only that you consider them to identify needs and expectations of stakeholders.

    To cover requirements from section 4.2 you can use the "Procedimiento para identificación de requisitos" and the "Apéndice: Lista de requisitos legales, normativos, contractuales y de otra índole" templates, which are located on folder 2 "02_Procedimiento_para_identificacion_de_requisitos"

    These articles will provide you further explanation about organizational context and needs and expectations of stakeholders:
    - How to define context of the organization according to ISO 27001 htt ps://advisera.com/27001academy/knowledgebase/how-to-define-context-of-the-organization-according-to-iso-27001/
    - How to identify ISMS requirements of interested parties in ISO 27001 https://advisera.com/27001academy/blog/2017/02/06/how-to-identify-isms-requirements-of-interested-parties-in-iso-27001/

  • EU GDPR controller vs. processor


    Answer:

    This depends on what activities you perform. If you process personal data on behalf of the Controller and if you process data based on the controller`s instructions, you are a data processor.

    A controller is an entity who, alone or jointly with others, determines the purposes and means of the processing of personal data. In other words, the controller decides “what” personal data will be processed for and “how” it will be done.

    A processor is an entity who processes personal data on behalf of a controller. An example might be a company that processes your payroll or a cloud provider that offers data storage. Ho wever, in more complex relationships it can be difficult in practice to work out if someone acts as controller or processor.

    To find out more about controllers and processors check out this article EU GDPR controller vs. processor – What are the differences? (https://advisera.com/eugdpracademy/knowledgebase/eu-gdpr-controller-vs-processor-what-are-the-differences/)

  • Best Lead Auditor course for food safety


    Answer:

    Your question really comes down to what aspects of business you have expertise in and what you want to audit as a lead auditor. ISO 22000 is a standard for Food Safety Certification, where as ISO 27001 is the standard requirements for an Information Security Management System (in other words IT management). Within the food safety and hygiene environment you need to ask yourself where your experience and knowledge lie, the aspect of IT or food safety.

    For more information on what Iso 27001 is, feel free to look at our website "What is ISO 27001?”, https://advisera.com/27001academy/what-is-iso-27001/

  • ISO 27001 map to NIST

    Any thoughts or advice would be appreciated including your products or services that would be most helpful, including the below.
    https://advisera.com/27001academy/iso-27001-documentation-toolkit/
    https://advisera.com/books/iso-27001-annex-controls-plain-english/
    https://advisera.com/books/preparations-for-the-iso-implementation-project-a-plain-english-guide/

    Answer:

    Considering your demand, I suggest you the ISO 27001 Documentation Toolkit. The templates are almost 80% complete, with comment about hat must be kept and what can be adjusted according your needs.

    NIST 800-53 already has a map of its controls to ISO 27001 standard (Annex H), that can help you identify which controls need to be adjusted considering our templates.

    NIST CSF and ISO 27001 are closely related, in a sense that they complement each other (CSF provides a structu red framework for controls implementation while ISO 27001 provides a worldwide recognized management framework to ensure the controls pertinence, efficiency and effectiveness), and since CSF controls are mostly based on NIST 880-53 you also can use these to make adjustments on the templates content.

    About NYS DFS 500 and GLBA, unfortunately we do not have sufficient information to provide additional guidance.

    These article will provide you further explanation about integrating ISO 27001 and NIST practices:
    - How to use the NIST SP800 series of standards for ISO 27001 implementation https://advisera.com/27001academy/blog/2016/05/02/how-to-use-the-nist-sp800-series-of-standards-for-iso-27001-implementation/
    - How to use NIST SP 800-53 for the implementation of ISO 27001 controls https://advisera.com/27001academy/blog/2016/05/10/how-to-use-nist-sp-800-53-for-the-implementation-of-iso-27001-controls/
    - Which one to go with – Cybersecurity Framework or ISO 27001? https://advisera.com/27001academy/blog/2014/02/24/which-one-to-go-with-cybersecurity-framework-or-iso-27001/

  • Exclusions in the scope of the QMS


    Answer:

    Exclusions doesn´t apply when the standard has been already implemented. In fact one of the first steps when implementing ISO 9001:2015 is determining the scope of the organization and when defining the scope of your QMS you should also determine if any exclusions apply and justify them. For instance, if a company doesn´t do any design work, but it uses designs already given by a customer, you can say that this requirement doesn´t apply to your organization.

    These materials can help you to better understand exclusions in the scope of ISO 9001:2015
    - Article - What clauses can be excluded in ISO 9001:2015: https://advisera.com/9001academy/blog/2015/07/07/what-clauses-can-be-excluded-in-iso-90012015/2015/
    - Articl e: https://advisera.com/9001academy/knowledgebase/how-to-define-the-scope-of-the-qms-according-to-iso-90012015/
    - Book - Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
    - ISO 9001:2015 Foundations Course: https://advisera.com/training/iso-9001-foundations-course/
Page 651-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +