Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11278 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Process approach - Why and How
Answer:
Activities are what people do in organizations and a process is a set of activities, and an organization can be seen as a set of interrelated processes. Modeling organizations as sets of interrelated processes is a way of having a base to both understand performance decide where to act to improve performance. The process approach focuses attention not on roles and hierarchic positions or departmental borders but on facilitating the flow of activities from inputs to outputs. The process approach became famous in the 90's after the word reengineering. An approach to remove non-value-added activities in organizations, to make them more lean and efficient and run away from the “we have always done it this way” mindset.
“I also want to ask how I can draw up a purchasing process for a business”
Answer:
When I draw a process, I always start by its purpose. Purpose works as a guiding light fo r the rest of the job. Then, I write what starts the process and what will be the main output, what we will have in the end.
The process occurs between those two borders. Gather a group of people that know the process because they work there, because they are internal suppliers or because they are internal customers. With sticky notes do a brainstorming and list what is done inside the process, the activities. I use as a rule: each sticky note must have a verb (a process is action, action is verb, a process is a flow of verbs) + and a noun. Examples: check inventory; or receive request).
Then, organize in chronological order the activities. You identified the flow, the process. Now, you can add each function that participates in the process.
The following material will provide you information about the process approach:
- ISO 9001 – ISO 9001: The importance of the process approach - https://advisera.com/9001academy/blog/2015/12/01/iso-9001-the-importance-of-the-process-approach/
- free online training ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
ISO 45001 process map requirements
Answer:
There are no requirements in ISO 45001 that specifically ask for process maps, however, when you are identifying your hazards and risks as per clause 6.1.2 you need to take into account how work is organized, including routine and non-routine activities. For this it is necessary to know how your processes work so that you can determine the hazards associated with them, and a process map can help with this.
For more on information on what is required to be documented by ISO 45001 you can see this whitepaper titled “Checklist of mandatory documentation required by ISO 45001”, https://info.advisera.com/45001academy/free-download/checklist-of-mandatory-documentation-required-by-iso-45001 -
Uso marca ISO 27001
Respuesta: Disculpa, pero no estoy seguro a qué te refieres con lo de las cláusulas, en cualquier caso, Advisera no es parte de la marca ISO, porque ISO es una entidad independiente, y no podemos decidir sobre el uso de sus recursos. Puedes encontrar más información sobre ISO en su sitio oficial: iso.org
Con respecto al uso de la palabra "ISO 27001", si te refieres a incluir esta palabra en un documento que estás utilizando para la im plementación de políticas de seguridad basadas en la ISO 27001, puedes hacerlo, por supuesto. El problema podría ser que uses algo de ISO con derechos de autor, por ejemplo, un logotipo, pero creo que este no es tu caso, porque sólo quieres emplear una palabra, y esta palabra no tiene copyright.
Con respecto a la implementación de la ISO 27001, este artículo te puede resultar interesante “ISO 27001 implementation checklist” : https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/ -
Quality Plan in ISO 9001:2015
Answer:
First of all, a quality plan is a document,that states quality standards, practices, resources, specifications, and the sequence of activities relevant to a particular product, service, project, or contract.
Quality plans should include:
- Objectives to be achieved (for example, characteristics or specifications)
- Steps in the processes
- Allocation of responsibilities, authority, and resources
- Specific documented standards, practices, procedures, and instructions
- Suitable testing, inspection, examination, and audit programs
- A documented procedure for changes and modifications to a quality plan
- A method for measuring the achievement of the quality objectives
- Other actions necessary to meet the objectives
You can find more infor mation about the Quality Plan in these materials:
- Article - Making the best out fof ISO 9001 quality plan: https://advisera.com/9001academy/blog/2015/12/08/making-the-best-out-of-iso-9001-quality-plan/
- Book - Discover ISo 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- ISO 9001 Lead Implementer Course: https://advisera.com/training/iso-9001-lead-implementer-course/ -
Different Audits in ISO 14001
Answer:
In order to effectively implement ISO 14001:2015 you need to conduct an internal audit to look for any non conformity and apply the necessary corrective actions. Also if you want to be certified in ISO 14001:2015 you will have to successfully pass the certification audit by an external certification body. Once you get the certification you´ll need to maintain your different processes to keep updated your QMS which is demonstrated during the surveillance audits, usually conducted once every year during the following years until the recertification audit.
These materials can help you to better understand audits:
- Article -Certification audits vs surveillance audits in ISO 14001: https://advisera.com/14001academy/blog/2016/07/11/certification-audits-vs-surveillance-audits-in-iso-14001/
- Article - 5 Tips to help you prepare for your ISO 14001 surveillance audit: https://advisera.com/14001academy/blog/2015/11/23/5-tips-to-help-you-prepare-for-your-iso-14001-surveillance-audit/
- Article - ISO 14001 certification: https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/iso-14001-certification/
- Book - The ISO 14001:2015 companion: https://advisera.com/books/the-iso-14001-2015-companion/
- ISO 14001 Lead Implementer Course: https://advisera.com/training/iso-14001-lead-implementer-course/ -
FAI requirements in AS9100 Rev D
Answer:
The requirements in AS9100 Rev D around first article inspection are found in clause 8.5.1.3 “Production process verification” which requires you to verify that production processes meet requirements, and use a representative item from the first production run of a new part to verify that everything involved produces a part that meets standards. It then notes that this activity can be referred to as FAI. This includes no requirements for what needs to be in a report for this activity.
The AS9100 Rev D standard also give reference to AS9102 in annex C which is a standard for first article inspection. This standard does include how to do this including reference dimensions, but unless this is a requirement of the customer it is not something that is needed per AS9100. What is included in the FAI report comes down to what customer requirements have been placed on you.
One other thing that may help you is this whitepaper titled “Clause-by-clause explanation of AS9100 Rev D”, https://info.advisera.com/9100academy/free-download/clause-by-clause-explanation-of-as9100-rev-d -
Auditing in AS9100 Rev D
Answer:
There are a number of past blog articles that can help you to work on auditing a QMS such as “6 main steps in the internal audit process according to AS9100 Rev D” (https://advisera.com/9100academy/knowledgebase/6-main-steps-in-the-internal-audit-according-to-as9100-rev-d/) and “developing an internal audit checklist for AS9100 Rev D” (https://advisera.com/9100academy/knowledgebase/developing-an-internal-audit-checklist-for-as9100-rev-d/). For a more detailed look at using the ISO 19011 standard for management system auditing the article from 9001Academy titled “13 steps for ISO 9001 internal audit using ISO 19011” (https://advisera.com/9001academy/knowledgebase/13-steps-for-iso-9001-internal-auditing-using-iso-19011/) may also be helpful.
One other tool tha t can help is this whitepaper titled “Clause-by-clause explanation of AS9100 Rev D”, https://info.advisera.com/9100academy/free-download/clause-by-clause-explanation-of-as9100-rev-d -
Inventory list
Answer:
If you have identified that control A.8.1.1 Inventory of assets is applicable, you have to include only assets that are related to the information your ISMS is intended to protect. Most probably IT assets will be included, as well as cabinets where physical documents are stored. Besides those assets that are used to store, process and transmit information, you can keep other organizations assets out of the inventory.
This article will provide you further explanation about asset inventory:
- How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/
If you want to see how an asset inventory looks like, a nd see examples of assets for this inventory, I suggest you to take a look at the free demo of our Inventory of Assets at this link: https://advisera.com/27001academy/documentation/inventory-of-assets/ -
Certification scope
Answer:
You can limit your certification scope according to your needs, but you have to evaluate if the administrative effort to have a separated scope is worthy. In most cases, for small and medium business, or in cases where keeping a separated scope is too complex, the best approach is to certify all the services or the organization as a whole.
These articles will provide you further explanation about defining scope:
- How to define the I SMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
- Problems with defining the scope in ISO 27 -
SoA changes
If an external auditor reveals any changes to the SoA during e.g. a surveillance audit, the certification will not be valid and a new certification process needs to be stated since the scope has changed. My understanding that an SOA is a working document that should be updated as needed as the business changes. Can you let me know which is correct and point to reference material that describes this?
Answer:
Your understanding about SoA is correct. This is a living document that must be updated as needed. Sometimes this need to update is to reflect changes in risks not necessarily related to changes in the scope. In this case you have to record the decision made to update the SoA, and related information (e.g., update the risk assessment regarding the new risks). During a surveillance audit, the auditor will verify if the change in the SoA was done according the standard requirements and implemented documentation.
When changes in the SoA are in fact related to changes in the scope, besides the previous mentioned steps, you have to communicate this situation to your certification body so you can define how to approach this situation, because the certification scope will have to be updated. In some cases this will require an immediate surveillance audit, but in most cases this can be verified on the next external audit. For the additional scope you have to ensure the same steps taken that were performed to implement the ISMS.
This article will provide you further explanation about SoA:
- The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/