Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11272 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Excluding the Finance Department
Also, our current set up is Finance are under HR Department, is it allowed that Finance are exempted on internal audit?”
Answer:
Yes, it is allowed to exclude your Finance Department from your management system and you don’t need to do a risk assessment about your Finance Team.
The following material will provide you information about implementing an ISO 9001 management system:
- ISO 9001 - What is an acceptable exclusion in Clause 7 of ISO 9001? - https://advisera.com/9001academy/blog/2015/03/24/what-is-an-acceptable-exclusion-in-clause-7-of-iso-9001/
- free online training ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Determining risks and opportunities
Answer:
I don’t have any examples for risks and opportunities in the line of paint industries. If I was working with you I would follow two approaches about determining risks and opportunities: what overall objectives does your organization want to meet with a quality management system? Then, list the relevant topics that can help or hinder the possibilities of meeting them; and repeat the same exercise for your organization’s processes. Each process has a purpose, has a mission, what can help or hinder meeting those demands?
The following material will provide you information about implementing the risk based approach:
- ISO 9001 - Risk-based thinking replacing preventive action in ISO 9001:2015 – The benefits - https://advisera.com/9001academy/knowledgebase/risk-based-thinking-replacing-preventive-action-in-iso-90012015-the-benefits/
- How to address risks and opportunities in ISO 9001 - https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
- free online training ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
AS9100: Where to find government regulators
Answer:
Unfortunately, as there are so many different government regulators around the world it would be extremely difficult for us to have a listing that is applicable for any specific company or area. I would suggest two possible places to look for information; with your customers as they would likely have the same regulators, or with your certification body as they will have experience in your geographical area.
If you have not yet chosen your certification body I suggest looking at this whitepaper from ISO 9001 which includes some relevant “Questions to ask your certification body” to ensure you get the best value: https://info.advisera.com/9001academy/free-download/list-of-questions-to-ask-an-iso-9001-certification-body -
Supplier development process
Distributors are considered as sales partners, so requirements for suppliers in 8.4.2.3 are not related to them. There is no specific requirement for distributor development process. -
Priority calculation
Answer:
Priority is calculated as "Impact + Urgency -1"
See this webinar to learn more: "ITIL Incident Management Process Demystified" https://advisera.com/20000academy/webinar/itil-incident-management-process-demystified-free-webinar-on-demand/ -
Incident Management template
Answer:
Yes, this is general template for managing incidents and is not (only) security related.
I suggest you to check this free webinar recording on Incident Management "ITIL Incident Management Process Demystified" https://advisera.com/20000academy/webinar/itil-incident-management-process-demystified-free-webinar-on-demand/ -
Use of customer logos in AS9100 records
Is there are area of AS9100 that would cover this issue? Using customer logos might cause mistake or confusion about the source of the record.
Answer:
As with all the ISO management system standard the requirements give you a description of what needs to be done, but do not give you a prescriptive way of doing it. As such there is no mention of this sort of specific example in the standard, only giving you the requirements for having systems to maintain documented information. However, I do agree that this usage could be confusing on records and may also infringe on legal requirements if the usage was not pre-approved, but I am not a legal expert for this.
For more information on what AS9100 Rev D includes see this Clause-by-clause explanation of AS9100 Rev D: https://info.advisera.com/9100academy/free-download/clause-by-clause-explanation-of-as9100-rev-d -
Recertification activities
Answer: If you defined that control A.12.6.1 (Management of technical vulnerabilities) is applicable, then only a technical vulnerability assessment process is required by ISO 27001, but there is no requirement to have it documented.
Considering a general vulnerability assessment, this is a good practice to support the identification of risks, but not a ISO 27001 requirement.
2. The consultant recommends ISO 27001 compliant forms. Is there such a thing as an ISO 27001 form?
Answer: ISO 27001 defines information to be included in documentation, such as policies procedures and records, but it does not define forms, so the organization is free to define the documentation lay-out according its needs. The templates included in the toolkit you bough are already compliant with ISO 27001 and they describe which information can be changed or excluded, and those that must be kept.
These articles will provide you further explanation about vulnerability assessment and documentation:
- How to manage technical vulnerabilities according to ISO 27001 control A.12.6.1 https://advisera.com/27001academy/blog/2015/10/12/how-to-manage-technical-vulnerabilities-according-to-iso-27001-control-a-12-6-1/
- How detailed should the ISO 27001 documents be? https://advisera.com/27001academy/blog/2014/09/22/detailed-iso-27001-documents/ -
Marketing for Lead Implementer and Lead Auditor
Answer:
Since implementation is something you often perform only one time, and after that you have a continuous maintenance effort, the demand for auditors is greater than for implementers. Also, to work for certification bodies is necessary to be approved in a Lead Auditor course, while for implementation the certification is not mandatory.
This article will provide you further explanation about these courses:
- Lead Auditor Course vs. Lead Implementer Course – Which one to go for? https://advisera.com/27001academy/blog/2014/06/16/lead-auditor-course-vs-lead-implementer-course-which-one-to-go-for/ -
Consulting services in ISO 9001:2015
Where you specify work to be done on-site and mandays offsite.
Let me know if you have such template of your charge sheet and plan of action towards completion of ISO 9001:2015 Certification process.
Answer:
Rates of your consultancy work will depend on various factors, mainly where you are delivering your services (country, state, region...) and your experience working as a consultant. Usually you will need to estimate the hours that you will spend for every phase in the implementation depending on the size of the company, locations, complexity of the products/services, etc. For instance, phases could be divided as follows:
1. Initiation, planning and assessment
2. Implementation of the QMS
3. Consolidation
Of course you will also need to include in your proposal ho w many hours you will need to work on-site and offsite, considering that remotely hours often cost less than the on-site ones.
These materials can help you to understand more about the consulting services in ISO 9001:2015
- White paper - Project proposal for ISO 9001:2015: https://info.advisera.com/9001academy/free-download/project-proposal-for-iso-90012015-implementation-ms-word
- Article - How to sell your ISO 9001 consulting services: https://advisera.com/9001academy/blog/2017/06/20/how-to-sell-your-iso-9001-consulting-services/
- Article - How to become an ISO 9001 consultant: https://advisera.com/9001academy/blog/2016/11/15/how-to-become-an-iso-9001-consultant/