Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Developing policies and procedures


    Answer:

    The main advice is to keep these documentation as simple as possible, including only what is demanded by legal requirements, like contracts, laws and regulations, or what will certainly increase efficiency and effectiveness. An additional tip is to write considering your target audience, avoiding unnecessary jargon.

    These articles will provide you further explanation about developing policies and procedures:
    - 8 criteria to decide which ISO 27001 policies and procedures to write https://advisera.com/27001academy/blog/2014/07/28/8-criteria-to-decide-which-iso-27001-policies-and-procedures-to-write/
    - One Information Security Policy, or several policies? https://advisera.com/27001academy/blog/2013/06/18/one-information-security-policy-or-several-policies/

    Regarding ISO 27001, I suggest you these material so you can have a better understanding of this standard and its benefits:
    - What is ISO 27001 https://advisera.com/27001academy/what-is-iso-27001/
    - ISO 27001 Foundations course https://advisera.com/training/iso-27001-foundations-course/
    - Four key benefits of ISO 27001 implementation https://advisera.com/27001academy/knowledgebase/four-key-benefits-of-iso-27001-implementation/
    - ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/

  • Evaluación del liderazgo


    En Advisera no contamos actualmente con un método de la evaluación del liderazgo, ya que este forma parte de varios requisitos de la norma. No obstante esta valoración se hace durante la auditoría interna; aquí puede acceder a una vista previa de la Lista de Verificación para Auditoria Interna: https://advisera.com/9001academy/es/documentation/lista-de-verificacion-para-auditoria-interna/

    Estos serían los elementos que demuestran el liderazgo dentro del SGC:
    - Se mide la eficacia del SGC, y la dirección participa en esta evaluación.
    - La Política de Calidad y los objetivos son establecidos por la dirección, comunicados en la organización y supervisados para conocer su progreso.
    - El SGC es parte de los procesos de negocio, no un proyecto paralelo.
    - Las necesidades de recursos son revisadas y abordadas por la dirección.
    - La mejora continua es promovida y soportada por la dirección.
    - Existe una manera para demostrar al cliente que los requisitos legales son entendidos y se cumplen, y el personal entiende lo importante que es esto.
    - Existe un enfoque de dirección en la satisfacción del cliente.
    - Se asignan los roles de la organización, las responsabilidades, y las autoridades, la cuales tienen que ser entendidas por los trabajadores de la organización.

    Para más información sobre demostrar el liderazgo dentro de la organización puede ver estos materiales:
    - Artículo - Cómo cumplir con los nuevos requerimientos de liderazgo en la ISO 9001:2015: https://advisera.com/9001academy/pt-br/kit-de-documentacao-da-iso-9001/nowledgebase/como-cumplir-con-los-nuevos-requerimientos-de-liderazgo-en-la-iso-90012015/
    - Curso gratuito en línea de Fundamentos ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/

  • Estructura de la documentación en el SGC y diseño de procedimientos


    Respuesta:

    Lo primero es señalar que en esta nueva norma no es obligatorio presentar ningún procedimiento. En caso de hacerlo, al igual que cualquier otro tipo de documentación debe de cumplir con los requisitos de la cláusula 7.5 de norma ISO 9001:2015 en cuanto a la creación y actualización y al control de información documentada del SGC. En cuanto al diseño es la propia organización la que puede decidir sobre el mismo siempre y cuando cumpla con los requisitos mencionados.

    Respecto a la creación y actualización de la información documentada, la organización debe:
    - Identificar y describir de forma adecuada la información documentada (título, fecha, etc.)
    - Establecer un formato(idioma, gráficos , etc. )
    - Determinar los medios en los que se encuent ra contenida (papel, formato electrónico, etc.)
    - Revisar y aprobar la información documentada asegurando su idoneidad y adecuación

    Por otro lado la organización debe abordar las siguientes actividades para controlar la información documentada:
    - Acceso, distribución, recuperación y uso
    - Almacenamiento y distribución
    - Control de cambios
    - Retención y disposición

    Aquí puede descargar una vista previa de nuestro Procedimiento para el control de documentos y registros: https://advisera.com/9001academy/es/documentation/procedimiento-para-control-de-documentos-y-registros/

    Respecto a la estructura de la información documentada ell estándar internacional ISO 10013:2001 Guía para la documentación de Sistemas de Gestión de Calidad da directrices para un dimensionamiento efectivo de la documentación de un SGC, así como un resumen de contenidos recomendados y la estructura de diferentes tipos de documentos del Sistema de Gestión de Calidad. En este artículo puede encontrar más información sobre la estructura de la documentación - Cómo estructurar la documentación del sistema de gestión de calidad https://advisera.com/9001academy/pt-br/kit-de-documentacao-da-iso-9001/nowledgebase/como-estructurar-la-documentacion-del-sistema-de-gestion-de-calidad/

    En cuanto a los procedimientos de calidad pueden incluir los siguientes elementos:
    - Título
    - Finalidad
    - Alcance
    - Responsabilidades y funciones d
    - Definición y listado de los registros que resultan de las actividades descritas en el procedimiento
    - Control de documentos
    - Descripción de actividades
    Se pueden incluir anexos, en caso de ser necesario.

    Estos materiales pueden ayudarle a entender el control de la información documentada en la norma ISO 9001:2015:
    - New approach to document and record control in ISO 9001:2015 (disponible en inglés): https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/
    - Curso de Fundamentos ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/

  • Subclause 8.2.3.2

    According to the clause 8.2.3.2 - you don´t need to develop a procedure but retain documented information (that is, records), as applicable: - on the results of the review; - on any new requirements for the products and services. You can check the mandatory documents here - List of mandatory documents required by ISO 9001:2015: https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/ Of course you can create a procedure that will hep you to act systematically regarding this requirement, but it is not a mandatory requirement for the organization. Also, it doesn´t need to focus just on customer needs but the review before commiting to supply pr oducts and services should include: - requirements specified by the customer, including requirements for delivery ad post-delivery activities; - requirements not stated by the customer, but necessary for te specified or intended use, when known; - requirements specified by the organization; - statutory and regulatory requirements applicable to the products and services; - other contract or order requirements differing from those previously expressed. These materials can also help you to understand Clause 8 - Operation: - White paper - Clause by clause explanation of ISO 9001:2015: https://info.advisera.com/9001academy/free-download/clause-by-clause-explanation-of-iso-90012015 - Book - Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ - ISO 9001:2015 Foundations Course: https://advisera.com/training/iso-9001-foundations-course/

  • Access to psychometric tests


    Answer:

    The results of the psychometric tests are indeed personal data and those should be shared with the data subjects if they request that. The test questions, unless these questions are indeed aimed at collecting personal information (What is your name, your date of birth, age etc.) can be disclosed to the data subjects, however if the test as a whole is protected under the national laws than the national laws would take precedence over the EU GDPR.

    To find out more about the EU GDPR check out our EU GDPR Foundations Course (https://advisera.com/training/eu-gdpr-foundations-course//).

  • How to get ISO certification


    Answer:
    ISO does not certifies organizations. ISO publishes internationally recognized standards. Certification is provided by certification bodies after audits that verify if an organization has implemented a management system according to the requirements of an ISO management system standard. So, the basis for certification is passing a certification audit.

    The following material will provide you information about certification:
    - ISO 9001 – How to prepare your company for the ISO 9001 certification audit - https://advisera.com/9001academy/03/how-to-prepare-your-company-for-the-iso-9001-certification-audit/
    - free online training ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Document lay-out

    In general, related documents (doesn’t matter in which way they exist (paper document, electronically, inside the information system etc.) from section 4 do they have to be compliant with the things we defined in the [policy for information classification]?

    Answer:

    The change log form, as well as any other document or record that is part of the ISMS, must be labelled accordingly the Information Classification Policy, as well as to follow the guidelines defined in the Procedure for Document and Record Control (sections 3.1 and 3.5), so the organization does not incur in a non conformity.

    Of course, in the Information Classification Policy you may choose to exclude certain type of documents or records from being labelled, in order to make operations with those documents and records more easily. However, in such case you should assess if this would create some unacceptable risks.

    These articles will provide you further explanation about document control and labeling:
    - Information classification according to ISO 27001 https://advisera.com/27001academy/blog/2014/05/12/information-classification-according-to-iso-27001/
    - Records management in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/11/24/records-management-in-iso-27001-and-iso-22301/

  • Complaint Handling in ISO 13485


    Answer:

    In the 2016 Standard, Complaint handling falls under Clause 8.2.2.

    For further information regarding other changes in the Standard, please refer to :

    ISO 13485:2016 vs. ISO 13485:2003 matrix
    https://info.advisera.com/13485academy/free-download/iso-13485-2016-vs-iso-13485-2003-matrix

  • ISO 27001 risk management process

    Question based on the text of one of marketing e-mails: "Do you struggle to understand all of the steps required for a successful implementation of the ISO 27001 risk management process? Answer: ISO 27001 is a standard for information security management, and one of its pillars is the definition and performing of a risk management process, and that process may or may not be based on ISO 31000:2018. These articles will provide you further explanation about these two standards: - What is ISO 27001 https://advisera.com/27001academy/what-is-iso-27001/ - ISO 31000 and ISO 27001 – How are they related? https://advisera.com/27001academy/blog/2014/03/31/iso-31000-and-iso-27001-how-are-they-related/ These materials will also help you regarding risk management on ISO 27001: - Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/ - The basics of risk assessment and treatment according to ISO 27001 [free webinar on demand] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/

  • Audit checklist content


    Answer:

    To verify if this requirement is fulfilled, you have to identify if the organization has clearly defined and implemented actions and roles to communicate relevant information for both internal and external public. For example, if the organization has defined the process bellow:
    - For internal public the HR department is responsible to communicate general information security issues, line managers are responsible to communicate technical information security issues, related to the roles of theirs teams, and Top Management is responsible to communicate information security issues related to processes performance and results. These communications will be performed monthly or sooner if the responsible consider it is needed;
    - For external public the PR department is responsible to co mmunicate with media representatives, and the purchase department is responsible to communicate with suppliers. Information related to information security incidents are to be communicated only after Top Management approval by Public Relations department.

    It is important to note that a formal Communication plan is not mandatory.

    These materials will provide you further explanation about ISO 27001 requirements:
    - How to create a Communication Plan according to ISO 27001 How to create a Communication Plan according to ISO 27001
    - Clause-by-clause explanation of ISO 27001 https://info.advisera.com/27001academy/free-download/clause-by-clause-explanation-of-iso-27001
Page 665-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +