Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11272 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Lead Auditor course and ISMS certification
Answer:
Only auditors working for certification bodies (certification auditors) can certify business as ISO 27001 compliant.
The lead auditor course is the first step to become a certification auditor.
The process to become an ISO 27001 Lead Auditor, and a certification auditor, is the same all around the world, and this article will provide you further explanation about becoming a certification auditor:
- How to become ISO 27001 Lead Auditor https://advisera.com/27001academy/knowledgebase/how-to-become-iso-27001-lead-auditor/ -
Quality manual and ISO 9001:2015
Answer:
Two things:
First, just because ISO 9001: 2015 no longer requires the existence of a quality manual does not mean that its existence is not allowed. All the companies I have worked with have maintained the quality manual despite the transition to ISO 9001: 2015. You can keep your quality manual after updating it.
Second, you can create a Formats/Records register, a kind of master list of all Formats/Records in use in your organization
The following material will provide you information about the quality manual:
- ISO 9001 – The future of the Quality Manual in ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/the-future-of-the-quality-manual-in-iso-90012015/
- free online training ISO 9001:2015 ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-14001-internal-auditor-course/ nal-auditor-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Internal auditor requirements
Answer:
Each organization has the authority to set the requirements for their internal auditors. Only your organization has the legitimacy to set the requirements applicable to your internal auditors. Even ISO 19011 removed the word competence from the definition of auditor. That said, it is wise to set as minimum requirements for internal auditors that they should know the standard (ISO 9001:2015) and they should know auditing practices. Your organization can ask for any evidence that they know, or studied ISO 9001:2015.
The following material will provide you information about internal audits:
- ISO 9001 – Five Main Steps in ISO 9001 Internal Audit - https://advisera.com/9001academy/knowledgebase/five-main-steps-in-iso-9001-internal-audit/
- free online training ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-14001-internal-auditor-course/ ernal-auditor-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Certificar ISO 27001
Respuesta: El principal objetivo de ISO 27001 es la protección de la información, por tanto, cualquier empresa, de cualquier sector, puede implementar y certificar este estándar, porque todas las compañías tienen información y tienen que protegerla, incluyendo las empresas de servicios y soporte. ¿Por qué? Pues porque este estándar puede proporcionar beneficios a tu negocio, algunos de ellos, por ejemplo: Cumplimiento, marketing, reducción de costes, estándarización de procesos. Para más información sobre los beneficios que aporta este estándar, puedes leer este artículo “Four key benefits of ISO 27001 implementation” : https://advisera.com/27001academy/knowledgebase/four-key-benefits-of-iso-27001-implementation/
Este webinar también te puede resultar interesante “Beneficios de ISO 27001: Cómo obtener el apoyo de la Dirección” : https://advisera.com/27001academy/es/webinar/iso-27001-benefits-how-to-obtain-management-support-free-webinar-on-demand/ -
Policy and risks in ISO 9001:2015
Answer:
You don´t need to follow any format, just comply with the requirements of the standard regarding the policy document, among them to be appropiate to the purpose and context of the organization and aligned with the strategic direction of the organization.
For more information about quality policy, see this article - How does the ISO 9001:2015 affect the quality policy: https://advisera.com/9001academy/blog/2018/04/10/how-does-the-iso-90012015-revision-affect-the-quality-policy/
2nd one is, should i maintain individual files for each policy??
Answer:
Policy for ISO 9001:2015 should be just one for the whole organization, unless you implement other standards, so you can have a policy for each one.
3rd one is, for risk-based thinking, will I also preserve the papers of the meetings, we attended to discuss on RBT???
You can keep the minutes of the meetings as a record that validates that you carried out a risk-ba sed assessment, athough this is not a mandatory requirement in ISO 9001:2015.
Here you can find a list of mandatory documents and records that must be maintained and retained according to ISO 9001:2015 - List of mandatory documents required by ISO 9001:2015: https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/
These materials can help you with the policy and risk based thinking:
- Book – Discover IS O 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Free on-line course- ISO 9001:2015 Lead Implementer Course:https://advisera.com/training/iso-9001-lead-implementer-course/ -
BCP in ISO 9001:2015
Answer:
ISO 9001:2015 doesn´t require a Business Continuity Plan to the organizations. That being said, a BCP can help organizations to recognize, mitigate and address risks to your business. Also some customers may require a BCP to their suppliers so it will depend on the company to satisfy this expectation/need.
If you want to learn more about Business continuity management systems, see: https://advisera.com/27001academy/what-is-iso-22301/
These materials can help you with the mandatory requirements of ISO 9001:2015:
- List of mandatory documents required by ISO 9001:2015: https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/
- White paper - Clause by clause exanation of ISO 9001:2015: https://info.advisera.com/9001academy/free-download/clause-by-clause-explanation-of-iso-90012015
- Book - Discover IS O 9001:2015 through practical examples
- Free on-line course- ISO 9001:2015 Lead Implementer Course: https://advisera.com/training/iso-9001-lead-implementer-course/ -
Performing risk assessment
Answer:
To perform risk assessment I suggest you to take a look at the free demo of our ISO 27001/ISO 22301 Risk Assessment Toolkit at this link: https://advisera.com/27001academy/iso-27001-22301-risk-assessment-toolkit/
This toolkit enables you to implement information security compliant with ISO 27001.
This article will provide you further explanation about risk assessment:
- ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
These materials will also help you regarding risk assessment:
- The basics of risk assessment and treatment according to ISO 27001 [free webinar on demand]
https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/ -
Auditor competences
Answer:
If you already are a qualified ISO 9001 lead auditor you only have to evidence competence on ISO 27001 to be able to audit an ISMS, and implementing an ISMS is one way to evidence such competency.
These materials will provide you further explanation about auditor qualification:
- Qualifications for an ISO 27001 Internal Auditor https://advisera.com/27001academy/blog/2015/03/30/qualifications-for-an-iso-27001-internal-auditor/
- ISO 27001:2013 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/
- ISO 27001:2013 Foundations Course https://advisera.com/training/iso-27001-foundations-course/ -
Validation and Verification of Design and Development
The previous provided answer is still applicable in your case. -
Use of ISO 45001 Toolkit in transition
Should we use the document sequentially when we have some procedures existing?
Answer:
If you are migrating from OHSAS 18001 to ISO 45001 using our toolkit then you are correct, if you already have existing procedures in place then reviewing these first before using the toolkit procedures. There is a helpful whitepaper on the transition process that can help you to organize the steps you will go through during the transition, including review of existing documents.
You can find the whitepaper here: https://info.advisera.com/45001academy/free-download/twelve-step-transition-process-from-ohsas-18001-to-iso-45001