Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11278 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Compliance obligations
Answer:
ROHS or REACH compliance are ISO 14001 mandatory requirements. For example, ROHS does not allow the use of lead in the production of heat stabilizers used with PVC, any life-cycle impact assessment will identify a problem with the use of certain substances in production.
The following material will provide you information about compliance obligations:
- Compliance requirements according to ISO 14001:2015 – What has changed? - https://advisera.com/14001academy/blog/2015/09/14/compliance-requirements-according-to-iso-140012015-what-has-changed/
- Demystification of legal requirements in ISO 14001 - https://advisera.com/14001academy/blog/2014/10/01/demystification-legal-requirements-iso-14001/
- free online training ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
- book - THE ISO 14001:2015 C OMPANION – A A Straightforward Guide to Implementing an EMS in a Small Business - https://advisera.com/books/the-iso-14001-2015-companion/ -
Quality Objectives: Clause 6.2.1c examples
Answer:
In clause 6.2.1C AS9100 Rev D is talking about any requirements that you have identified as relevant to your QMS. This could be a customer requirement for traceability or on time delivery which you need to improve, or it could be a legal requirement for your industry such as hazardous waste management of chemicals that needs to be implemented or improved. These identified requirements could turn into the following sample objectives:
XYZ Company will reduce errors in traceability from 5% to 2% in the next 6 months.
XYZ Company will improve on-time delivery form 95% to 98% in the next 9 months.
XYZ Company will increase the number of trained personnel for hazardous waste management from 3 to 6 in the next 6 months.
Remember, with the new standard these objectives now also need to have a plan created to accomplish them, so this will be your next step.
For a better understanding of all the requirements you can see this explanatory whitepaper: https://info.advisera.com/9100academy/free-download/clause-by-clause-explanation-of-as9100-rev-d -
Top management involvemenr
Answer:
According to clause 5 of ISO 9001:2015 top managements needs to demonstate is engaged and performs quality management system activities.
Specifically the new standard expects from the top management to be involved in the following activities, which you could include in his SOP:
- The establishment of a quality policy and quality objectives compatible with the context and strategic direction of the organisation
- The integration of the QMS into the organisation’s business processes
- The availability of resources needed for the QMS
These materials can help you to understand the leadership importance in ISO 9001:2015:
- How to comply with new leadership requirements in ISO 9001:2015: https://advisera.com/9001academy/knowledgebase/how-to-comply-with-new-leadership-requirements-in-iso-90012015/
- To what extent should top management be involved in your QMS: https://advisera.com/9001academy/blog/2016/11/22/to-what-extent-should-top-management-be-involved-in-your-qms/
- Book - Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- ISO 9001:2015 free on line course - ISO 9001:2015 Foundations Course: https://advisera.com/training/iso-9001-foundations-course/ -
Environmental impacts in the broadcasting sector
Answer:
These are the main benefits of implementing ISO 14001 in your company:
1) Improve your image and credibility
2) Help you comply with legal requirements
3) Improvement in cost control reducing the number of environmental incidents that may occur
4) Higher rate of success when implementing changes
5) Enable quicker improvement of processes
6) Reduce employee turnover
To learn more about the benefits of implementing ISO 14001 you can see this article - 6 Key Benefits of ISO 14001: https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/6-key-benefits-of-iso-14001/
Regarding the environmental impacts, here are some that you can consider for your type of business:
- Aspect: Carbon management from energy use of a building - Impact: Air Pollution; Resource Depletion; Habitat Destruction
- Aspect: Carbon manage ment from travelling - Impact: Air Pollution; Resource Depletion; Habitat Destruction
- Aspect: Water use - Impact: Water Pollution; Resource Depletion; Habitat Destruction
- Aspect: Wastes - Impact: Water Pollution; Resource Depletion; Habitat Destruction
In order to determine the environmental impacts of your organization you need to first identify the environmental aspects related to the processes of your EMS.
For more information about environmental aspects and impacts in ISO 14001:2015, see these articles:
- 4 steps in identification and evaluation of environmental aspects: https://advisera.com/14001academy/knowledgebase/4-steps-in-identification-and-evaluation-of-environmental-aspects/
- Catalogue of environmental aspects: https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/catalogue-of-environmental-aspects/
- Environmental aspect identification and classification: https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/environmental-aspect-identification-and-classification/
These materials can also help you with the identification of environmental aspects and impacts:
- Book - The ISO 14001:2015 companion: https://advisera.com/books/the-iso-14001-2015-companion/
- ISO 14001:2015 Foundations Course: https://advisera.com/training/iso-14001-internal-auditor-course/ -
Disciplinary process
Answer:
ISO 27001 does not prescribe how an organization should write its documents, so this decision is up to the organization, based on the results of risk assessment, legal requirements (e.g., contracts, regulations or laws the organization must comply with), or if Top Management decides this practice will be beneficial to the organization.
The same applies to the level of sanctions related to policy non compliance. Depending of the risks related to each policy, the sanction level may vary (e.g. non compliance to access control policy may be more severe than non compliance to clean desk policy).
These articles will provide you further explanation about writing documents:
- 8 criteria to decide which ISO 27001 policies and procedures to write https://advisera.com/27001academy/blog/2014/07/28/8-criteria-to-decide-which-iso-27001-policies-and-procedures-to-write/
- Seven steps for implementing policies and procedures https://advisera.com/27001academy/knowledgebase/seven-steps-for-implementing-policies-and-procedures// -
Template content
Section: 3.1 Chyptographic Measures
Question: At the beginning of this section the document talks about related documents. About the guideline for information classification and about contractual and legal needs. About the second one: by this do you mean the list of legal, official, contractual and other requirements? If yes do I have to add the document in section 2 (reference documents)?
Answer:
Yes, the referred document is the list of legal, official, contractual and other requirements. Regarding the second, you have to list this document, or the similar one you already use in your organization, in the list of referenced documents. If you don't have such a List, then list all the legislation and contracts related to the use of cryptography.
This article will provide you further explanation about use of cryptographic controls:
- How to use the cryptography according t o ISO 27001 control A.10 https://advisera.com/27001academy/how-to-use-the-cryptography-according-to-iso-27001/ -
Employee awareness of HLS
Answer:
No, there is no requirement in ISO 9001 that all employees shall be aware of HLS.
The following materials will provide you more information on Annex SL:
- Article - Has the PDCA Cycle been removed from the new ISO standards? - https://advisera.com/27001academy/blog/2014/04/13/has-the-pdca-cycle-been-removed-from-the-new-iso-standards/
- [free course] ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-9001-internal-auditor-course/ -
Performing risk assessment
Answer:
Included in the toolkit you bought you have access to a video tutorial that can help you fill in the risk assessment table, but broadly speaking you can use historical data from your company, or opinion of the personnel most involved with the assets you are assessing to valuate the consequence and likelihood of the risks.
These articles may provide you more information and examples about identification of probability of occurrence:
- How to assess consequences and likelihood in ISO 27001 risk analysis https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#assessment
- ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/ -
Procedimientos en ISO 9001:2015
Respuesta:
Lo cierto es que en esta nueva versión de la norma ISO 9001:2015 ya no existe la obligatoriedad de crear procedimientos. La nueva ISO 9001 nos habla únicamente de información documentada que es necesaria mantener, esto correspondería a la política de calidad, los objetivos, el alcance y los criterios para la selección de los proveedores; y también menciona que debe ser retenida información documentada, que se refiere a lo que se entiende como registros. No obstante, la organización puede determinar la necesidad de crear una serie de procedimientos que le ayuden a facilitar la implementación y mantenimiento de la norma.
En este artículo puede encontrar un listado con los documentos y registros obligatorios así como los comúnmente utilizados - Lista de documentos obligatorios requeridos por la ISO 9001:2015: https://advisera.com/9001academy/es/knowledgebase/lista-de-documentos-obligatorios-requeridos-por-la-iso-90012015/
Estos materiales también pueden ayudarle con la documentación de ISO 9001:2015:
- Libro - Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Curso gratuito en línea - Fundamentos ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/ -
ISMS scope
Answer: Section 3.4 of the ISMS scope document requires an organization to document a general overview of which network and IT assets (e.g., firewalls, switches, communication links, etc.) are included in the scope, but you also have to understand how these assets relate to elements external to the scope (e.g., Internet, customer's network, communication providers, etc.), so you can have a precise understanding of your security context and environment.
Here is an example:
"The network and IT infrastructure included in the ISMS scope comprise of two local networks (user and system LANs) and a wi-fi network (for consultants), interconnected by two independent switches, and a backbone which connects all networks to the Internet."
These articles will provide you further explanation about ISMS scope:
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
- Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/
2 I also want to know if you have a gap assessment document for ISO 22301?
Answer: For ISO 22301 gap assessment I suggest you to take a look at the free demo of our ISO 22301 Internal Audit Checklist at this link: https://advisera.com/27001academy/documentation/internal-audit-checklist/
This document provides a list of questions in order to help identify compliance with ISO 22301. For each clause or control from the standard the checklist provides one or more questions which allows you to visualize which specific elements of business continuity management system you’ve already implemented, and what you still need to do.