Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11278 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Availability of the policies and procedures of the ISMS
Answer:
The GDPR does not require you to have specific persons signing policies and procedures, this is usually an internal requirement of the companies. The only thing you may need to prove is the fact that the policies and procedures are available to the concerned employees and that there is a method in place to check if they are effective. -
ISO 27001 courses
Answer:
I suggest you to take a look at these ISO 27001 courses:
- ISO 27001:2013 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
- ISO 27001:2013 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/
- ISO 27001:2013 Lead Auditor Course https://advisera.com/training/iso-27001-lead-auditor-course/
- ISO 27001:2013 Lead Implementer Course https://advisera.com/training/iso-27001-lead-implementer-course/
All exams are accredited by Exemplar Global, and recognized world-wide. You can enroll each one for free (you only have to pay for the certification exam / workshop). -
What other regions are planning to apply GDPR?
Answer:
Not so sure about the US because privacy related concepts are a little different there, but Canada and other countries especially the ones that received adequacy decisions in the past will definitely be amending their local privacy laws to be as close as possible to the GDPR. -
Roles in a QMS
Answer:
When implementing a QMS you use the process approach. The QMS is nothing more than a set of processes. In each process you identify a flow of activities. Each activity has the participation of one or more functions (roles). What I recommend you to do is to list all the activities done by each function in each process.
This way you will develop a sound characterization of what is expected from each function (role).
The following material will provide you information about roles in a QMS:
- How to document roles and responsibilities according to ISO 9001 - https://advisera.com/9001academy/blog/2018/02/26/how-to-document-roles-and-responsibilities-according-to-iso-9001/
- What is the job of the Quality Manager according to ISO 9001? - https://advisera.com/9001academy/blog/2016/08/23/what-is-the-job-of-the-quality-manager-according-to-iso9001/
- free online training ISO 9001:2015 Lead Implementer Course - https://advisera.com/training/iso-9001-lead-implementer-course/ - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Quality objectives for a construction company
Answer:
You shouldn’t develop quality objectives without prior definition of the quality policy, and quality policy should be aligned with the strategic orientation of the company.
Consider a construction company that wants to be known by its ability to comply with project dates. So, a quality objective could be:
Next fiscal year, our rate of projects delivered beyond target delivery date should be below 3%. Responsible: Production Manager
The following material will provide you information about developing quality objectives:
- How to Write Good Quality Objectives - https://advisera.com/9001academy/knowledgebase/how-to-write-good-quality-objectives/
- What has changed with quality objectives in ISO 9001:2015? - https://advisera.com/9001academy/blog/2018/05/08/what-has-changed-with-quality-objectives-in-iso-90012015/
- free online training ISO 9001:2015 Lead Implementer Course - https://advisera.com/training/iso-9001-lead-implementer-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
ISO 14001 and an environmental management strategy
Answer:
ISO 14001 does not tell us how to develop an environmental management strategy. ISO 14001 only tell us about requirements to consider, when developing an environmental management system, aligned with a particular environmental management strategy.
To develop an environmental management strategy, I ask organizations why they want to develop an environmental management system. For example, for industrial companies I ask them: how can an environmental management system help your organization’s business strategy? They can tell me that they win clients due to their low prices, but clients also want them to be ISO 14001 certified. In that case, I recommend developing the environmental management system with a particular focus on efficiency, on recycling and/or re-use.
The following material will provide you information about implementing ISO 14001:
- 6 Key Benefits of ISO 14001 - https://advisera.com/ 14001academy/knowledgebase/6-key-benefits-of-iso-14001/
- Download free ISO 14001 materials - https://advisera.com/14001academy/free-downloads/
- free online training ISO 14001:2015 Lead Implementer Course - https://advisera.com/training/iso-14001-lead-implementer-course/
- book - THE ISO 14001:2015 COMPANION – A A Straightforward Guide to Implementing an EMS in a Small Business - https://advisera.com/books/the-iso-14001-2015-companion/ -
Risk assessment
Answer:
In the Risk assessment spreadsheet a risk is described in terms of the asset, threat and vulnerability related to it, using the columns A, D and E of the spreadsheet. For example, for the risk "theft of unattended laptop" the description would be:
Column A (asset name): laptop
Column B (threat): thief
Column C (vulnerability): unattended asset
By the way, included in the toolkit you bought, you have access to video tutorials that will help you fill in the risk assessment table. -
BCMS implementation
Good day, thank you so so much for the guidance.
It is really appreciated :-)
Best regards,
Rene Pieterse -
Change management
Answer:
To manage changes in an effective way, the first thing you have to do is to define a change management policy, to explain to all interested parties how changes to information systems are controlled. In this policy you will define what is to be considered as a change (e.g., the addition, modification or removal of any authorized, planned, or supported component that could have an effect on IT services.).
Depending on the complexity of the environment and competence level of the team, you may also consider the development of change procedures to detail specific activities to be performed (e.g., procedure to change firewall rules, or update a database management system).
To see how a change management policy looks like, I suggest you to take a look at the free demo of our Change Management Policy at this link: https://advisera.com/27001academy/documentation/change-management-policy/
This article will provide you further explanation about change management:
- How to manage changes in an ISMS according to ISO 27001 A.12.1.2 https://advisera.com/27001academy/blog/2015/09/14/how-to-manage-changes-in-an-isms-according-to-iso-27001-a-12-1-2/ -
Preparation for ISO 9001:2015 certification
Answer:
You need to start by obtaining management support and identifying the customer requirements for the QMS, then you will need to define your quality policy, quality objectives, which together define the overall scope and implementation of the Quality Management System. Along with these, you will need to create the mandatory and additional processes and procedures necessary for your organization to properly create and deliver your product or service.
Here you can find a list of mandatory documentation and commonly used for ISO 9001:2015: https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/
This article can help you with the certification process:
- Article - How do you prove to the certification auditor that QMS processes are carry out as plannes: https://advisera .com/9001academy/blog/2016/12/13/how-do-you-prove-to-the-certification-auditor-that-qms-processes-are-carried-out-as-planned/
Certification process should be smooth if the implementation of the standard is successful. Usually certification audits are conducted in 2 stages. The first stage is a review of your documentation by the certification body auditors to verify that, on paper, you have addressed all ISO 9001 requirements. In the second stage the certification body auditors will review the records you have accumulated by operating your QMS processes, including your records of internal audits, management review and corrective actions.
To understand more about the certification steps, see this article:
- Checklist of ISO 9001 implementation and certification steps: https://advisera.com/9001academy/knowledgebase/checklist-of-iso-9001-implementation-certification-steps/
There are many benefits regarding the certification, among them - Improvement of your credibility and image; Improvement of customer satisfaction; Better process integration; Improve your evidence for decision making; Create a continual improvement culture; Engagement of employees. Regarding the cons I would say that you will need some effort in the terms of money, personnel involvement, training, etc. in order to implement the standard, either by yourserlf or with the help of a consultant
In this article you can find the benefits of the certification - Six key benefits of ISO 9001 implementation: https://advisera.com/9001academy/knowledgebase/six-key-benefits-of-iso-9001-implementation/
Also these materials can help you with the implementation and certification process:
- Book - Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- ISO 9001:2015 Foundations Course: https://advisera.com/training/iso-9001-foundations-course/