Search results

Home / Search

Category:
Select
Select

11270 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Return of assets control


    Answer:

    The return of assets control has the objective to ensure the return of all organizati onal assets in the possession of employees or contractors upon termination of their work relationship. Considering that, you must include in your list all assets of the organization that are in their possession, that can pose an unacceptable risk to information security. Regarding personal assets, it is important to record them so you can know where your information, may be stored. When personnel is leaving the organization you should check if all organizational assets were returned, and if information on personal devices were deleted.

    The application of this control may be tricky in organizations where personnel often use their own equipment, due to privacy questions, or the organization has several mobile equipments, so you should consider defining clearly who and in what circumstances of personnel is responsible for assets that can easily be moved out of organization's premises.

    These materials can help you regarding use of personal device:
    - How to write an easy-to-use BYOD policy compliant with ISO 27001 https://advisera.com/27001academy/blog/2015/09/07/how-to-write-an-easy-to-use-byod-policy-compliant-with-iso-27001/
    - Bring Your Own Device (BYOD) Policy https://advisera.com/27001academy/documentation/bring-your-own-device-byod-policy/

  • Certificates of products bought


    Answer:

    ISO 9001:2015 does not mandate that organizations get certificates for all products they buy. Having said that, one must not forget that some legislation may require that. I as an auditor, auditing a company that manufactures a product with CE marking for example, can require to see if they have CE certificates of the raw materials.

    The following material will provide you information about purchasing:

    - ISO 9001 – Purchasing in QMS – The Process & the Information Needed to Make it Work - https://advisera.com/9001academy/blog/2014/03/18/purchasing-qms-process-information-needed-make-work/
    - free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Environmental conditions and operations


    Answer:
    Normally, I consider warehouse temperature monitoring and control under clause 7.1.4. This clause is specifically about environmental items relevant for product or service conformity. Clause 8.5.1 is more general. For example, would you have the same doubt about 8.5.1 b) versus 7.1.5 about assuring thermometers calibration?

    The following material will provide you information about environmental conditions:

    - ISO 9001 – Understanding Resource Management in ISO 9001 - https://advisera.com/9001academy/blog/2014/02/11/understanding-resource-management-iso-9001/
    - free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Use of templates


    Answer:

    As long as your documents comply the ISO 27001 standard requirements, you can use any format you think will fulfill your organization needs. We recommend to use our templates, adjusting them to your needs, since they are fully editable, because they are already compliant with standard requirements, saving your time an effort. Additionally, parts of each document that can be changed or must be kept as is are indicated in comments included in each template.

  • Cancelled change


    Answer:
    I think you should not mix failed/unsuccessful changes with cancelled changes. With cancelled change - actually nothing happened (no resources used, no money/time spent, no new/changed functionality, etc.). So, if you have possibility, define "cancelled" as one of the statuses change can have. And, investigate why change was raised and cancelled, afterwards. It could be start of improvement initiative.

    Read the article "How to measure Change Management efficiency according to ITIL" https://advisera.com/20000academy/blog/2016/10/11/how-to-measure-change-management-efficiency-according-to-itil/ to learn more about Change Management process efficiency.

  • Subject Matter Expert (SME) and SOP

    What I meant is - if you have 7 functions, and if you have SME in certain technology - use it (one or more persons) for all functions.

  • Internal review

    Documents in our toolkit(s) contain section with monitoring and measurements i.e. CSF's and KPI's (few examples as well). Please fill in the form and I will be glad to make a demo for you. https://advisera.com/20000academy/free-consultations/

  • IATF 16949 and ISO Compatibility


    Answer:

    IATF 16949 covers all requirements of ISO 9001:2015 plus additional requirements specific to the automotive industry. If you are compliant with ISO 9001:2015, you need to implement only the additional requirements of IATF 16949. Some of IATF 16949 requirements require the organization to implement changes to the existing ISO 9001 processes (e.g. document control, internal audit, management review, etc), and some require entirely new processes to be established (e.g. product safety, total productive maintenance, etc)

  • Traceability of calibration


    Answer:

    The measuring equipment should be calibrated by either accredited laboratory, in which case the accreditation testifies that the calibration is performed properly, or by the organization itself, in which case the master equipment should be calibrated by the external laboratory.

  • Interested parties in ISO 45001


    Answer:

    The ISO 45001 requires understanding who are the interested parties related to the OH&SMS (Occupational Health and Safety Management System) and the implications that the OH&SMS might have on these parties. In order to be more detailed the standard specifies which types of parties are expected. We have the internal and external interested parties. Internal interested parties are employees, unions and so on, external interested parties are customers, of course, suppliers, subcontractors, related authorities and so on.

    After identification of the interested parties, you need to identify their relevant needs and expectations. Considering that the focus of the standard is occupational health and safety, only needs and expectations related to it are considered relevant. For example, needs and expectations related to the product packaging are not relevant to OH&SMS, but requirements regarding protective equipment used in processes are relevant.

    For more information, see: Determ ining interested parties according to ISO 45001 https://advisera.com/45001academy/blog/2018/03/14/determining-interested-parties-according-to-iso-45001/
Page 692-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +