Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11269 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
What are quality management procedures?
Answer:
When your organization develop a quality management system it may find useful or needed to develop procedures. Procedures act as a kind of internal standards of practice, they are documents that answer to questions like who does what and when. When an organization requires more detailed information like how to do it, normally, that kind of document receives the name of work instruction.
So, when an organization decides to have a procedure about Purchasing or Planning, that document describes who purchases what, with what kind of practices and following what flow of activities.
The following material will provide you information about procedures and other documents:
- ISO 9001 – How to structure quality management system documentation - https://advisera.com/9001academy/knowledgebase/how-to-structure-quality-management-system-documentation/
- 7 steps in writing QMS policies and procedures for ISO 9001 - https://advisera.com/9001academy/blog/2015/03/10/7-steps-in-writing-qms-policies-and-procedures-for-iso-9001/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
ISMS implementation
I have experience of ISMS auditing only and now I have taken the responsibility of ISMS implementation.
My Organization (X) is providing a new software solution to another Org. (Y). It will be implemented in two phases to replace their similar old systems. As a part of deliverable, we have to get it certified also with ISO 27001 standard for both phase-1 and phase-2 systems.
Phase-1 commissioning of new system is completed in the Aug 2018, and Phase-2 will be completed by March 2019.
Note: Phase-1 system and Phase-2 systems are similar.
Query:
My query is about when to start the ISMS implementation?
I am planning to start the ISMS implementation for Phase-1 from Sep 2018 (next month) itself. Later when Phase-2 will be completed in Mar 2019, I will start ISMS implementing in April 2019 for phase-2 and will integrate the same with phase-1. As per the ISO27K requirement, I will keep it operational for at least 3 months after implementation and then will go for external audit for certification. Need your advice if t he above planning is fine.
Answer:
First it is important to understand that ISO 27001 does not certify software solutions. ISO 27001 certification aims for information, processes, and/or locations, not products or services.
Considering that, you can't certify this software solution as part of your commissioning. Any ISO 27001 certification involving this software solution (e.g., certifying the process where this solution is used) should be an initiative of Organization Y, to be handled as a separated project. -
3.2.3. List of Authorized Persons
If you have an excel-sheet (for example the risk assessment) how will you handle the requirement? Do you create a new spreadsheet inside the whole excel document and list all the people / job titles which have approved access?
Answer:
By your text I'm assuming you are referring to section 3.2.3. List of Authorized Persons of the Information classification policy template. Considering that, first it is important to understand that this list is only for highly confidential documents, because it would impractical to manage all documents.
The section 1. Purpose, scope and users is not proper to cover this requirement, because if people have access to it they can read all document as well, authorized or not. The same applies to additional tabs in a spreadsheet.
In practice what you can implement for electronic documents is configuring the acces list in the folder where the document is stored.
For physical documents you can implement lists with who has access to the room or cabinet where the information is stored (e.g. by use of keys or security badges). -
Use of certification logo
Answer:
ISO 9001 certificates issued by certification bodies normally are valid for three years. Under normal conditions, a certificate issued on July 2016 would be valid until July 2019. If you say that your certificate expired on July 2018 that means that your organization had a particular situation like maintaining a management system according to ISO 9001:2008. If the certificate expired, you cannot use the logo without risks particularly for communication and marketing purposes.
The following material will provide you information about use of logos:
- ISO 9001 – How to know whether ISO 9001 certificate is valid? - https://advisera.com//9001academy/blog/2018/05/23/how-to-know-whether-iso-9001-certificate-is-valid/ cate-is-valid/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Gestión de residuos
Respuesta:
La norma no especifica los pasos a dar en el tratamiento de residuos, así que es la propia organización la que debe decidir cómo hacerlo adaptándolo a sus propias necesidades. No obstante, existen algunos pasos comunes:
1. Evaluación de los residuos - donde se clasifica el tipo de residuo
2. Almacenamiento de residuos
3. Etiquetado
4. Transporte y eliminación
Por otro lado, debe de existir un plan de emergencias, una capacitación correcta del personal , y mantener los registros correspondientes para el almacenamiento de los residuos.
Es necesario que se determinen los residuos que se generan en cada uno de los pasos del proceso de galvanizado. Algunos de los residuos generados pueden ser: lodos, aguas contaminadas, trapos contaminados, emisiones de vapores.
En cuanto a la normativa, esto dependerá del país y de la región en la que se encuentre, por lo que le recomiendo que se ponga en contacto con las autoridades pertine ntes.
Estos materiales pueden ayudarle con respecto a la gestión de residuos en ISO 14001:2015:
- Pasos en la gestión de los residuos según ISO 14001 (disponible en inglés): https://advisera.com/14001academy/blog/2016/11/07/7-steps-in-handling-waste-according-to-iso-14001/
- Caso práctico de ISO 14001: estudio de la gestión de residuos en una empresa de construcción (disponible en inglés): https://advisera.com/14001academy/blog/2017/02/27/iso-14001-case-study-waste-management-in-a-construction-company/
- Libro The ISO 14001:2015 companion (disponible en inglés): https://advisera.com/books/the-iso-14001-2015-companion/
- Curso gratuito en línea - Fundamentos de ISO 14001:2015: https://advisera.com/training/es/course/curso-fundamentos-iso-14001/ -
Defining scope
Answer:
Your organization can include all or only part of its systems in an ISO 27001 certification. This decision will depend mostly of the organizations objectives and the legal requirements it has to be compliant with.
These articles will provide you further explanation about scope definition:
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
- Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/ -
Lead Auditor Course
Any assistance you could provide would be greatly appreciated.
Answer:
Regarding preparation for a lead auditor course I can suggest these materials (although these materials refer to ISO 27001 lead auditor course, the concepts for the auditing applies to ISO 22301 lead audit course as well):
- What does ISO 27001 Lead Auditor training look like? https://advisera.com/27001academy/blog/2016/08/29/what-does-iso-27001-lead-auditor-training-look-like/ ng-look-like/
- ISO 27001 Lead Auditor Course preparation training [free webinar on demand] https://advisera.com/training/iso-27001-lead-auditor-course/ -
Video & phone requests
Answer:
All client requests need to be assessed on a case by case basis. The time frame for responding to data subject access requests (DSARs) should not exceed 30 days from the date that the request has been received.
Note that the data subject can only request access to personal data concerning him/her and therefore you are not allowed for example to provide video footage that shows other persons than the one asking for the data. If technically possible, in this particular case the faces of the other individuals in the footage need to be blurred as not to allow other persons to be identified.
If another person than the data subject asks for such data you can only provide it in situation when there is a legal justification behind it such as a subpoena.
To learn more about DSAR s check out our webinar " Data Subject Rights under the EU GDPR" (https://advisera.com/eugdpracademy/webinar/data-subject-rights-under-the-eu-gdpr-free-webinar-on-demand/). -
Authority to approve documents
Answer:
ISO 9001:2015 does not mandates that top management signs all SOPs. That depends on the rules of your own system created by your own organization.
Whoever approves and signs a document has to have his/her authority transmitted by top management. For example, in my work as consultant I advise the creation of a List of Internal Documents that lists all internal documents and identifies who has authority to approve each one. Top management signs that list and in that way, signals who has authority to approve a particular document.
The following material will provide you information about document control
- ISO 9001 – Some Tips to make Document Control more useful for your QMS - https://advisera.com/9001academy/blog/2014/05/20/tips-make-document-control-useful-qms/
- Procedure for Document and Record Control - https://advisera.com/9001academy/documentation/procedure-document-record-control/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book - Managing ISO Documentation: A Plain English Guide - https://advisera.com/books/managing-iso-documentation-plain-english-guide/ -
8.1 Información documentada necesaria para tener confianza de que los procesos..
Muchísimas gracias Antonio!!