Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11269 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
FMEA and risks & opportunities
Answer:
Yes, there is no requirement to document in a procedure how to handle risks and opportunities.
The following material will provide you information about risks and opportunities:
- ISO 9001 – Methodology for ISO 9001 Risk Analysis - https://advisera.com/9001academy/blog/2015/09/01/methodology-for-iso-9001-risk-analysis/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Manual de Calidad/Iniciar la implementación
Respuesta:
Un buen manual de calidad debe de proporcionar una visión global del SGC, tiene que ser breve y claro e incluso facilitar el trabajo del auditor. Aunque el manual de calidad ya no es obligatorio en la nueva versión de la norma, podría incluir: el alcance del SGC, los procedimientos documentados establecidos para el SGC y una descripción de la interacción de los procesos.
Para obtener más información sobre el manual de calidad en ISO 9001:2015, vea los siguientes artículos:
- El futuro del manual de calidad en la ISO 9001:2015: https://advisera.com/9001academy/pt-br/kit-de-documentacao-da-iso-9001/nowledgebase/el-futuro-del-manual-de-calidad-en-la-iso-90012015/
- Escribir un breve manual de calidad: https://advisera.com/9001academy/pt-br/kit-de-documentacao-da-iso-9001/nowledgebase/escribir-un-breve-manual-de-calidad/
Aquí puede descargar una muestra gratuita del Manual de Calidad: https://advisera.c om/9001academy/es/documentation/manual-de-calidad/
Los documentos obligatorios así como los más usados para cualquier tipo de industria puede encontrarlos en el siguiente artículo - Lista de documentos obligatorios requeridos por la ISO 9001:2015: https://advisera.com/9001academy/pt-br/kit-de-documentacao-da-iso-9001/nowledgebase/lista-de-documentos-obligatorios-requeridos-por-la-iso-90012015/
El primer paso seguía conseguir la aprobación así como el respaldo de la alta dirección para obtener los recursos necesarios para llevar a cabo el proyecto de implementación. Posteriormente se lleva a cabo un análisis GAP o de brecha para saber con qué requisitos cumple en la actualidad su organización y a cuáles necesita dar cumplimiento. Aquí puede encontrar la herramienta gratuita Herramienta de Análisis de Brecha ISO 9001: https://advisera.com/9001academy/es/herramienta-analisis-de-brecha-iso-9001/
Una vez la organización haya determinado esto, entonces puede realizar un Plan de Proyecto, donde se definen tanto los plazos de cada actividad como las responsabilidades. Aquí puede descargar gratuitamente el Plan de Proyecto - Plan de Proyecto para la Implementación de ISO 9001: https://info.advisera.com/9001academy/es/descarga-gratuita/plan-de-proyecto-para-la-implementacion-de-iso-9001-ms-word
Para más información sobre los pasos en la implementación puede ver el siguiente artículo - Lista de Verificación de los pasos para la implementación y certificación de ISO 9001 (disponible en inglés): https://advisera.com/9001academy/knowledgebase/checklist-of-iso-9001-implementation-certification-steps/#
Además estos materiales pueden ayudarle en la implementación de IOS 9001:2015:
- Libro - Descubra ISO 9001:2015 a través de ejemplos prácticos: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Curso de Fundamentos ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/
- Conformio - Plataforma para el cumplimiento en línea: https://advisera.com/conformio/ -
Measuring quality requirements
Answer:
What kind of indicators can be used to evaluate your organization’s performance in proactively meet customer changing expectations and needs?
For example, does your organization develops new products? If yes, what is the commercial performance of those products? If they sell well, your organization knows how to be aware and answer to customers’ changing expectations and needs. Another example, if your organization does not lose customers and/or wins new customers, it can also be used to measure the ability to be proactively aware of changing ex pectations and needs Another example, using customer satisfaction assessment.
The following material will provide you information about meeting quality requirements:
- ISO 9001 – Main elements of handling customer satisfaction in ISO 9001 - https://advisera.com/9001academy/blog/2014/07/01/main-elements-handling-customer-satisfaction-iso-9001/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Opportunities - examples
Answer:
When I work with ISO 9001 I try to be aware of opportunities about products and services, about management system objectives or undesirable effects, or about processes. An opportunity is something that can help an organization meet desired results or avoid undesirable results. Imagine that you are having a meeting about sales or commercial performance and you realize that there is a market need that no one is addressing. There is an opportunity to develop and launch a new product to cater that need. Imagine that you are assessing process performance and realize that you can improve productivity by making some changes in the lay-out. That is another opportunity. Normally, you evaluate those opportunities and their return to decide if they deserve your investment and effort.
Today I worked with a company that is evaluating the opportunity to attend and expose their products at two international fairs. Something that they never tried before. It can be an interesting opportunity to increase sales and sell higher value added producs.
The following material will provide you information about risks and opportunities:
- ISO 9001 – How to address risks and opportunities in ISO 9001 - https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Addressing roles
Answer:
I would advice against generalizing to much because than, most likely, you would end up with no responsible or it might happen that two members of your IT department would do the same task twice.
So, my opinion is to have different tasks either assignment to one individual with sufficient knowledge or to more individuals fulfilling more narrower tasks.
To learn more about the EU GDPR check out our “EU GDPR Foundations Course” (https://advisera.com/training/eu-gdpr-foundations-course//) -
Controls performance measurement
Answer: To perform the measurement, first you need to develop a set of measurable objectives, and you can use the Statement of Applicability to document the objectives for your controls (or groups of controls), and you can document the top-level objectives in your Information security policy.
To document the security controls performance and effectiveness review I suggest you take a look at the free demo of our Measurement Report at this link: https://advisera.com/27001academy/documentation/measurement-report/
These links will provide you access to free demos of templates that can help you figure out the other documents look like:
- Statement of applicability https://advisera.com/27001academy/documentation/statement-of-applicability/
- Information security policy https://advisera.com/27001academy/documentation/information-security-policy/
These articles will also help you:
- How to perform monitoring and measur ement in ISO 27001 https://advisera.com/27001academy/blog/2015/06/08/how-to-perform-monitoring-and-measurement-in-iso-27001/
- ISO 27001 control objectives – Why are they important? https://advisera.com/27001academy/blog/2012/04/10/iso-27001-control-objectives-why-are-they-important/
- Why is management review important for ISO 27001 and ISO 22301? https://advisera.com/27001academy/blog/2014/03/03/why-is-management-review-important-for-iso-27001-and-iso-22301/ -
ISO 9000 variants
Answer:
I understand that by ISO 9000 variants you mean:
ISO 9000;
ISO 9001; and
ISO 9004
ISO 9000 is a standard about quality management fundamentals and vocabulary, it is not used in certification. Whoever uses ISO 9001 and has vocabulary issues can use it.
ISO 9001 is used in certification and specifies requirements for a quality management system. It can be used to certify any kind of organization because it is generic.
ISO 9004 is a standard that gives guidelines for enhancing an organization's ability to achieve sustained success, it is not used in certification.
The following material will provide you information about ISO 9001:
- What is ISO 9001? - https://advisera.com/9001academy/what-is-iso-9001/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Supervision of parts inspector
Answer:
The present version of ISO 9001 has no requirement that forbids that a final parts inspector falls under the supervision of the Plant Manager instead of the Quality Manager. That requirement existed in the first version of ISO 9001:1987.
The following material will provide you information about ISO 9001:
- What is ISO 9001? - https://advisera.com/9001academy/what-is-iso-9001/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Inventario de activos
Respuesta: Si necesitas una plantilla para el inventario de activos, puedes usar este modelo "Inventario de activos" https://advisera.com/27001academy/es/documentation/inventario-de-activos/
Con respecto al criterio mínimo, necesitas definir diferentes categorías, porque no todos los activos son iguales. Por ejemplo: Hardware, software, etc. Y también podrías crear grupos de activos de la misma categoría, cuando los activos tienen las mismas amenazas/vulnerabilidades. Por ejemplo, si tienes 10 PCs, en la misma oficina, y son todos iguales, puedes integrarlos y tener un único activo "PCs".
Para más información sobre cómo desarrollar un inventario de activos, este artículo te puede ayudar “How to handle Asset register (Asset in ventory) according to ISO 27001” : https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/ -
Cyber security industry in South Africa
I just have a few broad questions that I would like to get your thoughts and advice on if possible:
• What is the Government’s cyber security strategy for South Africa going forward? Has any research been commissioned / are there any recently published reports available that I could read?
• In relation to frameworks and standards to support the development of ‘good practice’, what standards or frameworks is the South African private sector looking at? For example, ISO standards (ISO 27000, ISO 15504), BSI Standards, NIST standards etc?
What is South Africa actively doing in terms of:
• Adherence to cyber security standards; • Internet infrastructure resilience; • Software quality; • Technical security controls; • Cyber security market place; and
• Responsible disclosure
Any information or advice on where to find such information would be highly appreciated. Many thanks in advance.
Answer: We are not experts on South Africa cyber securit y industry, but you should consider these sources of information:
- ISO survey: https://isotc.iso.org/livelink/livelink?func=ll&objId=18808772&objAction=browse&viewType=1
- South African Centre for Information Security https://sacfis.co.za/