Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11272 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Control 6.1.2
(I would like you to help me understand A 6.1.2 more fully. By my understanding, it concerns access rights to conflicting information, for example: Purchasing department, conflict of access to the financial department. I am creating an array that informs the access rights and control barriers indicated. I'm in the right way?)
Answer: Seu entendimento está correto. A segregação de funções se faz necessárias para que uma única pessoa não tenha controle ou conhecimento de todas as etapas de um processo crítico para o negócio.
(Your understanding is correct. The segregation of functions is necessary so that a single person does not have control or knowledge of all the steps of a process criti cal to the business.)
Este artigo irá lhe fornecer mais informações:
- Segregation of duties in your ISMS according to ISO 27001 A.6.1.2 https://advisera.com/27001academy/blog/2016/11/21/segregation-of-duties-in-your-isms-according-to-iso-27001-a-6-1-2/ -
Herramienta de los 5 porqués
Respuesta:
Lo importante es encontrar la causa raíz de la noconformidad con el fin de establecer las acciones correctivas pertinentes, luego si la causa la encuentras antes de contestar las 5 preguntas no significaría un problema, ni mucho menos una noconformidad.
La técnica de los 5 porqués como bien indica usted, puede ser utilizada para encontrar la causa raíz de la noconformidad, pero se trata sólo de una técnica, ya que existen otras herramientas como la del diagrama del espinazo que pueden ayudar a identificar las causas. Es más, cuando encontramos una noconformidad el origen podría estar en más de una causa raíz.
Este artículo le puede ayudar a ent ender más el análisis de la causa raíz - Cómo utilizar el análisis de la causa raíz para apoyar las acciones correctivas en su SGC (disponible en inglés): https://advisera.com/9001academy/blog/2016/03/01/how-to-use-root-cause-analysis-to-support-corrective-actions-in-your-qms/#
Además estar herramientas también pueden ser útiles para la identificación de las causas de las noconformidades:
- Libro ISO 9001:2015 a través de ejemplos prácticos (disponible en inglés): https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Curso gratuito en línea Fundamentos ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/ -
Clause 8.4
8.4 Control of externally provided processes, products and services
1) Would this include control of purchased raw materials? In the case of us as a commercial printer: paper, ink, etc.? I can not find another section that specifies raw materials, but thought it might fall under the category of “products”.
2) Also, the the text of sections 8.7 and 10.2 which cover non-conformities seem to focus on final product and not on purchased product or services (including raw materials). Is it correct that the same procedures can be followed for non-conformities on purchased items as well as final outputs?
Answer:
1) Yes, it includes purchased products such as raw materials, components, supplies, machinery and equipment, maintenance, etc.
2) You are correct. Nonconformities can be found not only in final outputs but also in both purchased products and supplier performance, so your controls must be based on the prevention of these possible non-conformities.
To learn more about co ntrol of external providers you can see:
- How to evaluate supplier performance according to ISO 9001:2015: https://advisera.com/9001academy/blog/2015/10/27/how-to-evaluate-supplier-performance-according-to-iso-90012015/
- How to control outsourced processes using ISO 9001: https://advisera.com/9001academy/blog/2015/05/05/how-to-control-outsourced-processes-using-iso-9001/
Also these material can help you with clause 8.4 Control of externally provided processes, products and services:
- Book – Discover ISO 9001:2015 Through Practical Examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
– Free online training ISO 9001:2015 Foundations Course: https://advisera.com/training/iso-9001-foundations-course/ -
FMEA and risks & opportunities
Answer:
Yes, there is no requirement to document in a procedure how to handle risks and opportunities.
The following material will provide you information about risks and opportunities:
- ISO 9001 – Methodology for ISO 9001 Risk Analysis - https://advisera.com/9001academy/blog/2015/09/01/methodology-for-iso-9001-risk-analysis/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Manual de Calidad/Iniciar la implementación
Respuesta:
Un buen manual de calidad debe de proporcionar una visión global del SGC, tiene que ser breve y claro e incluso facilitar el trabajo del auditor. Aunque el manual de calidad ya no es obligatorio en la nueva versión de la norma, podría incluir: el alcance del SGC, los procedimientos documentados establecidos para el SGC y una descripción de la interacción de los procesos.
Para obtener más información sobre el manual de calidad en ISO 9001:2015, vea los siguientes artículos:
- El futuro del manual de calidad en la ISO 9001:2015: https://advisera.com/9001academy/pt-br/kit-de-documentacao-da-iso-9001/nowledgebase/el-futuro-del-manual-de-calidad-en-la-iso-90012015/
- Escribir un breve manual de calidad: https://advisera.com/9001academy/pt-br/kit-de-documentacao-da-iso-9001/nowledgebase/escribir-un-breve-manual-de-calidad/
Aquí puede descargar una muestra gratuita del Manual de Calidad: https://advisera.c om/9001academy/es/documentation/manual-de-calidad/
Los documentos obligatorios así como los más usados para cualquier tipo de industria puede encontrarlos en el siguiente artículo - Lista de documentos obligatorios requeridos por la ISO 9001:2015: https://advisera.com/9001academy/pt-br/kit-de-documentacao-da-iso-9001/nowledgebase/lista-de-documentos-obligatorios-requeridos-por-la-iso-90012015/
El primer paso seguía conseguir la aprobación así como el respaldo de la alta dirección para obtener los recursos necesarios para llevar a cabo el proyecto de implementación. Posteriormente se lleva a cabo un análisis GAP o de brecha para saber con qué requisitos cumple en la actualidad su organización y a cuáles necesita dar cumplimiento. Aquí puede encontrar la herramienta gratuita Herramienta de Análisis de Brecha ISO 9001: https://advisera.com/9001academy/es/herramienta-analisis-de-brecha-iso-9001/
Una vez la organización haya determinado esto, entonces puede realizar un Plan de Proyecto, donde se definen tanto los plazos de cada actividad como las responsabilidades. Aquí puede descargar gratuitamente el Plan de Proyecto - Plan de Proyecto para la Implementación de ISO 9001: https://info.advisera.com/9001academy/es/descarga-gratuita/plan-de-proyecto-para-la-implementacion-de-iso-9001-ms-word
Para más información sobre los pasos en la implementación puede ver el siguiente artículo - Lista de Verificación de los pasos para la implementación y certificación de ISO 9001 (disponible en inglés): https://advisera.com/9001academy/knowledgebase/checklist-of-iso-9001-implementation-certification-steps/#
Además estos materiales pueden ayudarle en la implementación de IOS 9001:2015:
- Libro - Descubra ISO 9001:2015 a través de ejemplos prácticos: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Curso de Fundamentos ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/
- Conformio - Plataforma para el cumplimiento en línea: https://advisera.com/conformio/ -
Measuring quality requirements
Answer:
What kind of indicators can be used to evaluate your organization’s performance in proactively meet customer changing expectations and needs?
For example, does your organization develops new products? If yes, what is the commercial performance of those products? If they sell well, your organization knows how to be aware and answer to customers’ changing expectations and needs. Another example, if your organization does not lose customers and/or wins new customers, it can also be used to measure the ability to be proactively aware of changing ex pectations and needs Another example, using customer satisfaction assessment.
The following material will provide you information about meeting quality requirements:
- ISO 9001 – Main elements of handling customer satisfaction in ISO 9001 - https://advisera.com/9001academy/blog/2014/07/01/main-elements-handling-customer-satisfaction-iso-9001/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Opportunities - examples
Answer:
When I work with ISO 9001 I try to be aware of opportunities about products and services, about management system objectives or undesirable effects, or about processes. An opportunity is something that can help an organization meet desired results or avoid undesirable results. Imagine that you are having a meeting about sales or commercial performance and you realize that there is a market need that no one is addressing. There is an opportunity to develop and launch a new product to cater that need. Imagine that you are assessing process performance and realize that you can improve productivity by making some changes in the lay-out. That is another opportunity. Normally, you evaluate those opportunities and their return to decide if they deserve your investment and effort.
Today I worked with a company that is evaluating the opportunity to attend and expose their products at two international fairs. Something that they never tried before. It can be an interesting opportunity to increase sales and sell higher value added producs.
The following material will provide you information about risks and opportunities:
- ISO 9001 – How to address risks and opportunities in ISO 9001 - https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Addressing roles
Answer:
I would advice against generalizing to much because than, most likely, you would end up with no responsible or it might happen that two members of your IT department would do the same task twice.
So, my opinion is to have different tasks either assignment to one individual with sufficient knowledge or to more individuals fulfilling more narrower tasks.
To learn more about the EU GDPR check out our “EU GDPR Foundations Course” (https://advisera.com/training/eu-gdpr-foundations-course//) -
Controls performance measurement
Answer: To perform the measurement, first you need to develop a set of measurable objectives, and you can use the Statement of Applicability to document the objectives for your controls (or groups of controls), and you can document the top-level objectives in your Information security policy.
To document the security controls performance and effectiveness review I suggest you take a look at the free demo of our Measurement Report at this link: https://advisera.com/27001academy/documentation/measurement-report/
These links will provide you access to free demos of templates that can help you figure out the other documents look like:
- Statement of applicability https://advisera.com/27001academy/documentation/statement-of-applicability/
- Information security policy https://advisera.com/27001academy/documentation/information-security-policy/
These articles will also help you:
- How to perform monitoring and measur ement in ISO 27001 https://advisera.com/27001academy/blog/2015/06/08/how-to-perform-monitoring-and-measurement-in-iso-27001/
- ISO 27001 control objectives – Why are they important? https://advisera.com/27001academy/blog/2012/04/10/iso-27001-control-objectives-why-are-they-important/
- Why is management review important for ISO 27001 and ISO 22301? https://advisera.com/27001academy/blog/2014/03/03/why-is-management-review-important-for-iso-27001-and-iso-22301/ -
ISO 9000 variants
Answer:
I understand that by ISO 9000 variants you mean:
ISO 9000;
ISO 9001; and
ISO 9004
ISO 9000 is a standard about quality management fundamentals and vocabulary, it is not used in certification. Whoever uses ISO 9001 and has vocabulary issues can use it.
ISO 9001 is used in certification and specifies requirements for a quality management system. It can be used to certify any kind of organization because it is generic.
ISO 9004 is a standard that gives guidelines for enhancing an organization's ability to achieve sustained success, it is not used in certification.
The following material will provide you information about ISO 9001:
- What is ISO 9001? - https://advisera.com/9001academy/what-is-iso-9001/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/