Search results

RTO in the BIA questionnaire

Please note that the RTO is defined in the template 06.1_Appendix_1_Recovery_Time_Objectives_for_Activities_22301_EN based on MTPD (Maximum Tolerable Period of Disruption). The RTO for each listed activity should be equal or smaller than the defined MTPD for that activity.

In the template 05.1_Business_Impact_Analysis_Questionnaire_22301_EN you define the MTPD for each activity.

Included in the toolkit you have access to a video tutorial that can show you how to fill in the BIA questionnaire, with real examples, and define the MTPD.

Internal Audits

Internal audit findings hold significant importance in ISO Integrated Management System certification preparation by:

• Identifying Compliance: Highlighting gaps between current practices and ISO standards, aiding in aligning procedures to meet certification requirements.
• Improvement Opportunities: Pinpointing areas for enhancement fosters continual improvement in processes, systems, and performance.
• Risk Identification: Uncovering potential risks, enabling proactive risk management strategies to mitigate operational disruptions.
• Documentation Review: Ensuring documentation compliance with standards facilitating a robust system ready for certification audits.
   

Don’t forget when a certification body verifies that an organization reports and processes its audit findings, it sends the message that the system is working.

Understanding the core concepts of RPO & RTO - ISO 22301

1. I understand that Business RPO(BRPO) is the maximum amount of data loss in time a process can afford to lose in case of a disruption. However, can you help me understad the Application RPO(ARPO)? I think that's what I am not able to relate to.

Please note that in business continuity according to ISO 22301, there are no such terms as BRPO and ARPO, only RPO, because the return objectives focus on the activities, not on the assets.

Considering that, once the RPO is defined for an activity, it should be considered for all assets related to that activity, so the Application RPO (i.e., the maximum data loss for that application) would be exactly the RPO defined for the activity.  

2. Also, in my above query I talked about roll-up RTO and RPO values for applications, which are based on the minimum BRTO and BRPO values of the processes tagged to these applications as per best practises. It make sense to rollup RTO values to a minimum value in order for that application to support all the processes tagged to it. Also, RTO gap analysis make sense here.

Nevertheless, does it make sense to roll-up RPO values for application and identifying a gap based on that?

It does not make sense to think of different RTO and RPO for assets different from those defined for the activity.

For example, if you define RTO and RPO for assets larger than those defined for the activity, you won’t be able to recover the activity on defined objectives.

On the other hand, if you define RTO and RPO for assets smaller than those defined for the activity, you will be allocating more resources than needed to achieve the activity-defined objectives, and this would be inefficient.

Identifying the method and scope of audit

The Quality management system requirements for a laboratory must be based on the General requirements of ISO 17025 plus any sector-specific regulations and accreditation body program requirements.

In some situations the Scope of tests is regulated, otherwise it is the laboratory’s decision which test methods will be accredited and which not. The internal audit purpose is to assess whether the management system conforms to all the identified requirements (ISO 17025 and others) and if it is implemented and maintained effectively. The audit criteria are then the requirements. An audit program (schedule) must be established and the Scope of the various audits over a period would change, depending on what test method or area of work is being audited.

For more information, have a look at the ISO 17025 toolkit at https://advisera.co/ISO17025Toolkit, where there are there is a procedure, audit program format, an audit checklist, and report forms to guide you.

Also have a look at the articles ISO 9001 Horizontal audit vs. vertical audit at  https://advisera.co/HorizontalVsVerticalAudit and ISO 17025 Technical internal audit: The basics at https://advisera.co/17025TechnicalAudit

Fulfilling ISO/IEC 17025:2017 8.9.3

The outputs from the Management Review are the records of what was presented (these can be PowerPoint presentations) and then discussion, decisions, and agreed actions. As best practice, all the agenda items should be listed in a table or spreadsheet where the discussion, decisions, and agreed actions for each are recorded. This becomes an action list, with assigned responsibilities and deadlines. For each agenda item, the output is then a record of “answers” to the following questions
a) Is the process evaluated and deemed as suitable, i.e. effective?
b) What improvements are noted for the period?
c) Are there suitable resources available?
d) Are any changes to the process needed to either meet objectives, control risks or drive improvements?

For more information, have a look a the ISO 17025 toolkit at https://advisera.co/ISO17025Toolkit where there are there is a procedure and forms to guide you. Also, read  the article How to perform management review in ISO 17025 at https://advisera.com/17025academy/blog/2021/05/03/how-to-perform-management-review-in-iso-17025/

Sampling in coal mine

ISO 17025 provides general requirements for Sampling from the management system perspective if a laboratory is performing the sample. The objective is to obtain the required item for testing and retain necessary records. The laboratory needs a sampling method that documents the selection of sites and or samples or sites, a plan, and the preparation and treatment of a sample for the laboratory. In the case of coal sampling, it is not likely the laboratory would be responsible for sampling.  Coal sampling is very complex and is and the samples seldom truly represent the whole amount. For this reason, there are standards (international and national) that provide guidelines under different conditions.        

Depending on where you are based, I suggest you look at the national bodies for that sector. There are some published guidelines, along with ISO standards which fall under the ISO catalog ICS (International Classification for Standards) 73.040 Coals Including lignites. For Example, standard ISO/DIS 13909-1 Coal and coke Mechanical sampling

To assist you in meeting the ISO 17025 QMS requirements, in conjunction with the ISO standards on coal sampling, have a look at the toolkit https://advisera.co/ISO17025Toolkit where there are there is a procedure to guide you (Sampling procedure) and forms for a  sampling plan and sampling report. Also, have a look at the Clause-by-clause explanation of ISO 17025:2017 https://advisera.co/17025ClauseByClause

Sustainability and Environmental Management

I would be more comfortable answering if I knew the company's target customers and the strategy to seduce them. Still, I have come up with some suggestions:

1. Risk Mitigation: Highlight how environmental risks, such as climate change, resource scarcity, and regulatory changes, could impact the business. Emphasize that integrating sustainability measures can mitigate future risks, ensuring the company's longevity and resilience.

2. Market Demands: Today's consumers and investors increasingly prioritize sustainable practices. For example, check how European banks will include the sustainability factor in the future. Show how embracing sustainability can enhance brand reputation, attract environmentally conscious customers, and secure investments from funds prioritizing ESG (Environmental, Social, and Governance) factors.

3. Cost Savings: Sustainable practices often lead to cost efficiencies in the long run. For instance, energy-efficient operations, waste reduction, and eco-friendly operational supply chains can lower costs and increase profitability over time.

4. Regulatory Compliance: Highlight how governments worldwide are imposing stricter environmental regulations. Being proactive in sustainability can ensure compliance with evolving laws, avoiding future fines and legal issues.

5. Innovation and Competitiveness: Explain that investing in sustainability fosters innovation. It can drive the development of new technologies, products, and services that meet evolving consumer preferences, giving the company a competitive edge in the market.

6. Reputation and Brand Value: Consumers increasingly favor environmentally responsible businesses. Show how a commitment to sustainability can enhance the company's brand image, attract conscientious customers, and strengthen brand loyalty, leading to increased market share and profitability.

Suggestions 1, 3, and 4 have more power if your company's strategy is around low cost.

Suggestions 2, 5, and 6 have more power if your company's strategy is around innovation.

Residual Risk Calculations

Thank you for your question.

We answered it through Experta - you can find the answer here:

1. https://experta.com/shared-post/7210f1ed-cd97-4aec-9c6f-19f873423b02
2. https://experta.com/shared-post/1bb10439-8dab-4de6-98f5-152abb676119

SoA Tasks

Thank you for your question.

We answered it through Experta - you can find the answer here: https://experta.com/shared-post/5d32fe75-90e9-489c-be5f-67f139e2b3a7

ITSM: Policies for Process Areas

What should be policies for all process areas under ITSM?