Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11272 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Risk assessment approaches
1- Which is the best approach to be used during risk assessment between Asset based and Processed approach?
Answer: First it is important to understand that ISO 27001 does not prescribe an approach to perform risk assessment, so you can choose the approach that better suits your needs.
Asset-based risk assessment is easier to perform, while the process-based risk assessment can provide you a more understandable context to identify and evaluate risks.
These materials will provide you further explanation about risk assessment approaches:
- ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
- ISO 31010: What to use instead of the asset-based approach for ISO 27001 risk identification https://advisera.com/27001academy/blog/2016/04/04/iso-31010-what-to-use-instead-of-the-asset-based-approach-for-iso-27001-risk-identification/
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
2 - At what Stage do you determine residual risk and how best can it be done?
Answer: You determine residual risk after the definition of the risk treatment option and controls to be implemented (definition of the risk treatment plan).
These materials will provide you further explanation about residual risk:
- Why is residual risk so important? https://advisera.com/27001academy/knowledgebase/why-is-residual-risk-so-important/
- ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
- The basics of risk assessment and treatment according to ISO 27001 [free webinar] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/ -
Becoming an ISO consultant
Answer:
If you are interested in working as a consultant implementing ISO 9001:2015 or ISO 17025 you can attend a Lead Implementer Course, since that course can help you to understand and implement the standards and then get the Lead Implementer certificate in order to prove your competence. Also, a Project Manager Certificate can be helpful because you will learn how to run projects.
We have aavailable this free on-line course - ISO 9001:2015 Foundations Course: https://advisera.com/training/iso-9001-foundations-course/ After attending the course you can obtain a certificate that proves that you passed the exam.
To learn more about how to become a consultant, see this article - How to become an ISO 9001 consultant: https://advisera.com/9001academy/blog/2016/11/15/how-to-become-an-iso-9001-consultant/ -
Cost of ISO standards implementation
Answer:
If you want to implement ISO standandars you will need to plan some financial and personnel resources in order to carry out the implementation project efficiently. The cost will vary depending on many factors such as the size of the organization and the complexity of the processes.
To learn more about the budget that you need for the implementation of ISO 9001:2015, you can download this free white-paper -How to budget an ISO 9001 implementation project:
https://info.advisera.com/9001academy/free-download/how-to-budget-an-iso-9001-implementation-project
You can also read this article -How much does the ISO 9001 implementation cost?: https://advisera.com/9001academy/blog/2016/12/20/how-much-does-the-iso-9001-implementation-cost/ -
Requirements for ISO 13458 implementers
Answer:
There is no mandatory requirements for ISO 13458 implementers. If you feel confident there is no need to take a course to transition.
The following material will provide you information ISO 13458:
- Download free ISO 13485 materials - https://advisera.com/13485academy/free-downloads/
- IMPLEMENT ISO 13485 EFFORTLESSLY - https://advisera.com/13485academy/ -
Expiring soon ISO 14001 certification
Answer:
After September 15th every certification that hasn´t done the transition to the new revision of the standard will not be valid, so you will need to perform that transition before that date if you want to maintain the certificate. If you don´t need the certification for any relevant purpose (such as external provider requirement and so on) you can wait until you properly finish the implementation of the new standard instead of failing the external audit.
You can use this free ISO 14001 on-line calculator to learn how long the transition to the new revision will take: https://advisera.com/14001academy/iso-14001-duration-calculator/
To learn more about the the transition, see these materials:
- Article - 12 steps to make the transition from ISO 14001:2015 to 2015 revision: https://advisera.com/14001academy/blog/2015/09/28/12-steps-to-make-the-transition-from-iso-140012004-to-2015-revision/
- How to make the transition from ISO 9001:2008 to the 2015 revision: https://advisera.com/9001academy/blog/2015/10/06/how-to-make-the-transition-from-iso-90012008-revision-to-the-2015-revision/
Also you can download a free preview of our ISO 14001:2015 Transition toolkit, that can help you to speed up the transition to the new revision : https://advisera.com/14001academy/iso-140012015-transition-toolkit/ -
Contexto, riesgos y otras cláusulas de la norma
Tengo un Sistema de Gestión desde el año 2014, y con la transición, tengo varias dudas:
1. Todos los procesos deben realizar una matriz dofa para el numeral 4.1, o solo la hace el proceso gerencial, y luego de identificar los factores internos y externos se hace un listado de ellos y luego se sacan las estrategias o como se procede
2. Todos los procesos deben realizar una matriz de identificación de riesgos y oportunidades o solo el proceso gerencial de lo que salga de la DOFA.
3. Se debe hacer una matriz legal o no, o es solo una matriz de correlación en cuanto a los requisitos del numeral 8.2.2 y 8.5.3, o como cumplo ese requisito.
4. La empresa en la que trabajo hace distribución y envasado de GLP, gas licuado de petroleo, o cilindros de gas propano, se requiere de diseño y desarrollo, o definitivamente se puede excluir, en la versión anterior en el alcance se excluye. pero como ahora cambio, es posible excluir este numeral o definitivamen te tendríamos que hacer el diseño y desarrollo y a que se haría.
Respuesta:
1. No debe necesariamente de realizarse una matriz DOFA para cada uno de los procesos de la organización, de la misma forma tampoco hay que centrarse en el proceso gerencial sino que a la hora de realizar la matriz DOFA tiene que que tener en cuenta todas aquellas cuestiones de la organización que pueden afectar a la satisfacción del cliente y/o partes interesadas y a la entrega de la calidad del producto o servicio. Este análisis se puede llevar a cabo con las personas relevantes de la organización, que incluyen la alta y media dirección, en una reunión de tormenta de ideas. La norma requiere la documentación del contexto de la organización, por lo que es la compañía la que decide si documentarlo o no y cómo hacerlo, puede ser mediante una lista como propones. La identificación del contexto de la organización es clave para lanzar una estrategia corporativa y para detectar oportunidades de mejora.
Para saber más sobre cómo determinar el contexto de la organización, vea - Cómo identificar el contexto de la organización en ISO 9001:2015: https://advisera.com/9001academy/pt-br/kit-de-documentacao-da-iso-9001/nowledgebase/como-identificar-el-contexto-de-la-organizacion-en-iso-90012015/
2. Al igual que ocurre en la determinación del contexto de la organización la matriz DOFA debe realizarse teniendo en cuenta todos los procesos que se encuentren dentro del alcance de la organización, pero no sería necesario realizar una matriz DOFA para cada uno de los procesos.
Para saber más sobre riesgos y oportunidades en ISO 9001:2015, vea - Cómo abordar riesgos y oportunidades en ISO 9001:2015: https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/#
3. No es necesario realizar una matriz para cumplir con ambos numerales. La norma sólo requiere de forma obligatoria retener información documentada (registros) del numeral 8.5.3 sobre Registros de la Propiedad del Cliente, pero de nuevo no existe ningún requisito de cómo hacerlo. En cuanto al numeral 8.2.2, aunque la norma no requiere ningún documento obligatorio al respecto, puede crear por ejemplo, una lista de verificación de revisión de los requisitos de los clientes. Puede descargar una muestra gratuita de la plantilla que ofrecemos para cumplir con este requisito - Lista de revisión de requerimientos de clientes: https://advisera.com/9001academy/es/documentation/lista-de-revision-de-requerimientos-de-clientes/
4. Si su empresa no realiza el proceso de diseño y desarrollo de los productos que ofrece entonces puede excluirlo del alcance, justificando de manera adecuada su exclusión.
Puede leer este artículo para obtener más información sobre las exclusiones en ISO 9001:2015 - Qué cláusulas pueden excluirse en ISO 9001:2015? (disponible en inglés): https://advisera.com/9001academy/blog/2015/07/07/what-clauses-can-be-excluded-in-iso-90012015/2015/#
Para saber más sobre las cláusulas de la norma puede descargar este documento - Explicación de ISO 9001:2015 cláusula a cláusula (disponible en inglés): https://info.advisera.com/9001academy/free-download/clause-by-clause-explanation-of-iso-90012015
Este curso gratuito en línea también puede ayudarle a entender cada uno de los requisitos de la norma ISO 9001:2015 - Curso de fundamentos de la norma ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/ -
School mailing list
Answer:
Not unless you are sending them marketing materials. However, if the communication is based on consent you need to provide the parents with the option to withdraw the consent. -
Keeping data in hard copy
Hi Andrei
Thanks so much for your kind help -
Monitoring and Measurement Resources and service companies
Answer:
Section 7.1.5 is about monitoring and measurement resources. Resources is a key word, not necessarily equipment or instruments.
Another important point is Section 7.1.5 deals only with the monitoring and measurement features that are used to verify the conformity of the product or the service with the requirements. Not all monitoring and measurement operations performed on the product and/or service are effectively used to determine product conformity.
How does your organization ensure that the services provided are according to requirements? The monitoring and measurement resources can be, for example, samples or visual patterns.
That being said, it is not really unusual for service organizations to conclude that they do not have monitoring and measurement r esources and therefore consider this Section to be not applicable in their QMS.
The following material will provide you information about not applicable clauses:
- ISO 9001 – What is an acceptable exclusion in Clause 7 of ISO 9001? - https://advisera.com/9001academy/blog/2015/03/24/what-is-an-acceptable-exclusion-in-clause-7-of-iso-9001/
- What clauses can be excluded in ISO 9001:2015? - https://advisera.com/9001academy/blog/2015/07/07/what-clauses-can-be-excluded-in-iso-90012015/2015/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Terms of service for ITIL implementation
Answer:
Basically, ITIL does not have any particular terms to be implemented. If you have enough know-how and know what ITIL is about, you can start the implementation.
If you don't have enough knowledge, there are few options:
1. Purchase official ITIL documentation, visit some of the training (starting with Foundation) and implement it. It will take long, cost a lot, but it's possible
2. Hire a consultant – should be quicker than #1, but more expensive (btw. read this free whitepaper before hiring a consultant „List of questions to ask ITIL consultant“ https://info.advisera.com/20000academy/free-download/list-of-questions-to-ask-itil-consultant
3. Purchase the documentation toolkit with extensive support options and do it by your self with our support, like https://advisera.com/20000academy/pricing
Read the free whitepaper „Implementing ISO 20000 with a consultant vs. DIY approach“ https://info.advisera.com/20000academy/free-download/implementing-iso-20000-with-a-consultant-vs-diy-approach or see this free webinar „How to use a Documentation Toolkit for the implementation of ITIL / ISO 20000“ https://advisera.com/20000academy/webinar/how-to-use-a-documentation-toolkit-for-the-implementation-of-itil-iso-20000-free-webinar-on-demand/ to find out more about your options and their characteristics, advantages, disadvantages...