Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11272 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
SMART and Good Quality Objectives
Answer:
I know too several variations of that acronym. There is no need for a leading authority, your organization is free to decide which variation suits best. Really important is taking care of clause 6.2.1 when defining quality objectives.
The following material will provide you information about Good Quality Objectives:
- ISO 9001 – How to Write Good Quality Objectives - https://advisera.com/9001academy/knowledgebase/how-to-write-good-quality-objectives/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Documented information format
Answer:
The standard gives some examples about what can be considered as format. Language – if your organization is present in several countries you have to handle the language issue.
Software version – Will all users have access to the software for consulting?
Graphics – Will all procedures have the same graphic look? Will all work instructions have the same graphic look? Will all forms have the same graphic look?
The following material will provide you information about the documented information:
- ISO 9001 – New approach to document and record control in ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/
- free online training ISO 9001:2015 Foundations Course – https://training.a dvisera.com/course/iso-90012015-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Documentación obligatoria en ISO 9001
En la nueva versión de la norma se reduce el número de documentos obligatorios que necesita para poder recibir la certificación. Sin embargo, es conveniente contar aún con algunos de los procedimientos que pueden ayudarle a realizar los procesos del Sistema de Gestión de Calidad de forma sistemática, es decir, que en futuras revisiones los procesos se lleven a cabo de la misma manera. En el siguiente artículo puede encontrar la lista de documentos obligatorios y documentos recomendados de la ISO 9001:2015:
https://advisera.com/9001academy/pt-br/kit-de-documentacao-da-iso-9001/nowledgebase/lista-de-documentos-obligatorios-requeridos-por-la-iso-90012015/
Los siguientes materiales pueden ayudarle con la ISO 9001:2015:
- Libro "Descubre ISO 9001:2015 mediante ejemplos prácticos" (disponible en inglés): https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Curso Fundamentos d e la ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/
- Herramienta de cumplimiento en línea: https://advisera.com/conformio/ -
ISO standard selection
1. Government Ministries
2. Small, Medium and Large business places.
Answer: The selection of an ISO standards depends on many factors, such as:
- Laws and regulations that must be followed
- Business (private or governmental) that must be achieved
- Customers / Users needs to be fulfilled
So, without more detailed information it is not possible to recommend specific ISO standards.
But it is important to note that ISO standards are designed to be implemented by organizations of any sector or size.
See this article for more information:
- Is ISO 27001 among the top ISO standards? https://advisera.com/27001academy/blog/2013/09/09/is-iso-27001-among-the-top-iso-standards/ -
ISO 27001 and ISO 20000
Answer: Besides a customer requirement, you also have to evaluate these two aspects:
- if there is any legal requirement such as laws or regulations that demands for this certification;
- if the benefits related to the ISO 20000 certification will be greater than the effort to implement it and maintained it.
If there is no applicable legal requirement, then you should consider if the benefits for your organization to certify against ISO 20000 to meet this client needs will be greater than effort and cost involved in the implementation and operation of a certified system.
These articles can help you evaluate your options:
- 5 key benefits of ISO 20000 implementation https://advisera.com/20000academy/blog/2016/02/09/5-key-benefits-of-iso-20000-implementation/
- How to implement ISO 27001 and ISO 20000 together https://advisera.com/27001academy/blog/2015/03/16/how-to-implement-iso-27001-and-iso-20000-together/ -
Management systems integration
2. Do we have separate documents or record for each or combined, eg Internal audit program and Audit reports. Can non- conformities discovered in 9001, 14001 and 45001 be recorded in a single template.”
Answer:
The most logical approach for an integrated management system is a common policy and whenever possible common documents like internal audit, audit report, corrective actions, and so on. Your organization can try a single template for non-conformities. In working with some organizations I have used a single template and worked, but I must confess that sometimes it does not work because some organizations want to keep simple templates and trying to answer to all standards and recording what is relevant about the context of the non-conformity is not easy.
The following material will provide you information about management systems integration:
- ISO 9001 – How to implement integrated management systems - https:// advisera.com/27001academy/blog/2015/10/05/how-to-implement-integrated-management-systems/
- How to integrate ISO 14001 and ISO 9001 - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/how-to-integrate-iso-14001-and-iso-9001/
- Integrated Management System Manual - https://advisera.com/9001academy/documentation/ims-manual/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Audit or Gap Analysis?
Answer:
If there is no QMS defined yet perhaps at this stage a Gap Analysis will more useful. Please check the links bellow where you can find a free checklist for a Gap Analysis and where Gap Analysis is compared with audits.
The following material will provide you information about the Gap Analysis tool:
- ISO 9001 – Gap analysis vs. internal audit in ISO 9001 - https://advisera.com/9001academy/blog/2015/02/17/gap-analysis-vs-internal-audit-iso-9001//
- Should you use a gap analysis in your ISO 9001 implementation? - https://advisera.com/9001academy/17/use-gap-analysis-iso-9001-implementation/
- Free ISO 9001:2015 Gap Analysis Tool - https://advisera.com/9001academy/iso-9001-gap-analysis-tool/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Risk assessment methodologies
Answer: First it is important to note that ISO 27001 does not prescribe any specific methodology for an ISMS, so organizations are free to choose the methodology that best fits their needs.
The most used approach is the asset-based risk assessment. Regarding FMEA, it is a good approach when you have a clear understanding of the processes being assessed.
These article will provide you further explanation about risk assessment approaches:
- ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
- ISO 31010: What to use instead of the asset-based approach for ISO 27001 risk identification https://advisera.com/27001academy/blog/2016/04/04/iso-31010-what-to-use-instead-of-the-asset-based-approach-for-iso-27001-risk-identification/
These materials will also help y ou regarding risk assessment approaches:
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- The basics of risk assessment and treatment according to ISO 27001 [free webinar on demand] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/ -
Transfer data to countries outside the EEA
Our company and order management system is located Finland.
1. Do we need to fill and sign 06.3_Annex_2_Standard_Contractual_Clauses_for_the_Transfer_to_Processo rs_EN with those companies?
2. Do we need to inform our customers registered to order management system about personal information transfer outside EU?
Answers:
If you are transferring data to Thailand and India you need to sing the Standard_Contractual_Clauses_for_the_Transfer_to_Processors with each of your processors. You need to inform your customers that you may transfer data to countries outside the EEA and point out which are those countries.
To find out more about data transfers make sure you do n’t miss our webinar “How to make personal data transfers to other countries compliant with GDPR” https://advisera.com/webinars/how-to-make-personal-data-transfers-compliant-with-gdpr-free-webinar-on-demand/ -
Unstructured data
Answer:
If the unstructured data cannot be linked to an individual that the EU GDPR does not come into play. However, just to make sure you can use a data discovery solution to check if your archives contain personal data.
If they do you need to check if you have a legal ground to keep the data and if not you need to delete it.
If you want to find out more about your obligation to delete data you can check out our free “EU GDPR Foundations Course” (https://advisera.com/training/eu-gdpr-foundations-course//