Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11270 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Considering processes
Answer:
It is up to the organization to determine the processes needed for its QMS. You should consider the context of the organization and the application of risk-based thinking to determine the level to which processes need to be detailed.
The following material will provide you information about process approach:
- ISO 9001 – ISO 9001: The importance of the process approach - https://advisera.com/9001academy/blog/2015/12/01/iso-9001-the-importance-of-the-process-approach/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Maintenance as a main process?
Yes, you can consider maintenance as a main process. -
Organizational knowledge
Answer:
I believe that the question is about organizational knowledge. Organizational knowledge is about maintaining knowledge that the organization considers to be required, for the operation of its processes and delivery of products and services according customers’ expectations, and about acquiring new knowledge based on changing needs and trends.
Maintained knowledge has everything to do with competence. Based on the process approach your organization can determine which functions play a part in each process doing what with what behavior associated. What kind of knowledge is needed to be competent?
The world does not stand still, customers change, technology change, competitors, change, the market change. How can your organization keep a radar to be aware of new knowledge that can become useful to build the future?
Personally, I like to use a matrix, 2x2:
What knowledge we know that we know?
What knowledge we don’t know we know?
What knowledge we know that we don’t know?
What knowledge we don’t know we don’t know?
When a new person is integrated in the organization, or when performance is not good, organizations give them training (a) and/or we put people working side by side with a mentor, a tutor, someone that will pass uncodified knowledge (b).
When an organization wants to learn new things that are not new in the market they go to seminars, conferences, training, asks suppliers help (c).
About d) organizations can receive technical magazines, search the internet regularly, by books and keeping an internal library, work with universities, attend conferences and seminars always on the search mode for something new that can be useful.
The following material will provide you information about the organizational knowledge:
- ISO 9001 – How to manage knowledge of the organization according to ISO 9001 - https://advisera.com/9001academy/blog/2016/08/30/how-to-manage-knowledge-of-the-organization-according-to-the-iso9001/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
ISO 27001 Internal Audit for Human Resources
ISO 27001 clauses to be considered in an HR department audit are mainly related to sections 7.2 (competence), 7.3 (awareness), and 7.4 (communication).
Broadly speaking,you should verify how the organization has identified and ensured the necessary information security competence is available, how employees are aware of the importance of protecting information and how they can contribute, and how their need for communication are identified and ensured.
These articles will provide you further explanation about competence, communication and internal audit:
- How to perform training & awareness for ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/05/19/how-to-perform-training-awareness-for-iso-27001-and-iso-22301/
- How to make an Internal Audit checklist for ISO 27001 / ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/
These materials will also help you regarding internal audit:
- ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-englis h-guide/
- ISO 27001:2013 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/ -
ISO 27001 Certified ISMS Foundation (CISF) qualification
For information about the use of CISF credential you need to contact IBITGQ (International Board for IT Governance Qualifications).
-
ISO 14001 on a construction site
Answer:
An environmental management system is used, among other things, to manage environmental aspects. Environmental aspects are mostly related to construction sites and all construction sites are different. Considering that, some typical issues can be:
Landscape change;
Dust generation;
Waste generation;
Water pollution;
Vegetation removal;
Environmental noise;
Waterborne suspended substances;
Destruction of the habitat of endangered species;
Resource deterioration;
Energy consumption on site
Raw materials consumption
Generation of inert waste
Site Hygiene
The following material will provide you information about assessment of environmental interactions:
- ISO 14001 – Using ISO 14001:2015 to identify environmental aspects in the construction industry - https://advisera.com/14001academy/blog/2015/11/10/using-iso-140012015-to-identify-environmental-aspects-in-the-construction-industry/
- ISO 14001 – 4 steps in identification and evaluation of environmental aspects - https://advisera.com/14001academy/knowledgebase/4-steps-in-identification-and-evaluation-of-environmental-aspects/
- free online training ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
- book - THE ISO 14001:2015 COMPANION – A Straightforward Guide to Implementing an EMS in a Small Business - https://advisera.com/books/the-iso-14001-2015-companion/ -
Becoming a BC consultant
Perhaps if you can point me for some cyber resilience book. BCM, information security or cyber resilience go hand in hand.
I'm not a tecnical professional, so any plain english guide will suit me just fine.
Answer: Cyber resilience goes through ensuring the management and delivery of IT services, so books about ITIL and ISO 20000, the ISO standard for management of IT services, can be useful for your purposes.
These materials will provide you further explanation about becoming a consultant:
- How to become an ISO 27001 / ISO 22301 consultant https://advisera.com/27001academy/blog/2014/07/21/how-to-become-an-iso-27001-iso-22301-consultant/
- How to become an ISO 27001 / BS 25999-2 consultant [free webinar on demand] https://advisera.com/27001academy/webinar/become-iso-27001-bs-25999-2-consultant-free-webinar/ -
Integrating management systems
ISO 22301 & ISO 27001 are also framed as per the Annex SL Framework. ISO 45001, ISO 27001 and iSO 22301 are "Risked based" standards.
In view of this whether it will be possible to include ISO 22301 & ISO 27001 under "IMS" additionally ?
Answer: Certainly. Since all these standards are structured according Annex SL all their common requirements can be integrated in a single framework. As for the "Risked based" aspect of the standards, you can consider develop them accordingly ISO 31000, ISO standard for risk management.
These articles will provide you further explanation about integrating ISO management systems:
- How to implement integrated management systems https://advisera.com/27001academy/blog/201 5/10/05/how-to-implement-integrated-management-systems/
- ISO 31000 and ISO 27001 – How are they related? https://advisera.com/27001academy/blog/2014/03/31/iso-31000-and-iso-27001-how-are-they-related/ -
RTO for critical application
Answer: There is no standard or default Recovery Time Objective (RTO) that can be attributed to an application, because the RTO value is based on the results of a Business Impact Analysis (BIA), which is unique for each organization context. The definition of RTO can be made by the person responsible by the application, considering the inputs of interested parties impacted by a disruption on application operation (e.g., customers, regulators, etc.), and it is approved by top management.
These materials will provide you further explanation about RTO and BIA :
- What is the difference between Recovery Time Objective (RTO) and Recovery Point Objective (RPO)? https://advisera.com/27001academy/knowledgebase/what-is-the-difference-between-recovery-time-objective-rto-and-recovery-point-objective-rpo/
- Implementing Business Impact Analysis according to ISO 22301 [free webi nar on demand] https://advisera.com/27001academy/webinar/implementing-business-impact-analysis-according-to-iso-22301-free-webinar-on-demand/ -
AS9100: Integrating QMS and business
The key to integrating the business processes and QMS processes, as mentioned in the article, is to first identify what the business needs are (a SWOT analysis is recommended), from which you can then create your quality objectives to support your business needs.
Once these quality objectives are created they can be integrated into your business processes so that the processes you use to run your business link to your overall business objectives. For instance, If you have a quality objective for improving on-time delivery, you can then have objectives and measurables for the important business process to meet to ensure this on-time delivery is improved.
For more information, see this article on writing quality objectives: https://advisera.com/9100academy/knowledgebase/how-to-define-quality-objectives-in-as9100/