Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11272 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Product safety training
Answer:
The standard requires the organization to identify needs for training regarding the product safety and to perform the training. Needs for training can be determined based on the new activities introduced regarding the product safety or based on the FMEA results or customer requirements. Once you identify the training need, you need to plan and perform the training and produce records about the training, e.g. training report.
The training plan that contains training about the product safety and the training report on the training conducted is sufficient evidence to demonstrate compliance with this requirement of the standard.
For more information, see: Ensuring product safety according to IATF 16949 https://advisera.com/16949academy/blog/2017/09/20/ensuring-product-safety-according-to-iatf-16949/ -
Company data
As long as we are talking about personal data the EU GDPR comes into play, so it doesn't matter whose data are concerned, could be employees, customers, customers employees, suppliers employees. -
Integrated ISO 27001 & GDPR toolkit content
I was looking for a policy regarding Security in the HR & recruitment process.
Does that exist?
Answer: Unfortunately we do not have a security policy for HR and recruitment processes - this is because such document is not mandatory, and for smaller companies (our target market) it is not very common. I'm not sure about the size of your company, but if you are smaller than 100 employees, such document would probably be an overkill for you.
Of course, you can always schedule a meeting with our expert who will explain you how to write such a policy if you feel it is needed. -
Alcance SGSI
Respuesta: Si quieres integrar tu ISO 9001 con la ISO 27001, comunmente la mayoría de las empresas que conozco tienen el mismo alcance para ambos estándares, por tanto, si has definido un alcance para ISO 9001, puedes definir el mismo alcance para ISO 27001. En cualquier caso, nuestra recomendación es que el alcance de la ISO 27001 sea toda la organización.
Este artículo te puede interesar “How to integrate ISO 9001 and ISO 27001” : https://advisera.com/9001academy/blog/2016/09/27/how-to-integrate-iso-9001-and-iso-27001/
Y también este otro “How to define the ISMS scope” : https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
Y este webinar gratuito sobre la implementación de ISO 27001 usando ISO 9001 “Implementación de ISO 27001: ¿Cómo hacerla más sencilla utilizando ISO 9 001?” : https://advisera.com/27001academy/es/webinar/iso-27001-implementation-how-to-make-it-easier-using-iso-9001-free-webinar-on-demand/ -
ISO 20000 and ISO 27001
Answer: Although ITIL/ISO 20000 and ISO 27001 cover different domains, they have a considerable overlap that requires that any organizational unit working with them work together. For example, ITIL/ISO 20000 must integrate information security requirements in its implementation. Regarding ISO 27001, when defining which and how to protect information the characteristics of the IT environment should be considered to define the best approach.
These articles will provide you further explanation about integration between information technology and information security:
- ISO 27001 vs. ITIL: Similarities and differences https://advisera.com/27001academy/blog/2016/03/07/iso-27001-vs-itil-similarities-and-differences/
- Incidents in ISO 22301 vs. ISO 27001 vs. ISO 20000 vs. ISO 28003 https://advisera.com/27001academy/blog/2016/09/05/incidents
This material will also help you regarding integration between information technology and information security:
- How to integrate ISO 27001 and IS O 20000 [free webinar on demand] https://advisera.com/27001academy/webinar/how-to-integrate-iso-27001-and-iso-20000-free-webinar-on-demand/ -
Exercising and Testing Plan
All is well but I feel I have misinterpreted the Exercising and Testing Plan. Now this document has a specific drill for a specific date in it. Should it be more like an annual schedule of different exercises and their periods instead?
Answer: Your assumption is correct. The purpose of this template is to determine the annual schedule of multiple exercises, so you can have a general overview of all exercises you have to perform in the period, but nothing prevents you to use this document for a single test to be performed in a single period.
This article will provide you further explanation about testing business continuity:
- How to perform business continuity exercising and testing according to ISO 22301 https://advisera.com/27001academy/blog/2015/02/02/how-to-perform-business-continuity-exercising- and-testing-according-to-iso-22301/
This material will also help you regarding testing business continuity:
- Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/ -
Components of ISO 14001
thank you so much for your explanation. it really help me to understand more about ISO -
Extension of scope
Answer:
If your present scope already includes distribution and commercialization of your product I would check if it is clear about the geographical scope of activities to avoid misleading information. About the process mapping I would consider the relevant activities made in the UK and check if different processes are needed.
The following material will provide you information about the risk-based approach:
- ISO 9001 – How to define the scope of the QMS according to ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/how-to-define-the-scope-of-the-qms-according-to-iso-90012015/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-14001-internal-auditor-course/ -foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Documenting the context for ISO 14001
Answer:
The standard doesn't require any document to be created regarding the context. However, if you decide to document it, there are two aspects of the requirements for context of the organization that needs to be considered.
First is to decide whether to document the process of determining context of the organization, meaning to develop the procedure where you will define who is responsible for determining the context, how often the context is considered, what elements of the context will be analyzed, etc. Here you can download free preview of our Procedure for Determining Context of the Organization and Interested Parties https://advisera.com/14001academy/documentation/procedure-for-determining-context-of-the-organization-and-interested-parties/
The second is to decide how to document the result of the analysis of the context, or the context itself. Documenting the entire context can be overwhelming and t iduous, so my suggestion is to use some simple record that will contain only the crucial information of the context. For example, if you decide to apply SWOT or PEST analysis for determining the context, you can create only the record of the analysis and this can be sufficient. In addition to this record, you should also create a list of interested parties and their needs and expectations. Here you can download free preview of our List of Interested Parties, Legal and Other Requirements https://advisera.com/14001academy/documentation/list-of-legal-and-other-requirements/
For more information about the context, see: Determining the context of the organization in ISO 14001 https://advisera.com/14001academy/knowledgebase/determining-the-context-of-the-organization-in-iso-14001/
These materials will also help you regarding the context:
- Book THE ISO 14001:2015 COMPANION https://advisera.com/books/the-iso-14001-2015-companion/
- Free online training ISO 14001:2015 Foundations Course https://advisera.com/training/iso-14001-internal-auditor-course/
- Conformio (online tool for ISO 14001) https://advisera.com/conformio/