Search results

Performing Measurement Uncertainty and Business Opportunities

You asked

"1. How to perform Measurement Uncertainty

ILAC, the international organisation for accreditation bodies has a guideline ILAC  LAC G17:01/2021 ILAC Guidelines for Measurement Uncertainty in Testing available from https://ilac.org/publications-and-resources/ilac-guidance-series/ It provides references and guidance for approaching measurement uncertainty to conform with ISO/IEC 17025:2017. It offers some common approach es for laboratories.

For the chemistry sector, see the Eurachem guideline Quantifying Uncertainty in Analytical Measurement, 3rd Edition, available at https://www.eurachem.org/index.php/publications/guides/

For microbiology, there is the recently revised ISO 19036:2019 Microbiology of the food chain - Estimation of measurement uncertainty for quantitative determinations.  

Then it may be useful to see my reply at https://community.advisera.com/topic/uncertainty-measurement/

Trust this is of some assistance.

You also asked

2. How to perform Identify Business Opportunities

Identifying business opportunities starts with the standard practices of evaluating feedback from clients and personnel. Also from evaluating risks. It will involve evaluating processes and identifying activities where the benefit to cost or negative risk of adoption ratio is favourable. This is a qualitative analysis by looking at the resources or cost of a change, and any negative impact (e.g could affect another activity negatively, or adoption by personnel could be a challenge). This is weighed up with the possibility of an adopted change being successful and the positive impact.

You also asked

3. How to manage risk prioritizing"

Prioritise the high risks as those that impact your quality objectives or test results. For more information, have a look at the Webinar How to manage risks in laboratories according to ISO 17025 at  https://advisera.com/17025academy/webinar/iso-17025-risk-management-how-to-manage-it-free-webinar-on-demand/

ISO 17025 audit

You asked

How to correctly audit against ISO 17025 standard?

Effective auditing against ISO 17025 criteria involves knowledge by the auditor, of mandatory and nonmandatory requirements of ISO 17025. Auditing skill and competency is also required.

You also asked

What to look for when auditing this standard?

To audit the entire standard, go sequentially through the standard requirements using an audit checklist. Advisera has an  ISO 17025 document template: Internal Audit Checklist available at https://advisera.com/17025academy/documentation/internal-audit-checklist/ 

If ISO 17025 requires a document or record, request an example of such a document and check if it meets the requirements. If not, the finding is raised as a nonconformance. For information on the mandatory requirements have a look at the Whitepaper Checklist of mandatory documents required by ISO 17025:2017 at https://info.advisera.com/17025academy/free-download/checklist-of-mandatory-documents-required-by-iso-17025 

Also, have a look at the answer to a question at https://community.advisera.com/topic/is-personnel-in-iso-17025-required-to-have-training-and-certificate-before-starting-auditing-the-lab/

You also asked 

3. Is there a difference between auditing techniques when auditing 9001 and 17025"

Auditing techniques are common for all Quality management systems. Have a look at the whitepaper How to perform an internal audit using ISO 19011 available from Advisera at https://info.advisera.com/free-download/how-to-perform-an-internal-audit-using-iso-19011 

For 17025 there is a large technical component.  Have a look at my answer at https://community.advisera.com/topic/iso-17025-auditing/  and  

ISO 17025 technical internal audit: The basics https://advisera.com/17025academy/blog/2020/11/10/iso-17025-technical-internal-audit-the-basics/

Important questions to be asked during audit

I am not sure if you are performing management and technical assessments ? Either way it is important to define the scope before the audit and then set the appropriate audit criteria (checks) with the purpose to assess the extent to which mandatory requirements have been put in place.

For assistance, a have a look at my answer https://community.advisera.com/topic/iso-17025-audit/

Does 17025 standard applicable to Legal Metrology Activities

Only national law on legal metrology on legal metrology is not sufficient. 17025 must be a mandatory requirement. 

Unable to edit the project plan

Your understanding is correct.

Pos implementation updates of the ISMS should be done by means of corrective actions, in the nonconformity module. This allows a better tracking of actions and responsible personnel (this level of detail is not available in the project t planning document).

An alternative you can use is to update a project plan document to your conformio environment. For that, you can use this free available download: https://info.advisera.com/27001academy/free-download/project-proposal-for-iso-27001-iso-22301-implementation-msword

ISO 27001 Internal Auditor Exam - Expert Question

 ISO 27001 does not prescribe how to relate impact and likelihood to define risk, so both approaches are acceptable.

For further information, see:

• How to write ISO 27001 risk assessment methodology https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#section3

ISO 27001 Suppliers relationships for small company

I’m assuming that by online audit you mean online assessment since an audit is not part of the risk assessment process.

Considering that, for supplier risk management this approach (online assessment, internet, and social media search and site review) is acceptable for certification purposes.

Regarding NDA and awareness training, please note that these are alternatives for risk treatment, not a risk assessment. These would be applicable if you identify relevant risks that can be treated by them, or in case you have legal requirements (e.g., laws, regulations, or contracts) demanding their implementation.

As for online resources for supplier risk assessment and audit, please take a look at these resources:

• Risk Assessment Table https://advisera.com/27001academy/documentation/risk-assessment-table/
• Internal Audit Checklist https://advisera.com/27001academy/documentation/internal-audit-checklist/

ITIL to improve IT Service Management in Organizations

During my (ITIL) trainings, I noticed that participants lack the knowledge about ITIL, its purpose and applicability. That's one of the reasons. Additionally, they think „it's complex and complicated“. They also don't know where to start. Training fixes some of the issues. Additionally people think they need a lot of human resources and they don't see benefits. There are some additional challenges that companies face. See the article „5 excuses why IT organizations avoid ITIL implementation here: https://advisera.com/20000academy/blog/2015/08/25/5-excuses-why-it-organizations-avoid-itil-implementation/.

Information Security Policies and Procedures

1 - Can you have a look at the document (for review proposes)? The document will be sent once you confirm.

Yes, you can send us the finished document for an expert review. In your package, you have the option of the review of 5 documents.

2 - What do you recommend, shall I keep all Information Security policies and procedures in 1 document or shall I keep every policy in 1 document and the procedures in also in another document.

ISO 27001 does not prescribe how documentation must be elaborated, so organizations can develop them the way it best suits their needs.

The main criteria to decide to merge documents or not are if they have similar purposes and if by merging them they would not become a document too big to understand and read. So, if your single document does not become too big to use and manage it may be best to merge them, so you have fewer documents to manage in your ISMS.

These articles will provide you with a further explanation about developing policies:

• One Information Security Policy, or several policies? https://advisera.com/27001academy/blog/2013/06/18/one-information-security-policy-or-several-policies/
• 8 criteria to decide which ISO 27001 policies and procedures to write https://advisera.com/27001academy/blog/2014/07/28/8-criteria-to-decide-which-iso-27001-policies-and-procedures-to-write/
• How to structure the documents for ISO 27001 Annex A controls https://advisera.com/27001academy/blog/2014/11/03/how-to-structure-the-documents-for-iso-27001-annex-a-controls/

27001 questions

1 - What are the organizations where we could request the certification process in the US?

Certification bodies accredited to issue an ISO 27001 certification based in the US are registered to America’s national accreditation body (ANAB). At this site, you can identify the current valid certification bodies: https://anabdirectory.remoteauditor.com/

2 - Is it possible to develop audit processes with workers from various countries?

It is possible to develop such a process, but its complexity may turn it unnecessarily complex and difficult to manage, and independent local audits may be a better solution (please note that these can use the same general process, only using local resources).

For further information, see:

• How to prepare for an ISO 27001 internal audit https://advisera.com/27001academy/blog/2016/07/11/how-to-prepare-for-an-iso-27001-internal-audit/

3 - Is it possible to carry out the certification with an entity in the US and for the audit and evidence process to occur in Spanish? If positive, we would love to know if you have had any experience under this modality.

The answer to this question will depend on the certification body you chose for your certification process, so to have a definitive answer you need to contact two or three alternative certification bodies to know their opinion.

For further information, see:

• How to choose an ISO certification body https://advisera.com/blog/2021/01/11/how-to-choose-an-iso-certification-body/