Search results

Home / Search

Category:
Select
Select

11270 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Comité de Calidad

    Mi respuesta: Dentro del Plan de Proyecto pude ser definida la organización del proyecto, donde estarían incluidos: - el promotor del proyecto: no participa activamente en el mismo. El gerente del proyecto del proyecto debe informar regularmente al promotor del proyecto acerca del estado del mismo; éste interviene si el proyecto está paralizado. - el gerente del proyecto: su función es coordinar el proyecto, garantizar los recursos necesarios para su implementación, informar al promotor sobre el progreso del proyecto y realizar trabajos administrativos relacionados con el mismo. La autoridad del gerente del proyecto debe ser tal que garantice la implementación ininterrumpida del proyecto dentro de los plazos establecidos. - el equipo del proyecto: su fun ción es ayudar en diversos aspectos de la implementación del proyecto, realizar tareas preestablecidas y tomar decisiones sobre diversos temas que requieren un enfoque multidisciplinario. El equipo del proyecto se reúne antes de completar cada versión final de un documento y, en otros casos, cuando el gerente del proyecto lo considere necesario. Estos materiales pueden ayudarle con respecto a la implementación de ISO 9001: 2015: - Libro "Preparación para el proyecto de implementación ISO: una guía en un lenguaje sencillo": https://advisera.com/books/preparacion-para-el-proyecto-de-implementacion-iso-una-guia-en-un-lenguaje-sencillo/ - Curso gratuito en línea: Curso de Fundamentos ISO 9001: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/ - Conformio (herramienta en línea para ISO 9001): https://advisera.com/conformio/

  • Risk assessment report


    Answer: The risk assessment report should be a separated document from the risk assessment, because its purpose is to to present to top management the main results of the risk assessment, while the risk assessment document contains all information gathered, analysed and evaluated about the risks in the organization.

    This article will provide you further explanation about the risk assessment process:
    - ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/

    These materials will also help you regarding risk assessment and treatment process:
    - Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
    - The basics of risk assessment and treatment according to ISO 27001 [free webinar on dem and] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/

  • Need for Data Protection Impact Assessment


    Answer:

    As stated in the webinar DPIAs are not necessary to all processing activities, but only for those activities that may be considered as high risk to the rights and freedoms of the data subjects. Our EU GDPR implementation toolkit https://advisera.com/eugdpracademy/eu-gdpr-documentation-toolkit/ contains also threshold assessment which is meant to help you identify high risk processing activities.

  • Performing DPIA


    Answer:

    DPIAs are not depended on the size of the company but are related only to the processing activities. If you acting as a sole trader that would perform processing activities that would fall into the high risk category a DPIA would be needed.

  • BCMS performance indicators


    Answer: At this moment we do not have specific examples of performance metrics for a BCMS, but I suggest you to take a look at this article so you can have ideas from an ISMS perspective that can be adapted to a BCMS:
    - Key performance indicators for an ISO 27001 ISMS https://advisera.com/27001academy/blog/2016/02/01/key-performance-indicators-for-an-iso-27001-isms/

    For example:
    - Percent of business initiatives supported by the ISMS may be changed to Percent of business initiatives supported by the BCMS
    - Percent of information security initiatives containing cost/benefit estimates may be changed to Percent of business continuity initiatives containing cost/benefit estimates
    - Percent of agreements with information security clauses may be changed to Percent of agreements with business continuity clauses
    - Numb er of security-related service downtimes may be changed to Number of service disruptions
    - Duration of service interruptions can be maintained
    - Incident resolution time may be changed to Achieved recovery time
    - Percent of controls assessment performed may be changed to Percent of BCP tests performed
    - Number of improvement initiatives can be maintained

    This material will also help you regarding BCMS metrics:
    - Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/

  • Who should implement IATF 16949

    (a) there is a requirement in the contract that you should follow this standard,
    (b) there is no mentioning of this, but cited that one should follow generally accepted practice in the industry, applicable standards, etc. (a vague reference to compliance with the applicable "rules"), and
    (c) if nothing is said at all (could this AITF-standard possibly be considered as future industry practice?).

    How specific are the demands of those who will need to follow the IATF standard? May I ask for any illustration about this? Is the standard just about to keep order and stay organized in general or is there more specific requirements that are measurable and can more easily be said to violate?

    It would also be interesting to know if there is any supervisory body and if there are any sanctions if you do not do what is required.

    Answer:

    Implementation of the standard is not mandatory in sense of legal requirement, but if the customer requires it, you should implement it in order to keep the customer. The standard itself requires from the organization to require either IATF 16949 or ISO 9001 from its suppliers, so ISO 9001 is very minimum required from the companies supplying the IATF 16949 certified companies.

    The standard represents the set of rules and best practices in the industry and covers all processes related to the manufacturing of the product, as well as requirements for continual improvement. Most of the requirements are general because they should apply to different types of industries and different types of companies and the requirements are in most cases regarding the organization and managing the processes. For more information, see: What is IATF 16949? https://advisera.com/16949academy/what-is-iatf-16949/

    There is a supervisory body, and it is called certification body. You can hire them to audit your system and issue you a certificate to testify that you are compliant with the standard. In case when there are nonconformities found during the certification audit, you will get a report about the nonconformities and once you remove the nonconformities, you will get the certificate. For more information, see: Checklist of IATF 16949:2016 implementation steps https://advisera.com/16949academy/knowledgebase/checklist-of-iatf-16949-2016-implementation-steps/

  • Lack of organizational chart as nonconformity in ISO 14001


    Answer:

    The standard has no explicit requirement for an organizational chart. Absence of the organizational chart is not a nonconformity if the organization meet requirements for roles and responsibilities and determining necessary competence in other way, e.g. through procedures.

    For more information, see: How to Allocate Roles and Responsibilities According to ISO 14001 https://advisera.com/14001academy/blog/2017/10/17/how-to-allocate-roles-and-responsibilities-according-to-iso-14001/

    These materials will also help you regarding roles and responsibilities:
    - Book THE ISO 14001:2015 COMPANION https://advisera.com/books/the-iso-14001-2015-companion/
    - Free online training ISO 14001:2015 Foundations Course https://advisera.com/training/iso-14001-internal-auditor-course/
    - Conformio (online tool for ISO 4001) https://advisera.com/conformio/

  • Quality policy, a framework for setting quality objectives


    Answer:

    You don’t have to state that sentence in the Quality Policy. You have to demonstrate that your organization is doing it.
    In the Quality Policy your organization assumes a set of compromises with customers, and regulatory and statutory requirements. If your organization shows quality objectives that are derived from those compromises it is demonstrating the sentence of the standard (clause 5.2.1 b). For example, if your organization decides to work primarily for customers who value innovative products, a quality objective may be the number of patents registered. Another example, if your organization decides to work primarily for customers who value low-price and delivery time, quality objectives may be around cost reduction, efficiency improvement, delivery time compliance rate.

    The following material will provide you information about Qualit y Policy:

    How to Write a Good Quality Policy - https://advisera.com/9001academy/blog/2014/03/25/write-good-quality-policy/
    How to Write Good Quality Objectives - https://advisera.com/9001academy/knowledgebase/how-to-write-good-quality-objectives/
    free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • When go for ISO 27001 certification


    Answer: There is no single answer for this question, because the "right time" will depend on the the maturity and culture of each organization, as well as the size and complexity of the ISMS scope. For certification process purposes, an organization must have performed at least one cycle of its ISMS (from organizational context understanding to management review and continual improvement), and an ISMS implementation process can vary from 3 to 24 months (depending from the size and complexity of the ISMS scope).

    You can use our ISO 27001/ISO 22301 Implementation Duration Calculator, that can be found in this link: https://advisera.com/27001academy/free-tools/free-calculator-duration-of-iso-27001-iso-22301-implementation/) to have an idea on the duration of an ISO 27001 ISMS implementation considering your organization context.

    These materials will also help you regarding ISO 27001 certification process:
    - Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

  • Toolkit content

    I'm sorry about this confusion.

    The documents from sections A.5 and A.18 are not missing from the toolkit - you can find them here:
    - A.5 - all the documents from folder "08_Annex_A" cover the requirements about information security policies (A.5.1.1) and review of the policies (A.5.1.2)
    - A.18 - these documents are covered in the toolkit in folder "02 Procedure for identification of requirements”

    By the way, the ISO 27001 Documentation Toolkit is sold in more than 100 countries worldwide, we never received a complaint that some document was missing.
Page 824-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +