Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Iso 9001 Job card

    thank you, i mean by the job card, the job description

  • Future of the Management Representative

    I would like to know how an organization should deal with the Management Representative being non-mandatory in 2015 version? What's the suggestion?

    The fact that the management representative is not mandatory doesn't mean it is forbidden, so if your organization find this role useful, you should keep it. This person is usually the most familiar with the standard and the system, so keeping management representative as a coordinator of all QMS related activities can be beneficial for the organization.

    For more information, see: What will be the destiny of the management representative in the new ISO 9001:2015? https://advisera.com/9001academy/knowledgebase/what-will-be-the-destiny-of-the-management-representative-in-the-new-iso-90012015/

    And I also want to know, if I want to be a consultant for implementing ISO 9001:2015 standard requirements within an organization, do I need only the standard knowledge or there are other formal training, certificates or requirements needed?

    No additional training and certificates are requi red. For consultants, the best measure of their success and competence is the certification audit. If your client fails the certification audit, they won't care about your certificates and also if they get the certificate. On the other hand, this is a way to demonstrate to your clients that you are competent and able to implement the standard. Usually consultants take courses for Lead Auditor and Lead Implementer, but the key is to build up your reference list because it will say much more that the certificates themselves.

    For more information, see: How to become an ISO 9001 consultant https://advisera.com/9001academy/blog/2016/11/15/how-to-become-an-iso-9001-consultant/

  • The transition and certification audit schedule


    SWOT analysis is not required by the standard, but it is useful tool to help organization determine the context and identify risks and opportunities. For more information, see: How to identify the context of the organization in ISO 9001:2015 https://advisera.com/9001academy/knowledgebase/how-to-identify-the-context-of-the-organization-in-iso-90012015/

    2. As our company got certification under ISO 9001:2008 in 2016 and there is a revision now so next year audit will happen and the certification will change to ISO 9001:2015. Correct.

    It will depend on how you arrange it with the certification body, if you want to have surveillance audit according to the previous version so be it. In my opinion, it is better to have certification audit against the new version. Anyway, the certification body cannot made this decision without your organization agreeing to it.

    3. My next audit is due in Aug'2018. The surveillance audit will be based on 9001:2008 or 9001:2015. Please advise.

    Again, this depends on how you will arrange the audit with the certification body, but it doesn't make too much sense on having the 2018 audit based on 2008 version of the standard since after September 2018, ISO 9001:2008 certificates will seize to be valid.

  • Interested parties versus customer satisfaction


    Answer:

    First, ISO 9001:2015 does not require documented information related with sub clause 4.2. Second, please do not confuse sub clause 4.2 with customer satisfaction (sub clause 9.1.2). Sub clause 4.2 is about determining who are the interested parties and what are their relevant requirements. Sub clause 9.1.2 is about monitoring customers perceptions of the degree to which their needs and expectations have been fulfilled. By the way, most organizations consider other interested parties besides customers:

    The following material will provide you information about interested parties:

    ISO 9001 – How to determine interested parties and their requirements according to ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/11/10/how-to-determine-interested-parties-and-their-requirements-according-to-iso-90012015// 015/
    free white paper - Clause-by-clause explanation of ISO 9001:2015 - https://info.advisera.com/9001academy/free-download/clause-by-clause-explanation-of-iso-90012015
    free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Various questions


    Operational controls should be implemented in processes where significant aspects emerge. This is requirements of the clause 8.1. For more information, see: Defining and implementing operational control in ISO 14001:2015
    https://advisera.com/14001academy/blog/2016/04/11/defining-and-implementing-operational-control-in-iso-140012015/140012015/

    Are all records to be maintained in hard copy. Is it true or false and justify.

    That is false, the record and documents in general can be kept in any media, paper or electronic. This requirement is stated in clause 7.5.2 b). For more information, see: How to structure ISO 14001 documentation https://advisera.com/14001academy/blog/2016/11/28/how-to-structure-iso-14001-documentation/

    The top management shall ensure that the responsibilities and authority for relevant roles are assigned and communicated within the organization aspects what is your understanding.

    The roles and respons ibilities within EMS (Environmental Management System) must be communicated by the top management to the employees. This can be done either through the documents (e.g. procedures, work instructions, announcements, etc.) or verbally. For more information, see: How to Allocate Roles and Responsibilities According to ISO 14001 https://advisera.com/14001academy/blog/2017/10/17/how-to-allocate-roles-and-responsibilities-according-to-iso-14001/

    Which clause of iso 14001 cover the use of calibrated or verified monitoring and measuring equipment.

    The clause that requires monitoring and measuring equipment to be calibrated is clause 9.1.1. The standard states that: "The organization shall ensure that calibrated or verified monitoring and measurement equipment is used and maintained as appropriate".

    These materials will also help you regarding ISO 14001:
    - Book THE ISO 14001:2015 COMPANION https://advisera.com/books/the-iso-14001-2015-companion/
    - Free online training ISO 14001:2015 Foundations Course https://advisera.com/training/iso-14001-internal-auditor-course/
    - Conformio (online tool for ISO 14001) https://advisera.com/conformio/

  • Information Classification and Handling according ISO 27001


    Answer: To see an example of how information classification and handling according ISO 27001 looks like, I suggest you to take a look at the free demo of our Information Classification Policy at this link: https://advisera.com/27001academy/documentation/information-classification-policy/

    This document covers ISO 27001 controls related to information classification and handling

    This article will provide you further explanation about information classification:
    - Information classification according to ISO 27001 https://advisera.com/27001academy/blog/2014/05/12/information-classification-according-to-iso-27001/

    These materials will also help you regarding information classification:
    - ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

  • Elaborating an audit checklist

    We received this question:

    >If for example under access control, in the XXX document of business I am doing an internal audit for, it clearly states that access requests are made by the IT administration and any approval or rejection is dealt with by the information and security manager or senior clerk. Would I still need to speak to the relevant people to ask this question, or would I simply note down that this information is in policy document number xxxx and effectively tick it off my list?
    >
    >The reason for asking is because this document is around 72 pages long and it could take considerable time to do these for each area within this one document. I would just like to be sure before I proceed with the checklist.

    Answer: You must include asking some questions to relevant people about this document to ensure people are acting accordingly what was planned (remember, in an audit you must verify if controls are planned and implemented properly and if people are performing as expected).

    Regarding the size of the document, you can choose some critical questions to make (you do not have to cover all the document in a single audit) considering the time you have to perform the audit. One interesting question is if you ask to the auditee to show you one access request he has made, explaining how he performed it.

  • Lead auditor and lead implementer courses


    thats what i need advise on…

    Answer: Since you work as a consultant, the ISO 27001 Lead Implementer course would be a more adequate alternative to you, since this course can help you understand and implement an ISO 27001 ISMS, and how to apply controls in Annex A.

    The ISO 27001 Lead Auditor Course is more adequate to a person who wants to become a certification auditor.

    These articles will provide you further explanation about lead implementer and lead auditor courses:
    - What does ISO 27001 Lead Implementer training look like? https://advisera.com/27001academy/blog/2016/11/28/what-does-iso-27001-lead-implementer-training-look-like/
    - What does ISO 27001 Lead Auditor training look like? https://advisera.com/27001academy/blog/2016/08/29/what-does-iso-27001-lead-auditor-training-look-like/
    - Lead Auditor Course vs. Lead Implementer Course – Which one to go for? https:// advisera.com/27001academy/blog/2014/06/16/lead-auditor-course-vs-lead-implementer-course-which-one-to-go-for/

  • Approaches beyond asset-based for risk assessment


    Answer: Since other methods besides the asset-based approach to risk assessment are not commonly used by small and medium organizations, we do not have specific material about them, but we can suggest you to take a look at the ISO 31010 standard (www.iso.org/standard/51073.html), which will provide you examples of other risk assessment methodologies, including the scenario-based approach.

    This article will provide you further explanation about ISO 31010:
    - ISO 31010: What to use instead of the asset-based approach for ISO 27001 risk identification https://advisera.com/27001academy/blog/2016/04/04/iso-31010-what-to-use-instead-of-the-asset-based-approach-for-iso-27001-risk-identification/
Page 831-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +