Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11272 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Implementación ISO 9001
Mi respuesta:
Lo que se certifican son las actividades, que coinciden con el alcance de la certificación. En el caso de que quieras implementar ISO 9001 en un solo departamento/unidad de la organización/localización, no existen demasiados beneficios, ya que la norma ISO 9001 ha sido desarrolla para ser aplicada en la totalidad de la organización, por lo que contiene requisitos para toda la organización.
Para más información vea "Cómo definir el alcance del SGC de acuerdo a la ISO 9001:2015": https://advisera.com/9001academy/pt-br/kit-de-documentacao-da-iso-9001/nowledgebase/como-definir-el-alcance-del-sgc-de-acuerdo-a-la-iso-90012015/
Estos materiales también pueden ayudarte en la implementación de ISO 9001:2015:
- Libro "Preparación para el proyecto de implementación: Una guía en un lenguaje sencillo": https://advisera.com/books/preparacion-para-el-proyecto-de-implementacion-iso-una-guia-en-un-lenguaje-sencillo/
- Curso gratuito en línea: Curso de fundamentos ISO 9001: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/
- Conformio (herramienta en línea para ISO 9001): https://advisera.com/conformio/ -
ISO 22301 toolkit content relate to internal and external issues
Answer: The information required by ISO 22301 clause 4.1 is addressed by following templates:
- Organization's activities (from clause 4.1 a)) and potential impact from disruptive incidents are addressed by template Business Impact Analysis Questionnaire (located at folder 04 Business Impact Analysis Methodology)
- Organization's functions (from clause 4.1 a)) are addressed in all templates when an activity to be performed is required (by means of the field [job title]). Functions related specifically to the BCMS are defined in the template Business Continuity Policy, section 3.5, (located at folder 03 Business Continuity Policy)
- Organization's product and services (from clause 4.1 a)) are addressed by template Business Continuity Policy, section 3.5, (located at folder 03 Business Continuity Policy)
- Relations with suppliers, partners and interested parties (from clause 4.1 a)) are addressed by template Business Continuity Strategy (located at folder 05 Business Continuity Strategy)
- Relationships between the Business Continuity Policy and other organization's policies, objectives and general risk management strategy (from clause 4.1 b)) are addressed by template Business Continuity Policy, section 2, (located at folder 03 Business Continuity Policy)
- Organization's risk appetite (from clause 4.1 c)) is addressed by template Business Impact Analysis Questionnaire, section 6 (maximum acceptable outage) (located at folder 04 Business Impact Analysis Methodology) -
Toolkit content
- NOC (network operations center) policy
- Log Management – not as part of the annex a section A12 operating procedures
- Capacity Management/Business Capacity
- Client Complaint Policy
Answer: These documents you mentioned are not mandatory for ISO 27001, and they are not usually used by smaller companies, that's why we didn't include specific template for them in the toolkit, but regarding the Log Management, you can use the content of Operating Procedures for Information and Communication Technology template to create a specific document using blank template that comes with your toolkit.
Our toolkits focus on small and mid-size companies, and that's the reason we do not write documents to cover each control – for those companies this large number of documents would result in an overkill for many of them. Instead of that a single template may cover multiple controls.
If you consider that these documents are needed for your organization, i ncluded in your toolkit you can schedule a meeting with one of our experts and he can help you elaborate such documents. To schedule a meeting with one of our experts, please access this link: https://advisera.com/27001academy/consultation/ -
Templates content differences
Could you explain essence and main differences between next tree documents?
Appendix_1_Risk_Assessment_Table_EN.xlsx, Appendix_2_Risk_Treatment_Table_EN.xlsx, and Risk_Treatment_Plan_EN.docx
Answer: Sure.
The Appendix_1_Risk_Assessment_Table_EN.xlsx is the document used to list all identified risks during the risk assessment and currently related implemented controls (when they exist).
The Appendix_2_Risk_Treatment_Table_EN.xlsx is the document used to select treatment options and controls.
Finally, the Risk_Treatment_Plan_EN.docx is the document where you list all the actions and resources needed to implement the treatment options identified on the Risk Treatment Table, as well as the respective deadlines and responsible people.
As you can see, from the Risk assessment table to the risk treatment table, the information becomes more focused on the risks that must be treated. You could have all this information on a single document, but this will make it more complex to handle.
By the way, included in the toolkit you bought you have access to video tutorials that will explain you about these documents and how to fill them in.
This article will provide you further explanation about risk treatment and risk treatmewnt plan:
- Risk Treatment Plan and risk treatment process – What’s the difference? https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#treatment -
Template customization
Answer: The internal audit checklist is based on the clauses of the standard, but you are free to include additional questions (e.g., questions that would cover controls not listed on ISO 27001 Annex A), or change the existing ones if you understand another text will make the checklist cover the requirements of the company own documentation.
This article will provide you further explanation about elaborating checklists:
- How to make an Internal Audit checklist for ISO 27001 / ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/
These materials will also help you regarding audit checklists:
- ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
- ISO 27001:2013 INTERNAL AUDITOR COURSE https://advisera.com/training/iso-27001-internal-auditor-course/ -
Graphical presentation of risks
Thanks; that's really helpful. -
How PDCA meets the sections of AS9100 Rev D
Answer:
The AS9100 Rev D standard follows the PDCA cycle very well, and has been written in this order. Plan is covered by Sections 4(context), 5(leadership) & 6(planning). Do is covered by Sections 7(support) & 8(operation). Check is covered in section 9 (Performance evaluation). Act is covered in section 10 (improvement)
For more on how this works see this article: https://advisera.com/9100academy/knowledgebase/pdca-cycle-in-as9100-rev-d/ -
Can you certify to AS9102?
Answer:
Unlike AS9100, you cannot be certified against AS9102. AS9102 is a support standard that gives you the best practice for First Article Inspection, but is not required for AS9100 certification, nor is it designed to be certified against.
If you want to know more about the support standards for AS9100 see this article: https://advisera.com/9100academy/blog/2017/10/23/how-does-as9101-as9102-as9103-relate-to-as9100-rev-d/ -
Certification and compliance
Answer:
Each country has its own legislative and regulatory framework. Normally, in Europe there is no requirement for certification. About chemical compounds to introduce in the European Union you should check Regulation (EC) No 1907/2006.