Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Auditing single departments


    Answer: Yes, you can limit your audit just to one department. Regarding the fact that this department uses the same network, servers and physical location, you should look for if these elements comply with the requirements defined for the department you are auditing (if different departments have different levels of security requirements, the organization should consider segregate them in groups with similar requirements).

    These articles will provide you further explanation about performing audits:
    - How to prepare for an ISO 27001 internal audit https://advisera.com/27001academy/blog/2016/07/11/how-to-prepare-for-an-iso-27001-internal-audit/
    - How to make an Internal Audit checklist for ISO 27001 / ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/

    These materials will also help you regarding audits:
    - ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
    - ISO 27001:2013 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/

  • Lista de verificación


    Mi respuesta:

    Se pueden establecer 13 pasos necesarios para asegurar que no olvidamos nada durante la implementación y preparación para la certificación:

    1) Obtener el apoyo de la dirección
    2) Identificar los requerimientos
    3) Definir el alcance
    4) Definir los procesos y los procedimientos
    5) Implementar los procesos y los procedimientos
    6) Programas de formación y de concienciación
    7) Elegir una entidad certificadora
    8) Operar el SGC/Medir el sistema
    9) Realizar las auditorias internas
    10) Realizar la revisión por la dirección
    11) Corrective Action Acciones correctivas
    12) Fase 1 de la auditoria de certificación
    13) Fase 2 de la auditoria de certificación

    Para más información, vea(disponible en inglés): https://advisera.com/9001academy/knowledgebase/checklist-of-iso-9001-implementation-certification-steps/#

    Además puedes descargar "lista de verificación de la documentación requerida obligatoria por la ISO 9001:2015 : https://info.advisera.com/9001academy/es/descarga-gratuita/lista-de-verificacion-de-la-documentacion-requerida-obligatoria-por-iso-90012015

    These materials will also help you regarding the ISO 9001 implementation:Estos materiales te ayudarán además con la implementación de ISO 9001:

    - Libro "Preparación para el proyecto de implementación ISO: una guía en un lenguaje sencillo": https://advisera.com/books/preparacion-para-el-proyecto-de-implementacion-iso-una-guia-en-un-lenguaje-sencillo/

    - Formación gratuita en línea: Curso de Fundamentos de ISO 9001 https://advisera.com/es/formacion/curso-fundamentos-iso-9001/

    - Conformio (herramienta en línea ISO 9001): https://advisera.com/conformio/

  • QMS process interaction map

    Although I do not have the details of your process interaction map, the AS9100 standard has a specific statement about the QMS processes. Documented information is to be maintained that includes: "a description of the processes needed for the QMS and their application throughout the organisation". So you do not just need the process interaction map (this only lists the processes and shows their application), but what might be missing is the description of the processes. This could be done with references to process documents that you have, but if no documents were created (because you do not need to have documented procedures) then there needs to be another way to describe the processes needed.
    For your second question, the statement "no mandatory documents are require d" is a statement about the standard. There are no listed mandatory documented procedures in the standard, although you do need to maintain some processes as documented information (in particular non-conforming outputs and corrective action). The main question for creating additional documented procedures is "If I don't have a documented procedure for this can I have a non-conformity?" If the answer is yes, then you need to have a documented procedure. For some more information on the mandatory documentation needed by AS9100 take a look at this whitepaper:
    https://info.advisera.com/9100academy/free-download/as9100-rev-d-list-of-mandatory-documents

  • Becoming a consultant and internal auditor


    There are no requirements for consultants, if you are able to implement the standard and make the company pass the certification audit, that is all the organization needs from you. There are some courses like Lead Implementer, but I'm not sure if they will really help you. Lead Auditor course you've passed is sufficient to get you familiar with requirements of the standard and now you need to figure out how to implement those requirements. The good start is to see how the standard is implemented in some company and start from there. For more information, see How to become an ISO 9001 consultant https://advisera.com/9001academy/blog/2016/11/15/how-to-become-an-iso-9001-consultant/

    I want to know the basic prerequisite for becoming an Internal Auditor. Please respond with the required items that need to be acquired such as training, certificates, experience etc.

    the standard does not have requireme nts in terms of competence for internal auditors, but usually they need to be familiar with requirements of the standard and the processes within the company. It can be beneficial for internal auditors to pass either Lead Auditor or Internal Auditor course to get familiar with requirements of the standard and the auditing techniques. Here you can find our free to attend ISO 9001:2015 Internal Auditor Course https://advisera.com/training/iso-9001-internal-auditor-course/

    Another thing is, how to select a team of Internal Auditor for ISO 9001:2015 in an organization??? And if there is already a team of Internal Auditor for ISO 9001:2008 then how to transit them to ISO 9001:2015 and what are the prerequisites???

    THe best way to pick people for the internal auditor team is to select one person from each process and they should audit each other's work, and this is only in case when the organization doesn't have quality department. If it does, then the team should be comprised from people from the quality department. For auditors that are already familiar with 2008 revision of the standrad, the best option is to get familiar with new requirements and they are ready to get back to the auditing. They do not have to go through new internal auditor training, it is sufficient to attend some training on the new requirements of the standard. Here you can find our ISO 9001:2015 Foundations Course https://advisera.com/training/iso-9001-foundations-course/

  • Documentation toolkit content


    Objetivos de seguridad de información, resultados de la evaluación del riesgo (generalmente bajo la forma de un informe de evaluación de riesgos), los registros de competencia del empleado (generalmente en forma de certificados) y lista de disposiciones legales, estatutarias, reglamentarias y contractuales

    Sin embargo, no sabemos dónde ubicar esas plantillas en el paquete de documentos que he adquirido, por favor tu apoyo.

    (A question from the package of templates ... I was reviewing the book "Safe and Easy" and in chapter 5.1 talks about "Understanding the context of your organization", which indicates that regarding documentation is mandatory:

    Information security objectives, risk assessment results (usually in the form of a risk assessment report), employee competence records (usually in the form of certificates) and list of legal, statutory, regulatory and contractual provisions

    However, we do not know where to place those templates in the package of documents I have purchased, please support.)

    Answer: Included in your toolkit (in the root folder) there is a List of Documents file that shows you to which clause of the standards each template is related to. In this file you will find this information:

    - Information security objectives (required by clause 6.2) are covered by the "Information Security Policy" template, located at the folder 04 Information Security Policy, and the "Statement of Applicability" template, located at the folder 06 Statement of Applicability.
    - Risk assessment results (required by clause 6.1.2) are covered by the "Risk Assessment Table" template,and the "Risk Assessment and Risk Treatment Report" template, both located at the folder 05 Risk Assessment and Risk Treatment Methodology
    - Risk treatment results (required by clause 6.1.3) are covered by the "Risk Treatment Table" template, located at the folder 05 Risk Assessment and Risk Treatment Methodology, and the "Risk Treatment Plan" template, located at the folder 07 Risk Treatment Plan
    - List of legal, statutory, regulatory and contractual provisions (required by clauses 4.2 and A.18.1.1) is covered by the "List of Legal, Regulatory, Contractual and Other Requirements" template, located at the folder 02 Procedure for Identification of Requirements

    There is no specific template for employee competence records, because we consider organizations already have their own templates, as well as the training providers (they use already have their own certificates forms).

  • Responsible for asset related activities


    Answer: Asset related activities (and information must be considered one kind of asset) can be performed by the asset owner, but often this is performed by the head of the department. In either case, the responsible person can involve other people if he considers this necessary. For example, for risk assessment, people that perform daily activities related to the asset can participate in risk identification and analysis.

    These articles will provide you further explanation about asset related activities:
    - How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/
    - Information classification according to ISO 27001 https://advisera.com/27001academy/blog/2014/05/12/information-classification-according-to-iso-27001/
    - ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/

    These materials will also help you regarding asset related activities:
    - Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
    - The basics of risk assessment and treatment according to ISO 27001 [free webinar] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/

  • BCM implementation

    https://www.theverge.com/users/custom_write

  • NC regarding QMS effectiveness monitoring


    Answer:

    There is no single measurement that will tell you whether the QMS (Quality Management System) is effective or not. QMS effectiveness is comprised from different elements of the QMS and there could be several indicators ( KPI) to measure effectiveness and health of QMS, depending on organization's processes as well as Policy/quality objectives:
    - Number of major non conformities coming from second/third parts audit
    - Customer satisfaction improvement
    - Confirmed certification from Registrar
    - Obtain new certifications to improve your business
    - Increasing the number of orders from Customers
    - Cost reduction improvement ( including cost of poor quality)
    - Time to market reduction for new products
    - Zero defects achievement
    - Compliance to law and regulation

    For more information, see : Practical tips for measuring your QMS according to ISO 9001:2015 clause 9.1 https://advisera.com/9001academy/blog/2017/08/29/practical-tips-for-measuring-your-qms-according-to-iso-90012015-clause-9-1/

    These materials will also help you regarding QMS effectiveness:
    - Book Discover ISO 9001:2015 Through Practical Examples https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
    - Free online training ISO 9001:2015 Foundations Course https://advisera.com/training/iso-9001-foundations-course/
    - Conformio (online tool for ISO 9001) https://advisera.com/conformio/

  • Auditing operational controls


    Answer:

    Based on the identification and evaluation of occupational health and safety hazards in the organization and its operations, the organization needs to establish operational controls that will mitigate these hazards. Depending on the nature of the operational control, you will need to look for evidence that the operational control is implemented. For example, if the operational control for some workplace is to wear PPE (Personal Protective Equipment), you need to check whether the employees on this workplace really wear PPE.

    For more information, see: How to implement operational control in OHSAS 18001 https://advisera.com/18001academy/blog/2015/11/18/how-to-implement-operational-control-in-ohsas-18001/
Page 843-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +