Search results

Home / Search

Category:
Select
Select

11277 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • QMS process interaction map

    Although I do not have the details of your process interaction map, the AS9100 standard has a specific statement about the QMS processes. Documented information is to be maintained that includes: "a description of the processes needed for the QMS and their application throughout the organisation". So you do not just need the process interaction map (this only lists the processes and shows their application), but what might be missing is the description of the processes. This could be done with references to process documents that you have, but if no documents were created (because you do not need to have documented procedures) then there needs to be another way to describe the processes needed.
    For your second question, the statement "no mandatory documents are require d" is a statement about the standard. There are no listed mandatory documented procedures in the standard, although you do need to maintain some processes as documented information (in particular non-conforming outputs and corrective action). The main question for creating additional documented procedures is "If I don't have a documented procedure for this can I have a non-conformity?" If the answer is yes, then you need to have a documented procedure. For some more information on the mandatory documentation needed by AS9100 take a look at this whitepaper:
    https://info.advisera.com/9100academy/free-download/as9100-rev-d-list-of-mandatory-documents

  • Becoming a consultant and internal auditor


    There are no requirements for consultants, if you are able to implement the standard and make the company pass the certification audit, that is all the organization needs from you. There are some courses like Lead Implementer, but I'm not sure if they will really help you. Lead Auditor course you've passed is sufficient to get you familiar with requirements of the standard and now you need to figure out how to implement those requirements. The good start is to see how the standard is implemented in some company and start from there. For more information, see How to become an ISO 9001 consultant https://advisera.com/9001academy/blog/2016/11/15/how-to-become-an-iso-9001-consultant/

    I want to know the basic prerequisite for becoming an Internal Auditor. Please respond with the required items that need to be acquired such as training, certificates, experience etc.

    the standard does not have requireme nts in terms of competence for internal auditors, but usually they need to be familiar with requirements of the standard and the processes within the company. It can be beneficial for internal auditors to pass either Lead Auditor or Internal Auditor course to get familiar with requirements of the standard and the auditing techniques. Here you can find our free to attend ISO 9001:2015 Internal Auditor Course https://advisera.com/training/iso-9001-internal-auditor-course/

    Another thing is, how to select a team of Internal Auditor for ISO 9001:2015 in an organization??? And if there is already a team of Internal Auditor for ISO 9001:2008 then how to transit them to ISO 9001:2015 and what are the prerequisites???

    THe best way to pick people for the internal auditor team is to select one person from each process and they should audit each other's work, and this is only in case when the organization doesn't have quality department. If it does, then the team should be comprised from people from the quality department. For auditors that are already familiar with 2008 revision of the standrad, the best option is to get familiar with new requirements and they are ready to get back to the auditing. They do not have to go through new internal auditor training, it is sufficient to attend some training on the new requirements of the standard. Here you can find our ISO 9001:2015 Foundations Course https://advisera.com/training/iso-9001-foundations-course/

  • Documentation toolkit content


    Objetivos de seguridad de información, resultados de la evaluación del riesgo (generalmente bajo la forma de un informe de evaluación de riesgos), los registros de competencia del empleado (generalmente en forma de certificados) y lista de disposiciones legales, estatutarias, reglamentarias y contractuales

    Sin embargo, no sabemos dónde ubicar esas plantillas en el paquete de documentos que he adquirido, por favor tu apoyo.

    (A question from the package of templates ... I was reviewing the book "Safe and Easy" and in chapter 5.1 talks about "Understanding the context of your organization", which indicates that regarding documentation is mandatory:

    Information security objectives, risk assessment results (usually in the form of a risk assessment report), employee competence records (usually in the form of certificates) and list of legal, statutory, regulatory and contractual provisions

    However, we do not know where to place those templates in the package of documents I have purchased, please support.)

    Answer: Included in your toolkit (in the root folder) there is a List of Documents file that shows you to which clause of the standards each template is related to. In this file you will find this information:

    - Information security objectives (required by clause 6.2) are covered by the "Information Security Policy" template, located at the folder 04 Information Security Policy, and the "Statement of Applicability" template, located at the folder 06 Statement of Applicability.
    - Risk assessment results (required by clause 6.1.2) are covered by the "Risk Assessment Table" template,and the "Risk Assessment and Risk Treatment Report" template, both located at the folder 05 Risk Assessment and Risk Treatment Methodology
    - Risk treatment results (required by clause 6.1.3) are covered by the "Risk Treatment Table" template, located at the folder 05 Risk Assessment and Risk Treatment Methodology, and the "Risk Treatment Plan" template, located at the folder 07 Risk Treatment Plan
    - List of legal, statutory, regulatory and contractual provisions (required by clauses 4.2 and A.18.1.1) is covered by the "List of Legal, Regulatory, Contractual and Other Requirements" template, located at the folder 02 Procedure for Identification of Requirements

    There is no specific template for employee competence records, because we consider organizations already have their own templates, as well as the training providers (they use already have their own certificates forms).

  • Responsible for asset related activities


    Answer: Asset related activities (and information must be considered one kind of asset) can be performed by the asset owner, but often this is performed by the head of the department. In either case, the responsible person can involve other people if he considers this necessary. For example, for risk assessment, people that perform daily activities related to the asset can participate in risk identification and analysis.

    These articles will provide you further explanation about asset related activities:
    - How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/
    - Information classification according to ISO 27001 https://advisera.com/27001academy/blog/2014/05/12/information-classification-according-to-iso-27001/
    - ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/

    These materials will also help you regarding asset related activities:
    - Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
    - The basics of risk assessment and treatment according to ISO 27001 [free webinar] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/

  • BCM implementation

    https://www.theverge.com/users/custom_write

  • NC regarding QMS effectiveness monitoring


    Answer:

    There is no single measurement that will tell you whether the QMS (Quality Management System) is effective or not. QMS effectiveness is comprised from different elements of the QMS and there could be several indicators ( KPI) to measure effectiveness and health of QMS, depending on organization's processes as well as Policy/quality objectives:
    - Number of major non conformities coming from second/third parts audit
    - Customer satisfaction improvement
    - Confirmed certification from Registrar
    - Obtain new certifications to improve your business
    - Increasing the number of orders from Customers
    - Cost reduction improvement ( including cost of poor quality)
    - Time to market reduction for new products
    - Zero defects achievement
    - Compliance to law and regulation

    For more information, see : Practical tips for measuring your QMS according to ISO 9001:2015 clause 9.1 https://advisera.com/9001academy/blog/2017/08/29/practical-tips-for-measuring-your-qms-according-to-iso-90012015-clause-9-1/

    These materials will also help you regarding QMS effectiveness:
    - Book Discover ISO 9001:2015 Through Practical Examples https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
    - Free online training ISO 9001:2015 Foundations Course https://advisera.com/training/iso-9001-foundations-course/
    - Conformio (online tool for ISO 9001) https://advisera.com/conformio/

  • Auditing operational controls


    Answer:

    Based on the identification and evaluation of occupational health and safety hazards in the organization and its operations, the organization needs to establish operational controls that will mitigate these hazards. Depending on the nature of the operational control, you will need to look for evidence that the operational control is implemented. For example, if the operational control for some workplace is to wear PPE (Personal Protective Equipment), you need to check whether the employees on this workplace really wear PPE.

    For more information, see: How to implement operational control in OHSAS 18001 https://advisera.com/18001academy/blog/2015/11/18/how-to-implement-operational-control-in-ohsas-18001/

  • Implementing ISO without certification


    Answer:

    Implementing any ISO standard can be beneficial for the organization even if the organization decide not to get certified and the ISO documentation as you call it can be useful in implementation and maintenance of the management system.

    For example, in case of ISO 9001, the documentation will help you define the processes and procedures, explain how the processes are carried out and also to make records whether the activities are performed as defined. By implementing this standard you will get all benefits that the standard brings, only without hanging the certificate on the wall. Here you can learn about ISO 9001 benefits: Six Key Benefits of ISO 9001 Implementation https://advisera.com/9001academy/knowledgebase/six-key-benefits-of-iso-9001-implementation/

    These materials will also help you regarding the implementation:
    - Book Discover ISO 9001:2015 Through Practical Examples https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
    - Free online training ISO 9001:2015 Foundations Course https://advisera.com/training/iso-9001-foundations-course/
    - Conformio (online tool for ISO 9001) https://advisera.com/conformio/

  • Scope for a small company with outsourced infrastructure to mother company


    Thus, we customer acquire the customer's, contact with them on own name but on behalf of our mother company. Data and customer information is saved in the databases and the portal which belongs to the other company. CRM system which we process is also not ours.

    However, our management has initiated ISO 27001 certification for our service company. I have selected the scope for ISO 27001 certification a business process.

    During the webinar you told me that it is very hard to get the certification if the business process will be certified.

    Answer:

    For a small company such as yours it is very difficult to lim it the scope of the implementation and certification to only one process - this is because once you define what is inside the ISMS scope, all other processes and activities that are left outside of the scope will be treated as external (third) parties. Therefore, for a company of 9 employees, the best would be to include your whole company in the ISMS scope.

    See also this article: Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/

    The fact that your company is not an owner of the equipment or services that you are providing doesn't change much - your company is responsible for the data because it is the contractual party with your clients. Therefore, you are responsible for safeguarding data even though this data is not placed on your servers. The fact that the processing is done by your mother company doesn't make much difference - the principle is the same as if you hosted this data on e.g. Amazon AWS, in other words you need to treat your mother company as a provider of services, i.e. as a third-party.
Page 844-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +