Search results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Address for certification


    Answer: I don't know the legal requirements of your country to start a company, but in terms of certification you should have at least one dedicated office location (company's headquarters), where the people accountable for the company can be found. This dedicated office can be the home address of the founder / CEO of the company. You can present this address as company's address and all other locations can be considered remote locations and can be audited accordingly.
  • Cybersecurity and ISO 9001


    Answer: Cybersecurity is the protection of computer systems from situations that can prevent them to fulfill their intended objectives, and ISO 9001 is a standard related to quality management, with focus on meeting customer's requirements and ensure their satisfaction.

    That said, cybersecurity can be related to ISO 9001:2015 if your organization depends on computer systems to meet the customer's requirements. This dependency can be either stated explicitly by the customer, or it can be identified by the organization itself as a critical success factor to meet customers demands.
    For cybersecurity implementation you can use ISO 27001, which can use ISO 9001 as support. For more infotmation about ISO 27001 and ISO 9001, please see:
    - Using ISO 9001 for implementing ISO 27001 https://advisera.com/27001academy/blog/2010/03/08/using-iso-9001-for-implementing-iso-27001/
    - ISO 27001 implementa tion: How to make it easier using ISO 9001 [free webinar on demand] https://advisera.com/27001academy/webinar/iso-27001-implementation-make-easier-using-iso-9001-free-webinar-demand/
  • Scheduled releases


    Answer:
    I assume you mean the project that have planned releases. If that's the case, it is under control of Release and Deployment Management (which is part of the Service Transition, according to ITIL).
    Release and Deployment Management is explained in more details in the articles:
    "ITIL Transition – All about testing in Release and Deployment Management" https://advisera.com/20000academy/blog/2015/11/17/itil-transition-all-about-testing-in-release-and-deployment-management/
  • Defining scope for ISO 14001 based EMS


    Answer:

    THe scope of Environmental Management System (EMS) is a simple statement on to what processes, products and services and locations your EMS is applied to. It can be as simple as "EMS of XYZ Company applies to following processes [...], services [...] and locations [...]." THis statement can be documented as a separate document or included in the Environmental Manual or any other document which you see fit.

    For more information, see: How to determine the scope of the EMS according to ISO 14001:2015 https://advisera.com/14001academy/blog/2016/02/01/how-to-determine-the-scope-of-the-ems-according-to-iso-140012015/

    These materials will also help you regarding EMS scope:
    - Free online training ISO 14001:2015 Foundations Course ht tps://advisera.com/training/iso-140012015-foundations-course/
    - Conformio (online tool for [write the relevant standard]) https://advisera.com/conformio/ "
  • Exclusion of ISO 9001 requirements in call centre


    Answer:

    Clause 8.3 is referring to both product and services, but if the organization doesn't develop new services, it can exclude clause 8.3 from the scope of its QMS (Quality Management System). Property belonging to the customer has nothing to do with the clause 8.3, this clause can be excluded regardless of whether the company is using customer property in its processes or not. Clause 8.5.3 is dealing with requirements regarding customer property and it can also be excluded if the organization does not use such property.

    For call centre, you can also consider excluding clause 7.1.5 Monitoring and measuring resources, 8.5.6 Release of products and services and 8.5.5 Post-delivery activities. For any exclusion made, you need to provide and document justification.

    For more information, see: What clauses can be excluded in ISO 9001:2015? https://advisera.com/9001academy/blog/2015/07/07/what-clauses-can-be-excluded-in-iso-90012015/2015/

    These materials will also help you regarding ISO 9001 implementation:
    - Book (eBook) Discover ISO 9001:2015 Through Practical Examples https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
    - Free online training ISO 9001:2015 Foundations Course https://advisera.com/training/iso-9001-foundations-course/
    - Conformio (online tool for ISO 9001) https://advisera.com/conformio/
  • Auditing finance department


    Answer:

    Since the standard doesn't have any requirements regarding accounting and finance, the only way of auditing them is against the organization internal procedures regarding accounting and finance. Department of finance and accounting is often left out from the scope of the QMS, simply because it is perceived that these processes do not affect quality of the product and service and customer satisfaction. In the same way they can be left out from the scope of ISO 9001 internal audit.

    For more information, see: ISO 9001 – How to prepare for an internal audit https://advisera.com/9001academy/blog/2017/09/26/iso-9001-how-to-prepare-for-an-internal-audit/

    These materials will also help you regarding internal audit:
    - Book ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
    - Free online training ISO 9001:2015 Internal Auditor Course https://advisera.com/training/iso-9001-internal-auditor-course/
    - Conformio (online tool for ISO 9001) https://advisera.com/conformio/
  • Verification of internal auditors for IATF 16949


    Answer:

    In order to verify the internal auditors, they need to demonstrate competences for:
    - understanding process approach and risk-based thinking
    - understanding of customer specific requirements
    - understanding of applicable ISO 9001 and IATF 16949 requirements
    - understanding of the core tools, and
    - understanding of the auditing techniques.

    In order to demonstrate this, the auditors should provide some evidence in terms of experience and training they had on these topics. The training can be conducted by the organization itself, or by some external trainers. Basically, the training records can be sufficient to demonstrate competence. Also, all auditors need to be listed in a record about qualified internal auditors.

    For more information, see: How to ensure competence of your employees according to IATF 16949 https://advisera.com/16949academy/blog/2017/10/04/how-to-ensure-competence-of-your-employees-according-to-iatf-16949/
  • Implementation of control A.18.2.2


    Challenge here is that the "line managers" are usually not in a position to review information security ... so to fulfil this what would they actually need to prove/review? The standard does say "review IS processing in their area [...] with appropriate security policies, standards and any other security requirements".

    Actually this could be read that, let´s say the production manager has to make sure that OHAS, 9001 etc are correctly followed - so the fulfillment of A18.2.2 is rather an issue outside 27k (and would not require a special Risk Assessment for this)

    Answer: The main objective of the section A.18.2 is "to ensure that information security is implemented and operated in accordance with the organizational policies and procedures", so I wouldn't agree with your interpretation that "production manager has to make sure that OHAS, 9001 etc are correctly followed" is related to A18.2.2 because this control speaks about information security implementation, not about quality management o r health & safety.

    Considering that, to fulfil control A.18.2.2 managers must define how this will be done. The most common approaches are:

    - through review of internal audits results
    - through results provided by monitoring and measurement tools
    - through the evaluation of the results achieved against security objectives and security performance indicators

    Additionally, the managers also must define how eventual non conformities identified will be handled.

    This article will provide you further explanation about controls monitoring:
    - How to perform monitoring and measurement in ISO 27001 https://advisera.com/27001academy/blog/2015/06/08/how-to-perform-monitoring-and-measurement-in-iso-27001/
    - Key performance indicators for an ISO 27001 ISMS https://advisera.com/27001academy/blog/2016/02/01/key-performance-indicators-for-an-iso-27001-isms/
    - ISO 27001 control objectives – Why are they important? https://advisera.com/27001academy/blog/2012/04/10/iso-27001-control-objectives-why-are-they-important/
  • Transition and Objectives & Quality Policy


    Answer:

    Normally, during transition from ISO 9001:2008 to 2015 there is no need to change objectives and policy. Nevertheless, I would recommend you check if the quality policy is appropriated to the context and is aligned with the strategic direction. Concerning the objectives, I would recommend you check if the there is a need to consider statutory or regulatory requirements. And don’t forget the requirements of planning how to meet those objectives.

    The following material will provide you details with objectives and quality policy:

    Article - How to Write Good Quality Objectives
    - https://advisera.com/9001academy/knowledgebase/how-to-write-good-quality-objectives/

    Article - Aligning quality objectives of the QMS with the strategic direction of the company
    - https://advisera.com/9001academy/blog/2017/03/07/aligning-quality-objectives-of-the-qms-with-the-strategic-direction-of-the-company/
    Article - How to make the transition from ISO 9001:2008 revision to the 2015 revision
    - https://advisera.com/9001academy/blog/2015/10/06/how-to-make-the-transition-from-iso-90012008-revision-to-the-2015-revision/
    White paper - Twelve-step transition process from ISO 9001:2008 to the 2015 revision - https://info.advisera.com/9001academy/free-download/twelve-step-transition-process-from-iso-90012008-to-the-2015-revision
    - free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
Page 851-vs-13485 of 1130 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +