Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11277 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
BCM requirement in SLA or contract - Force majeure clause
But you should also note that even within this situation, a force majeure event can still happen (e.g. the alternative site being affected by a different event during a disruption on the main site), but chances of this happening are lower than if the provider did not have BCM practices at all.
These articles will provide you further explanation about supplier management:
- 6-step process for handling supplier security according to ISO 27001 https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/
- Which security clauses to use for supplier agreements? https://advisera.com/27001academy/blog/2017/06/19/which-security-clauses-to-use-for-supplier-agreements/ -
Interested parties, risks and opportunities and IMS
How to determine interested parties, their needs & expectations?
You need to identify internal and external interested parties relevant for your Quality Management System (QMS). Examples of internal interested parties are the top management, the board of directors, employees, unions, etc. External interested parties can be customers, government authorities, suppliers, local community, etc. For more information, see: How to determine interested parties and their requirements according to ISO 9001:2015 https://advisera.com/9001academy/blog/2015/11/10/how-to-determine-interested-parties-and-their-requirements-according-to-iso-90012015/
How to perform the risk assessment in ISO 9001:2015 ?
The standard does not require full scale risk assessment. All it requires is to identify risks and opportunities and this can be done by organizing brainstorming session with relevant people in the company and discuss risks and opportunities, or you can u se SWOT or PEST analysis, or if you like to implement the risks assessment, you can apply FMEA or some similar methodology. For more information, see: How to address risks and opportunities in ISO 9001 https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
And the companies like us who have integrated management system , how can we incorporate these changes in current system?
It depends on the standards you've integrated. If you implemented ISO 9001 and ISO 14001, there are a lot f similar changes and once you make updates for ISO 9001 you can make them for ISO 14001 as well. But the basic principle is to conduct a GAP analysis and determine tho what extent your current system is compliant with new version of the standard and what needs to be changed to achieve the full compliance. Then you can stat updating your management system. For more information, see: How to make the transition from ISO 9001:2008 revision to the 2015 revision https://advisera.com/9001academy/blog/2015/10/06/how-to-make-the-transition-from-iso-90012008-revision-to-the-2015-revision/
These materials will also help you regarding the ISO 9001 transition:
- Free online training ISO 9001:2015 Foundations Course https://advisera.com/training/iso-9001-foundations-course/
- Conformio (online tool for ISO 9001) https://advisera.com/conformio/ -
What to look for during 1st and 2nd stage audit
Answer:
In the 1st stage audit, the auditor will examine the documentation and determine whether it is compliant with requirements of the standard. This stage can be done on or off site of the audited organization. During this phase you will also develop your audit checklist and prepare for the 2nd stage audit.
During the 2nd stage audit, the auditor will examine processes and interview the employees to determine whether the processes are carried out according to the standard and EMS (Environmental Management System) documentation.
For more information, see: What will the ISO 14001 auditor ask you during the certification? https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/what-will-the-iso-14001-auditor-ask-you-during-the-certification/
These materials will also help you regarding the audit:
- Book Preparing for ISO Certification Audit: A Plain English Guide https://advisera.com/books/preparing-for-iso-certification-audit-plain-english-guide/
- Free online training ISO 14001:2015 Internal Auditor Course https://advisera.com/training/iso-14001-internal-auditor-course/
- Conformio (online tool for ISO 14001) https://advisera.com/conformio/ -
Evidence of awareness of the core tools
Answer:
Clause 7.2.3 d) requires from internal auditors to demonstrate competence regarding the applicable core tools. Therefore you don't need record about internal auditor awareness of the core tools but rather the evidence of competency, which can be certificate from appropriate course.
Secondly, you will need to retain documented information about the trainer competency to deliver such training. -
BCP tests clause
Answer: The ISO 22301 clause that requires BCP to be regularly tested is the clause 8.5 (exercising and testing).
This article will provide you further explanation about BCP tests:
- How to perform business continuity exercising and testing according to ISO 22301 https://advisera.com/27001academy/blog/2015/02/02/how-to-perform-business-continuity-exercising-and-testing-according-to-iso-22301/
These materials will also help you regarding BCP tests:
- Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/ -
Threats and small organizations
Answer: Basically, all organizations are exposed to the same types of threats, but due to their size, more limited resources, and sometimes misconceptions, these are some threats that are more relevant:
- Unauthorized physical access
- Malicious code
- Access to the network by unauthorized persons
- Unauthorized installation of software
- Unpatched software
This article will provide you further explanation about threats:
- Catalogue of threats & vulnerabilities https://advisera.com/27001academy/knowledgebase/threats-vulnerabilities/
This material will also help you regarding threats:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/ -
Business continuity objectives
Answer: Sure. Examples of business continuity objectives may be:
- Comply with xyz law/regulation by December 31, 2017, using ISO 22301 methodology
- Enter a new market in the next 12 months because of the ISO 22301 certificate
- During 2017, improve our recovery time by 12 hours while not incurring new costs.
This article will provide you further explanation about business continuity objectives:
- Setting the business continuity objectives in ISO 22301 https://advisera.com/27001academy/blog/2014/02/17/setting-the-business-continuity-objectives-in-iso-22301/
This material will also help you regarding business continuity objectives:
- Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/ -
AS9100D clause 8.4.2.d
We have been discussing a very interesting topic in the standard clause 8.4.2.d especially where the test reports need to be verified to confirm meets requirements. If we are REQUIRED to comply this will definitely not be able to due to the very expensive cost of verifying the plastic material we purchase for our Aerospace customers.
Are we misinterpreting this requirement or is there a less costly method to comply?"
Answer given:
Edward,
The actual wording of clause 8.4.2 d is "The organisation shall determine the verification, or other activities, necessary to ensure that the externally provided processes, products and service meet requirements." This is in regard to the type and extent of control that you need to place on external providers.
So, the requirement is asking you to determine what activities you will use to verify that you have processes, products and services that meet requirements. In your example, this could mean verification testing of the plastics products you receive, but it could also mean receiving and verifying the material test report from your supplier as a way of verifying that you received the product that meets the requirements. The requirement is not saying you need to verify every material you get, but to identify what activities are necessary.
Just one step further, the next sentence in the AS9100 Rev D standard states that the verification activities are to be performed according tot he risks identified by the organisation, so if you have not identified a risk for this material it would further indicate that extra material testing was not required. -
Examples on various IATF 16949 topics
1. Product safety (clause 4.4.1.2)
Products must be safe and comply when they are available for supply, or 'placed on the market'. This occurs when a manufacturer first makes the product available for further supply or when an importer takes ownership of the goods once they have been cleared by customs.
What is safe is determined by considering all characteristics of the product, how it is presented, the effect that it might have on other products it is likely to be used with and the consumers at risk when using it.
For many product sectors there is specific safety legislation (covering, for example, electrical goods and machinery), which sets out more detailed safety requirements applicable to those products. This legislation generally applies to both consumer and commercial products, but sets out the same safety criteria.
For more information, see: Ensuring product safety according to IATF 16949 https://advisera.com/16949academy/blog/2017/09/20/ensuring-product-safety-according-to-iatf-16949/
2. Confidentiality (8.1.2)
Confidentiality is usually determined by the customer. Some customer may require that documents or processes the organization perform to provide the product are under confidentiality agreement and cannot be presented to other parties.
3. Organization manufacturing feasibility (8.2.3.1.3)
Based on the customer requirements,the organization needs to determine whether it is capable to provide demanded product in therms of quality and quantity. It can be done through validation of manufacturing process, benchmariking studies or other methods.
4. Internal audit programme (9.2.2.1)
The IATF 16949 requirements for the audit program ask that you plan, establish, implement, and maintain an audit program, meaning that you need to have an ongoing program in effect.
The following information should be included in the program:
- Audit frequency
- Audit methods
- Responsibilities
- Requirements for planning
- Criteria for the audit
- Scope of the audit
- Audit reporting
For more information, see: Five Main Steps in an IATF 16949:2016 Internal Audit https://advisera.com/16949academy/knowledgebase/five-main-steps-in-an-iatf-169492016-internal-audit/ -
Organizational knowledge - Clause 7.1.6 of ISO 9001:2015
Answer:
Clause 7.1.6 of ISO 9001:2015 basically has two parts. The first one is about the knowledge necessary for the operation of processes and to get conforming products and services. For each process ask yourself what kind of knowledge each participant in a process need to perform proficiently each activity and to make good decisions.
The second part is about new knowledge to address changing needs and developments in know-how or market conditions, for example. Is like defining a radar of knowledge to watch and monitor in order to discover the new.
• article - How to manage knowledge of the organization according to ISO 9001
• - https://advisera.com/9001academy/blog/2016/08/30/how-to-manage-knowledge-of-the-organization-according-to-the-iso9001/
• - free online training ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/