Search results

Home / Search

Category:

Sort by:

Select

Types of user:

Select

11272 results

Guest

Create New Topic As guest or Sign in

Business department* About business* Organization size*

Title *

Body *

HTML tags are not allowed

Category *

Select

Assign topic to the user

Select user

Scope definition

Answer: On pre-sale phase you should look for information like: type of business, number of employees, number of locations, number of departments, main business process, and if the organization has previous experience with ISO management systems. With this information you can have an overall idea of the business and make an estimative of effort and time required and values for your job.

For calculating the implementation duration I suggest you to take a look at our Free Calculator – Duration of ISO 27001/ISO 22301 Implementation at this link: https://advisera.com/27001academy/free-tools/free-calculator-duration-of-iso-27001-iso-22301-implementation/

These articles will provide you further explanation about scope definition:
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
- Problems with defining the scope in ISO 27001 https ://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/

This material will also help you regarding scope definition:
- Preparations for the ISO Implementation Project: A Plain English Guide https://advisera.com/books/preparations-for-the-iso-implementation-project-a-plain-english-guide/
ISO 27001 and ISO 20000

Answer: I'm assuming you are asking if ISO 27001 certified organizations also needs to certify on ISO 20000. Considering that, I can say to you that being ISO 27001 certified does not ensure you are compliant with all requirements of ISO 20000 (ISO 27001 covers information security, while ISO 20000 covers IT services), so if an organization decides, or is required, to operate an IT service management system, it will need to work with ISO 20000 also, but as I said before, the effort will be lesser, because some requirements are already covered by ISO 27001 certified system.

These articles will provide you further explanation about ISO 27001 and ISO 20000:
- How to implement ISO 27001 and ISO 20000 together https://advisera.com/27001academy/blog/2015/03/16/how-to-implement-iso-27001-and-iso-20000-together/
- Incidents in ISO 22301 vs. ISO 27001 vs. ISO 20000 vs. ISO 28003 https://advisera.com/27001academy/blog/2016/09/05/incidents-in-iso22301-vs-iso27001-vs-iso-20000-vs-iso28003/

This material will also help you regarding ISO 27001 and ISO 20000:
- How to integrate ISO 27001 and ISO 20000 [free webinar on demand] https://advisera.com/27001academy/webinar/how-to-integrate-iso-27001-and-iso-20000-free-webinar-on-demand/
Project precification

(Which reference in the sales topic is considered when defining the profit margin for services rendered. As a professional independent auditor consultant?)

Answer: This answer depend on many variables (e.g., competitors in the market, customer's negotiation power, local taxes and regulations, the consultant experience and specialization levels, etc.) and business strategy.
Cost avoidance due to ISO ISMS

Answer: Yes, there is. For ISO 27001 one good reference is the Cost of Cyber Crime Report from Ponemon Institute (https://www.ponemon.org/library/2016-cost-of-cyber-crime-study-the-risk-of-business-innovation) (specifically see page 18 - Total cost of cyber crime for low versus high security profiles), but you have to be very careful when presenting these type of data to customers, because each organization has its unique context that can affect the risks to each one that are exposed and the impacts they may suffer, so basing on an opportunity to avoid costs in data from another organization can lead to wrong conclusions. You could say that these are only examples and that specif data about the client's organization must be evaluated to provide a more precise situation.

These articles will provide you further explanation regarding ISO 27001 costs:
- How much does ISO 27001 implementation cost? https://advisera.com/27001academy/blog/2011/02/08/how-much-does-iso-27001-implementation-cost/
- 5 ways to avoid overhead with ISO 27001 (and keep the costs down) https://advisera.com/27001academy/blog/2012/06/19/5-ways-to-avoid-overhead-with-iso-27001-and-keep-the-costs-down/
SOA content fields
Thank you!
Release product and services
What auditors want to get from it?

Answer:

The standard requires from organizations to ensure that the release product is compliant with requirements. Basically, you need to conduct quality control of the product to ensure it is compliant with the product requirements and to provide evidence of compliance with acceptance criteria. This can be simple report on the final quality assurance control with the signature of the person authorizing the release of the product or service.

For more information, see: ISO 9001: Requirements for the release of the product or service https://advisera.com/9001academy/blog/2017/03/28/iso-9001-requirements-for-the-release-of-the-product-or-service/
Determining organizational knowledge

Answer:

In order to determine the sufficient knowledge to conduct the process, you need to define the process first. For example if you are transportation company and you use trucks, your drivers must have licence for truck drivers. The standard doesn't require organizational knowledge to be documented and you don't need the procedure, but some parts of the knowledge will be documented through the work procedures, instructions, etc.

For more information, see: How to manage knowledge of the organization according to ISO 9001 https://advisera.com/9001academy/blog/2016/08/30/how-to-manage-knowledge-of-the-organization-according-to-the-iso9001/
Documents required for total productive maintenance

Answer:

IATF 16949 requires organization to document the system for total productive maintenance. Basically, you need to document the following:
- process equipment
- resources for machine, equipment and facility maintenance
- packaging and preservation of equipment
- applicable customer requirements
- documented maintenance objectives
- use of preventive maintenance methods
- periodic overhaul

For more information about mandatory documented information in IATF 16949, see: List of mandatory documents required by IATF 16949:2016 https://advisera.com/16949academy/knowledgebase/list-of-mandatory-documents-required-by-iatf-16949-2016/
IAF MD 9, ISO 13485 and ISO 9001

Answer:

There are no any restrictions on implementing ISO 13485, IAF MD 9 and ISO 9001 at the same time and integrating them into one single management system. Having integrated management system that covers several standards will decrease number of audit days compared to certifying these standards separately.

New ISO 13485 has more specific requirements regarding the design, production, sales and post delivery activities and, in my opinion it is better that the previous one. The standard is applicable to the distributors, and in some countries ISO 13485 i s a legal requirement for both manufacturers and distributes of medical devices, so if your country o customers requires it, you should implement it.

ISO 13485 is basically ISO 9001 adopted to medical device industry and I think it provides more value to medical device industry than the universal ISO 9001.

For more information, see: ISO 9001 vs. ISO 13485 https://advisera.com/9001academy/blog/2015/01/21/iso-9001-vs-iso-13485/
Documentação ISO 9001:2015
A nova revisão do ISO 9001: 2015 não requer nenhum procedimento, mas alguns registros e documentos. Em vez de seis procedimentos obrigatórios, existem agora seis documentos obrigatórios que não precisam ser na forma de um procedimento. No entanto, é uma boa prática ter alguns procedimentos que o ajudarão a ajudar a organização a cumprir os requisitos do padrão.

Para obter mais informações, consulte os seguintes artigos:

- "Lista de documentos obrigatorios requeridos pela ISO 9001:2015": https://advisera.com/9001academy/pt-br/knowledgebase/lista-de-documentos-obrigatorios-requeridos-pela-iso-90012015/

- "Inforgrafico ISO 9001:2015 vs versao 2008 o que mudou": https://advisera.com/9001academy/pt-br/knowledgebase/infografico-iso-90012015-vs-versao-2008-o-que-mudou/

Esses materiais também irão ajudá-lo em relação à documen tação ISO 9001:

- Livro "Gerenciando documentação ISO" (available in English, Spanish, German and Italian): https://advisera.com/books/managing-iso-documentation-plain-english-guide/

- Treinamento on-line gratuito: "Curso de fundamentação ISO 9001" (available in English, Spanish, and Italian): https://advisera.com/es/formacion/curso-fundamentos-iso-9001/

- Conformio (Ferramenta online para ISO 9001): https://advisera.com/conformio/

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +

Search results

11272 results

Create New Topic As guest or Sign in

Assign topic to the user

Want to vote?

Scope definition

ISO 27001 and ISO 20000

Project precification

Cost avoidance due to ISO ISMS

SOA content fields

Release product and services

Determining organizational knowledge

Documents required for total productive maintenance

IAF MD 9, ISO 13485 and ISO 9001

Documentação ISO 9001:2015

Didn’t find an answer?