Search results

Home / Search

Category:
Select
Select

11277 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • 9.2 Auditoria interna

    La última versión de la norma ISO 19011 fue publicada en 2011. La versión revisada del estándar se publicará a mediados de 2018

    Es importante tener en cuenta que la ISO 19011 no determina ningún requisito, sino que se utiliza como una guía para la gestión del programa de auditorias, planificación y realización de las mismas, así como una guía para definir las competencias y evaluar el equipo de auditoria.

    Las actividades de auditoria de ISO 19011 detallan la gestión de las actividades para las auditorias propiamente dichas. Este enfoque formal puede ayudar a asegurar que las auditorias internas sean efectivas y coherentes, y construyen la integridad del sistema de auditoria interna. Estos pasos definidos en ISO 19011 no son obligatorios ( por ejemplo, para pequeñas empresas pueden obviarse algunos de ellos), pero constituyen una buena práctica para llevar a cabo una auditoria.

    Para más información puedes ver los siguientes artículos:

    - "13 pasos para la auditoria interna ISO 9001 utilizando ISO 19011" (en inglés): https://advisera.com/9001academy/knowledgebase/13-s teps-for-iso-9001-internal-auditing-using-iso-19011/#

    - "Cinc grandes pasos en la auditoria interna de ISO 9001": https://advisera.com/9001academy/pt-br/kit-de-documentacao-da-iso-9001/nowledgebase/cinco-grandes-pasos-en-la-auditoria-interna-de-iso-9001/

    Estos materiales pueden ayudarte respecto a las auditorias internas de ISO 9001:

    - Libro "Auditoria interna ISO: una guia en un lenguaje sencillo": https://advisera.com/books/auditoria-interna-iso-una-guia-en-un-lenguaje-sencillo/

    - Capacitación gratuita en línea: "Curso fundamentos ISO 9001": https://advisera.com/es/formacion/curso-fundamentos-iso-9001/

    - Conformio (herramienta en línea para ISO 9001): https://advisera.com/conformio/

  • ISO 27001 Audit requirements

    Thank you.

  • Risk assessment and risk treatment


    Answer: Yes. Now that you have identified which risks are to be treated, you have to define with the risk owners the deadlines and required resources, and get the complete risk treatment plan approved by top management.

    2- Should everything be done before we got certified? For example, if we want to get certified during summer 2018, should all deadlines in Risk treatment plan be set before that?

    Answer: No. You can leave some of the controls for the implementation for after the certification under the following conditions:

    1) That you have implemented before the certification the controls that mitigate the biggest risks – in other words, you can leave only less important controls for after the certification.
    2) That you have specified th e deadlines for the controls that you will be implementing after the certification in your Risk Treatment Plan – of course, those deadlines must be after the certification date.
    3) That your risk owners or top management accept all the risks for which controls have not been implemented before the certification.

    This means that the most important controls must have ”implemented“ status at the certification, while the less important controls can have status ”planned“ or ”partially implemented" at the moment of the certification. Of course that for controls with status of ”partially implemented" you have to keep evidences of activities already performed regarding the implementation (the certification auditor won't audit the control, but he will verify if the implementation plan is being executed).

    Included in the toolkit you bought you have access to video tutorials that can help you with the risk assessment and treatment process.

  • Oportunidades en ISO 9001

    En particular en el caso de la industria farmacéutica, cuales podrían ser?
    O donde puedo encontrar material al respecto.

    Mi respuesta:

    La norma ISO 9001:2015 requiere de la organización determinar y seleccionar oportunidades para mejorar e implementar las acciones necesarias para cumplir con los requisitos del cliente y así aumentar su satisfacción.
    Estas deberían de incluir:
    a) mejorar productos y servicios para cumplir con los requerimientos así como abordar futuras necesidades y expectativas;
    b) corregir, prevenir o reducir efectos no deseados;
    c)mejorar el rendimiento y la efectividad del sistema de gestión de calidad.

    Las oportunidades pueden llevar a la adopción de nuevas prácticas, lanzamiento de nuevos productos, la apertura de nuevos mercados, creación de alianzas, utilización de nueva tecnología y otras posibilidades deseables y viables para abordar las necesidades de la organización o de sus consumidores

    Para más información, vea los sigu ientes artículos:

    - "Cómo abordar los riesgos y las oportunidades en ISO 9001" (en inglés): https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/#

    - "Metodología para el análisis de riesgos de ISO 9001" (en inglés): https://advisera.com/9001academy/blog/2015/09/01/methodology-for-iso-9001-risk-analysis/

    Estos materiales también podrán ayudarle respecto a la determinación y evaluación de los riesgos y las oportunidades:

    - Libro "Preparación para el proyecto de implementación ISO: una guía en un lenguaje sencillo": https://advisera.com/books/preparacion-para-el-proyecto-de-implementacion-iso-una-guia-en-un-lenguaje-sencillo/

    - Capacitación gratuita en línea: Curso de fundamentos ISO 9001: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/

    - Conformio (herramienta en línea para ISO 14001): https://advisera.com/conformio/

  • Auditing risks


    Answer:

    Considering the requirements of the standard related to risks and opportunities, it is hard to find nonconformities related to addressing risks and opportunities. You need to focus on the risks and opportunities related to the effectiveness of the QMS, product or service conformity and customer satisfaction. Fire extinguisher you mentioned belongs to occupational health and safety risks and it is not par o the QMS risks.

    You need to see how they identify risks and opportunities, do they have a record about risks and opportunities and most importantly have they taken actions to address risks and opportunities. Since the standard doesn't require any record, the best way to look for evidence whether actions are taken and whether they were effective is the record about management review. The organization probably produced some records about the risks and opportunities, but the technique that you will have to relay the most is the interview with the top management.

    For more information, see: How to address risks and opportunities in ISO 9001 https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/

  • Corrective vs. Preventive actions


    Answer:

    Corrective action is taken when there is some nonconformity in the product, process or the QMS (Quality Management System) itself. Purpose of the preventive action is to resolve the cause of the nonconformity and prevent it from recurring.

    Preventive action is taken when there is no nonconformity but there is a high chance of nonconformity or the organization what to take actions to improve the processes or the QMS. Purpose of the preventive action is to prevent nonconformity from occurring in the first place and to improve the QMS. In new version of the standard, preventive actions are replaced with actions to address risks and opportunities.

    For more information, see: Seven Steps for Corrective and Preventive Actions to support Continual Improvement https://advisera.com/9001academy/blog/2013/10/27/seven-steps-corrective-preventive-actions-support-continual-improvement/

  • External documents to be controlled


    Answer: External documents are any documents not owned or controlled by an organization that are required to its operation, either mandatory or voluntarily adopted. Examples of external documents to be controlled are Laws (e.g., SOX and EU GDPR), standards and regulations (e.g., the ISO 27001 itself).

    These materials will also help you regarding control of documents:
    - Free video tutorial that you received as part of your toolkit: How to Write ISO 27001/ISO 22301 Document Control Procedure
    - Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/
    - Conformio (online tool for ISO 27001) https://advisera.com/conformio/

  • Data Protection Impact Analysis


    Answer: I approximately 2 months from now we will launch the EU GDPR Toolkit which will contain checklists and all other documentation required to ensure compliance with EU GDPR, including templates to help with DPIA.

  • ISO 27001 and business continuity


    Answer: ISO 27001 aspects on business continuity process (section A.17 from ISO 27001 Annex A) are related to ensuring the availability of information and information systems during either crisis or disaster situations. So while ISO 22301 has a holistic view of business continuity (as you pointed), ISO 27001 focuses on the information aspects of business continuity.

    2 - Do you have a 1-day programme or course outline and notes or pointers fort self-study on the topic of Understanding & applying ISO22301 the faster or easy way?If you do would it be possible that you email it o me as I like to know the process thoughts.

    Answer: For understanding and application of ISO 22301 I can suggest these material:
    - What is ISO 22301? https://advisera.com/27001academy/knowledgebase/what-is-iso-22301/
    - Implementing Bus iness Impact Analysis according to ISO 22301 [free webinar] https://advisera.com/27001academy/webinar/implementing-business-impact-analysis-according-to-iso-22301-free-webinar/
    - Writing a business continuity plan according to ISO 22301 [free webinar] https://advisera.com/27001academy/webinar/writing-a-business-continuity-plan-according-to-iso-22301-free-webinar-on-demand/
    - Developing the business continuity strategy according to ISO 22301 [free webinar on demand] https://advisera.com/27001academy/webinar/developing-the-business-continuity-strategy-according-to-iso-22301-free-webinar-on-demand/
    - Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/
Page 863-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +