Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11272 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Integrating OHSAS 18001 with ISO 9001 and ISO 14001
Answer:
The fact that MR (management Representative) by ISO 9001 and ISO 14001 doesn't mean it is to forbidden to have one. You can decide to keep MRs for ISO 9001 and ISO 14001 in addition to MR for OHSAS 18001, or you can just write in your IMS manual who is MR for OHSAS 18001 and what are his or her responsibilities. The only way how you can have nonconformity regarding MR is not to appoint one for OHSAS 18001.
For more information, see: Which roles and responsibilities should exist in the OH&SMS according to OHSAS 18001? https://advisera.com/18001academy/blog/2016/01/13/which-roles-and-responsibilities-should-exist-in-the-ohsms-according-to-ohsas-18001/ -
Identification and traceability
What is your opinion? Thank you for your time and attention.
Answer:
The worst thing you can do is to hire two consultants at the same time, it is the safest way to get conflicting information :) Jokes aside, the standard requires organization to apply methods for identification and traceablity only to the outputs of its processes, not the inputs (raw materials, etc.). If you don't have explicit requirement from your cu stomer to perform identification and traceability of your raw materials, you don't have to do it.
For more information, see: How to use ISO 9001 to facilitate the manufacturing of a complex product https://advisera.com/9001academy/blog/2016/02/02/how-to-use-iso-9001-to-facilitate-the-manufacturing-of-a-complex-product/ -
Certified internal auditors
Answer:
There is no requirement for internal auditors to be certified, thy only need to be familiar with requirements of the standard and auditing techniques. Your existing auditors just need to get familiar with new requirements of the standard and they will be ready to conduct internal audits.
Here you can find our, free to attend, ISO 9001:2015 Internal Auditor Course https://advisera.com/training/iso-9001-internal-auditor-course/
These materials will also help you regarding internal audit:
- Book ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
- Conformio (online tool for ISO 9001) https://advisera.com/conformio/ -
Questions on internal audit
There is no requirement to establish entire procedure, it enough to establish criteria for selecting the internal auditors and criteria is knowledge of the standard and auditing techniques.
Is this only the responsibility of management Representative to select the internal auditors or management decision ?
The standard does not specify who should be appointing internal auditors, it can be the management representative or somebody else, whatever the organization finds the most appropriate.
How it should be impartial selection?
Of course, you cannot ensure 100% impartiality, but what the organization should avoid is situation where internal auditor is auditing his own work.
What if Internal audit delays due to work again and again, will it be count as a non conformity or not?
No, you can always reschedule the internal audit, bu it is important to perform it. If internal audit program is not followed, it can be considered as nonconformity. For more information, see: What is the ISO 9001 audit program, and how does it work? https://advisera.com/9001academy/blog/2017/01/24/what-is-the-iso-9001-audit-program-and-how-does-it-work/
These materials will also help you regarding internal audit:
- Book ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
- Free online training ISO 9001:2015 Internal Auditor Course https://advisera.com/training/iso-9001-internal-auditor-course/
- Conformio (online tool for ISO 9001) https://advisera.com/conformio/ " -
Embedded software
Answer:
Embedded software is computer software, written to control machines or devices that are not typically thought of as computers. It is typically specialized for the particular hardware that it runs on and has time and memory constraints.
The clause refers to organizations that are developing the software, not to the ones that are only using or embedding the software into its products, so you can consider this clause as inapplicable to your organization. -
Risk assessment and information classification
Answer: Information classification is a security control you implement after the risk assessment, so you do not classify information and performs risks assessment, but by means of the risk assessment you identify the need to classify information, generally because you have types of information that requires different types of securitycontrols.
This article will help you with document classification:
- Information classification according to ISO 27001 https://advisera.com/27001academy/blog/2014/05/12/information-classification-according-to-iso-27001/
These materials will also help you regarding document classification:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/ -
BCM presentation
The meeting audience are CEO, shareholders of the bank and MD’s across 36 countries.
Answer: Unfortunately we do not have an specific business continuity management presentation to offer you, but I suggest you to take a look at these two free ISO 27001 presentations:
- Project proposal for ISO 27001 implementation https://info.advisera.com/27001academy/free-download/project-proposal-for-iso-27001-implementation-powerpoint
- Why ISO 27001 – Awareness presentation https://info.advisera.com/27001academy/free-download/why-iso-27001-awareness-presentation
Their structure can be adapted to ISO 22301 information and can be used to present the concept to your management.
These materials will provide you further explanation about ISO 22301 to help build your presentation:
- What is ISO 22301? https://advisera.com/27001academy/knowledgebase/what-is-iso-22301/
- ISO 22301: An overview of the BCM impl ementation process [free webinar on demand] https://advisera.com/27001academy/webinar/iso-22301-overview-bcm-implementation-process-free-webinar-demand/ -
Standards and Frameworks Integration
Answer: Yes. Since 2012 all released ISO management systems have the same structure, which makes integration easier. Regarding other frameworks, they have many similarities with ISO standards, being only a question of mapping the correlations between them.
These articles will provide you further explanation about integrating standards and frameworks:
- How to implement ISO 27001 and ISO 20000 together https://advisera.com/27001academy/blog/2015/03/16/how-to-implement-iso-27001-and-iso-20000-together/
- How to integrate COSO, COBIT, and ISO 27001 frameworks https://advisera.com/27001academy/blog/2016/10/10/how-to-integrate-coso-cobit-and-iso-27001-frameworks/
- ISO 27001 vs. ITIL: Similarities and differences https://advisera.com/27001academy/blog/2016/03/07/iso-27001-vs-itil-similarities-and-differences/
- How to implement integrated management systems https://advisera.com/27001academy/blog/2015/10/05/how-to-implement-integrated-management-systems/
These materials will also help you regarding integrating standards and frameworks:
- Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- ISO 27001 & ISO 22301: Why is it better to implement them together? [free webinar on demand] https://advisera.com/27001academy/webinar/iso-27001iso-22301-certification-process-free-webinar-demand/
- How to integrate ISO 27001 and ISO 20000 [free webinar on demand] https://advisera.com/27001academy/webinar/how-to-integrate-iso-27001-and-iso-20000-free-webinar-on-demand/ -
Residual risk
Many thanks for your advice. -
Toolkit content - business continuity
(in which document of the ISO 27001 package can I locate the information security guidelines in the business continuity? (ISO 27002: 2013 Chapter 17))
Answer: The templates which cover the information security aspects in business continuity are located on folder 08 Annex A, sub folder A.17 Business Continuity.
In the List of documents file that comes with your toolkit you have information about which template covers which standard's clause and where they are located.