Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11275 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
ISO 20000 implementation
Answer:
I assume you have support of your management and required resources (e.g. IT Service Management (ITSM) tool, human resources, etc.). If not - you have to ensure that before you begin.
Since you are small company - don't exaggerate with project (organization) setup. Keep basic characteristics of the project structure.
If you don't know your ITSM state compared to ISO 20000 - do the GAP Analysis (https://advisera.com/20000academy/itil-iso-20000-tools/itil-gap-analysis-tool/).
So, you are ready to start. Following the standard's structure is good idea. You can also see the structure of the ISO 20000 toolkit and follow the sequence of the toolkit (see https://advisera.com/20000academy/iso-20000-documentation-toolkit/)
Finally, this article can help you: "12 steps for ISO 20000 implementation" https://advisera.com/20000academy/blog/2016/09/06/12-steps-for-iso20000-implementation/ -
Identificación de aspectos ambientales
Mi respuesta:
Es necesario identificar los aspectos ambientales de las actividades, productos y servicios de la organización dentro de el alcance que haya sido definido dentro del sistema de gestión ambiental, y considerando la perspectiva de ciclo de vida. "Alcance" de un SGA incluye las funciones de la organización, los límites físicos y sus actividades, productos y servicios a los cuales aplicarán los requisitos de la norma ISO 14001. Por otro lado, sólo se deben de considerar los aspectos que la organización pueda controlar y aquellos que puedan influir, teniendo en cuenta desarrollos nuevos o en planificación así como actividades, productos y servicios tanto nuevos o en planificación.
Para más información, vea el artículo "4 pasos en la identificación y evaluación de aspectos ambientales": https://advisera.com/14001academy/es/knowledgebase/4-pasos-en-la-identificacion-y-evaluacion-de-aspectos-ambientales/
Esto s materiales también le ayudarán con respecto a la norma 14001 y la identificación de aspectos ambientales:
- Libro "Preparación para el proyecto de implementación ISO: una guía en un lenguaje sencillo": https://advisera.com/books/preparacion-para-el-proyecto-de-implementacion-iso-una-guia-en-un-lenguaje-sencillo/
- Cpacitación gratuita en línea: Curso fundamentos ISO 14001 https://advisera.com/training/es/course/curso-fundamentos-iso-14001/
- Conformio (herramienta en línea para ISO 14001): https://advisera.com/conformio/ -
Implementing ISO 9001 to only one department
Note:- Organization is at single Physical location do not have any sub-office or do not have any branch.
Answer:
In theory, ISO 9001 can apply to one department but such implementation will have too many constrains. You will need to consider the rest of the company as a customer basically, and you will still need to implement processes that already exist in the company for this one single department. This doesn't make too much sense since implementing the standard in this way will have very limited affect on the quality of the product and services and real customers, so I would suggest you to avoid it and implement the standard for entire organization because the level of effort will be pretty much the same.
For more information, see: How to define the scope of the QMS according to ISO 9001:2015 https://advisera.com/9001academy/knowledgebase/how-to-define-the-scope-of-the-qms-according-to-iso-90012015/ -
Integrating OHSAS 18001 with ISO 9001 and ISO 14001
Answer:
The fact that MR (management Representative) by ISO 9001 and ISO 14001 doesn't mean it is to forbidden to have one. You can decide to keep MRs for ISO 9001 and ISO 14001 in addition to MR for OHSAS 18001, or you can just write in your IMS manual who is MR for OHSAS 18001 and what are his or her responsibilities. The only way how you can have nonconformity regarding MR is not to appoint one for OHSAS 18001.
For more information, see: Which roles and responsibilities should exist in the OH&SMS according to OHSAS 18001? https://advisera.com/18001academy/blog/2016/01/13/which-roles-and-responsibilities-should-exist-in-the-ohsms-according-to-ohsas-18001/ -
Identification and traceability
What is your opinion? Thank you for your time and attention.
Answer:
The worst thing you can do is to hire two consultants at the same time, it is the safest way to get conflicting information :) Jokes aside, the standard requires organization to apply methods for identification and traceablity only to the outputs of its processes, not the inputs (raw materials, etc.). If you don't have explicit requirement from your cu stomer to perform identification and traceability of your raw materials, you don't have to do it.
For more information, see: How to use ISO 9001 to facilitate the manufacturing of a complex product https://advisera.com/9001academy/blog/2016/02/02/how-to-use-iso-9001-to-facilitate-the-manufacturing-of-a-complex-product/ -
Certified internal auditors
Answer:
There is no requirement for internal auditors to be certified, thy only need to be familiar with requirements of the standard and auditing techniques. Your existing auditors just need to get familiar with new requirements of the standard and they will be ready to conduct internal audits.
Here you can find our, free to attend, ISO 9001:2015 Internal Auditor Course https://advisera.com/training/iso-9001-internal-auditor-course/
These materials will also help you regarding internal audit:
- Book ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
- Conformio (online tool for ISO 9001) https://advisera.com/conformio/ -
Questions on internal audit
There is no requirement to establish entire procedure, it enough to establish criteria for selecting the internal auditors and criteria is knowledge of the standard and auditing techniques.
Is this only the responsibility of management Representative to select the internal auditors or management decision ?
The standard does not specify who should be appointing internal auditors, it can be the management representative or somebody else, whatever the organization finds the most appropriate.
How it should be impartial selection?
Of course, you cannot ensure 100% impartiality, but what the organization should avoid is situation where internal auditor is auditing his own work.
What if Internal audit delays due to work again and again, will it be count as a non conformity or not?
No, you can always reschedule the internal audit, bu it is important to perform it. If internal audit program is not followed, it can be considered as nonconformity. For more information, see: What is the ISO 9001 audit program, and how does it work? https://advisera.com/9001academy/blog/2017/01/24/what-is-the-iso-9001-audit-program-and-how-does-it-work/
These materials will also help you regarding internal audit:
- Book ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
- Free online training ISO 9001:2015 Internal Auditor Course https://advisera.com/training/iso-9001-internal-auditor-course/
- Conformio (online tool for ISO 9001) https://advisera.com/conformio/ " -
Embedded software
Answer:
Embedded software is computer software, written to control machines or devices that are not typically thought of as computers. It is typically specialized for the particular hardware that it runs on and has time and memory constraints.
The clause refers to organizations that are developing the software, not to the ones that are only using or embedding the software into its products, so you can consider this clause as inapplicable to your organization. -
Risk assessment and information classification
Answer: Information classification is a security control you implement after the risk assessment, so you do not classify information and performs risks assessment, but by means of the risk assessment you identify the need to classify information, generally because you have types of information that requires different types of securitycontrols.
This article will help you with document classification:
- Information classification according to ISO 27001 https://advisera.com/27001academy/blog/2014/05/12/information-classification-according-to-iso-27001/
These materials will also help you regarding document classification:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/ -
BCM presentation
The meeting audience are CEO, shareholders of the bank and MD’s across 36 countries.
Answer: Unfortunately we do not have an specific business continuity management presentation to offer you, but I suggest you to take a look at these two free ISO 27001 presentations:
- Project proposal for ISO 27001 implementation https://info.advisera.com/27001academy/free-download/project-proposal-for-iso-27001-implementation-powerpoint
- Why ISO 27001 – Awareness presentation https://info.advisera.com/27001academy/free-download/why-iso-27001-awareness-presentation
Their structure can be adapted to ISO 22301 information and can be used to present the concept to your management.
These materials will provide you further explanation about ISO 22301 to help build your presentation:
- What is ISO 22301? https://advisera.com/27001academy/knowledgebase/what-is-iso-22301/
- ISO 22301: An overview of the BCM impl ementation process [free webinar on demand] https://advisera.com/27001academy/webinar/iso-22301-overview-bcm-implementation-process-free-webinar-demand/