Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11269 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Sistema Integrado de Gestión
He recibido esta pregunta: La empresa donde estoy tiene que re-certificar a mediados de mayo de 2018, la ISO 9001 y 14001 : 2015. Si para la auditoria presento un sistema de gestión integrado, o sea armo una suerte de manual de calidad y gestión ambiental, por mas que para esta norma no es requisito. En ese manual colocaría todos los requisitos de las dos que son comunes a ambas y los voy desarrollando y en donde aplique, voy a colocar un link a procedimientos o instructivos de trabajo que venia utilizando, para no olvidarme de ningún requisito y que estén todos. Yo a mi SG lo tengo en una intranet en formato wiki o sea el lenguaje de programación es de la wikipedia. Te parece practico? Me gustaría tu opinión .Desde ya muchas gracias y saludos Mi respuesta: La redacción de un manual no se trata como bien dice de un documento obligatorio, sino de una buena práctica. Este manual necesitará describir el Sistema Integrado de Gestión, los procesos y sus interrelaciones, así como la documentación relacionada con el sistema. Tenga en cuenta que el propósito de un SIG es optimizar aún más los procesos y evitar la duplicación. Sin embargo, aunque se trate de un sistema integrado no significa que haya que poner menos atención en la auditoria de los sistemas individuales. El sistema debe de cumplir con los requerimientos de cada una las normas, con el fin de mantener un alto grado de credibilidad y efectividad. Con respecto a la segunda pregunta, no existe una regla específica para la documentación, siempre y cuando pueda ser diferenciada la distinta información documentada, sabiendo qué documento o registro aborda qué cuestión en particular entonces cumple los requisitos de la norma. Para más información puede ver los siguientes artículos: - "Cómo integrar ISO 14001 e ISO 9001" (en inglés): https://advisera.com/14001academy/blog/og/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/how-to-integrate-iso-14001-and-iso-9001/# - "Integrando ISO 9001 e ISO 14001"(en inglés)://advisera.com/9001academy/blog/2013/11/19/integrating-iso-9001-iso-14001/?icn=free-blog-9001&ici=top-integrating-iso-9001-and-iso-14001-txt Estos materiales también le ayudarán con respecto a la integración de los sistemas de gestión: - Libro "Gestión de documentación ISO: una guía en un lenguaje sencillo": https://advisera.com/books/gestion-de-documentacion-iso-una-guia-en-un-lenguaje-sencillo/ - Capacitación gratuita en línea: Curso de fundamentos ISO 14001 https://advisera.com/es/formacion/curso-fundamentos-iso-14001/ - Conformio (herramienta en línea para ISO 9001 e ISO 14001): https://advisera.com/conformio/ -
ITIL/ISO 20000 education
Answer:
It's hard to tell, that depends on many parameters, like context of your working environment/needs, why do you need that, what do you want to achieve, personal preferences, availability of training organization, professional path/ambitions, etc.
General, ITIL training encompasses more than ISO 20000, so it's also useful if you implement ISO 20000. On the other side, ISO 20000 training is ISO related, so you can use some logic for other standards as well.
Read the articles, to gain more information:
"ITIL Certification Path – list of all available ITIL trainings, exams and certificates" https://advisera.com/20000academy/knowledgebase/itil-certification-path-list-of-all-available-itil-trainings/
"How personal certificates can help your company’s IT Service Management" https://advisera.com/20000academy/blog/2017/04/18/how-personal-certificates-can-help-your-companys-it-service-management/
"New ITIL Practitioner Guidance book – what does this mean for your certification and implementation?" https://advisera.com/20000academy/blog/2016/08/30/new-itil-practitioner-guidance-book-what-does-this-mean-for-your-certification-and-implementation/
"Process to obtain ISO/IEC 20000 certification: Companies and individuals" https://advisera.com/20000academy/knowledgebase/iso-20000-certification-the-process-of-obtaining-a-certifica/ -
Change in Production environment as part of Incident Management process
Answer:
There are several issues here.
Not all changes are the same, meaning - changes have (or at least) should have different categories. So, not all changes need to be approved by change management. See the article:
"Elements of Change Management in ITIL" https://advisera.com/20000academy/blog/2013/04/23/elements-change-management-itil/
Changes you mention, from production environment, are changes on some service that is not yet in live environment. In that case - you can set different change procedure that is quicker and n ot that formal as for the services in live environment.
This webinar can also help you: "An overview of the ITIL Change Management Process" https://advisera.com/20000academy/webinar/an-overview-of-the-itil-change-management-process-free-webinar-on-demand/
And, finally, you are free to decide which changes will be a subject of formal approval, via CAB. Consider risks and costs while making that decision. -
Risks and opportunities according to clause 6.1 of ISO 9001:2015
Answer:
Clause 6.1 of ISO 9001:2015 has two parts. The first part is about determining risks and opportunities that an organization needs to address, according to its potential impact on the intended results, and seize relevant opportunities. The second part is about planning what to do to handle critical risks and opportunities.
What is a risk? ISO 9000:2015 defines risk as the effect of uncertainty on an expected result. What are the expected results of your company? What can affect those desired results? For example: One company can fail to deliver on time because raw-materials were delivered in an insufficient quantity. So, I would recommend that you start, one process at a time, to identify risks (what can go wrong with each process).
Then you look to all your identified risks and come up with a way to prio ritize them. Some risks occur more frequently than others, some risks have consequences much more serious than others. A common way is to classify risks considering the likelihood of happening and the potential consequences of that event.
Opportunities have a positive connotation and occur, for example, because new technology becomes available and allow a process to deliver a higher level of service, or a circumstance change and open a possibility. For example, a competitor decides to concentrate the business in a particular economic sector opening market for your company in other sectors.
Consider the risks classified as critical and decide what to do. You can act to reduce the likelihood of occurrence and/or act to reduce the potential consequences of those risks. For example, those actions can be implementation of controls, definition of methodologies or practices; substitution of a productive method for a more robust one, identification of alternative or complementary suppliers… You should plan the implementation of those actions and the evaluation of its effectiveness.
These materials will also help you regarding the topic of opportunities and risks:
- article - How to address risks and opportunities in ISO 9001 - https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
- article - Methodology for ISO 9001 Risk Analysis - https://advisera.com/9001academy/blog/2015/09/01/methodology-for-iso-9001-risk-analysis/
- free webinar – How to implement risk management in ISO 9001:2015 - https://advisera.com/9001academy/webinar/how-to-implement-risk-management-in-iso-90012015-free-webinar/
- free online training - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/ -
Getting IATF 16949 certified
Answer:
Clause 1.1 of IATF 16949 defines to what organizations it can be applied. The standard can be applied to sites of the organization where manufacturing of customer-specified production parts, service parts, and/or accessory parts occur. It cannot be implemented in the organization that doesn't perform at least one of these activities because IATF defines requirements for design, production, assembly, installation and services of automotive products, including products with embedded software and if the organization doesn't perform some of these processes, the standard cannot be implemented. -
Developing Quality Manual from scratch
I have just joined marine company as a safety and quality manager. I have now been tasked to develop a quality manual to submit for our next Invitation to tender which closes in 2 weeks.
This company is a marine company supplying small vessels on lease to our clients at day rate basis and call out basis. Our aim to to be able to bid fro jobs with the oil companies and supply big vessels and barges or even drilling rigs.
In the meantime we provide tank cleaning services, and maintenance services like Blasting and painting works. We do not manufacture any products but at times may be required to fabricate or build jets for the clients so that boats or ships can come alongside to drop off personnel and equipment.
Answer:
If you need to develop all documentation required by ISO 9001 from scratch in two weeks, I'm afraid that it won't be possible without some additional help. Since you have only two weeks to do it, I suggest you to focus primarily on the mandatory documents required by ISO 9001 and not to dev elop a manual, since it is no longer a mandatory document. Here you can see what documents are required by the standard: List of mandatory documents required by ISO 9001:2015 https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/
If you are required to have the manual, you should develop it in a way that it coves all requirements and yet to be short rather than lengthy document. Try avoiding any theory about the standard, such as terms and definitions and detailed history of the organization, but focus on the key information that the manual should contain. In any case avoid making the document longer that 10 pages. Here is one very interesting article that might help you: Writing a short Quality Manual https://advisera.com/9001academy/knowledgebase/writing-a-short-quality-manual/
These materials will also help you regarding the QMS documentation:
- Book Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/
- Free online training ISO 9001:2015 Foundations Course https://advisera.com/training/iso-9001-foundations-course/
- Conformio (online tool for ISO 9001) https://advisera.com/conformio/ " -
Determining KPI for measuring devices
Answer:
KPI for calibration of cable instrument would be number of calibrate instruments against number of all cable instruments the company has. But you don't have to establish KPI for every type of measuring equipment, you can have one KPI that covers all measuring equipment your organization uses.
For more information, see: How to define Key Performance Indicators for a QMS based on ISO 9001 https://advisera.com/9001academy/24/define-key-performance-indicators-qms-based-iso-9001/-iso-9001/
These materials will also help you regarding establishment of KPIs:
- Free online training ISO 9001:2015 Foundations Course https://advisera.com/training/iso-9001-foundations-course/
- Conformio (online tool for ISO 9001) https://advisera.com/conformio/ " -
Determining EMS scope for financial institution
Answer:
According to the standard, the organization needs to define the scope by listing all activities, products and services that it provides. In addition, it can define which locations are also covered with the scope. Waste disposal and use of resources are operational controls to be established once all activities, processes, products and services are examined. You can write financial services as your scope, you don't ave to go into much details but basically, the scope should show what type of business is the organization doing.
You can have the simple statement t hat the scope of your EMS cover financial services, or something in that style, but you must define it. The statement about your scope is usually something that will be written on your certificate and I assume you wouldn't like it to be something other than what your company does.
For more information, see: How to determine the scope of the EMS according to ISO 14001:2015 https://advisera.com/14001academy/blog/2016/02/01/how-to-determine-the-scope-of-the-ems-according-to-iso-140012015/
These materials will also help you regarding EMS scope:
- Free online training ISO 14001:2015 Foundations Course https://advisera.com/training/iso-14001-internal-auditor-course/
- Conformio (online tool for ISO 14001) https://advisera.com/conformio/ " -
Acceptable Risk Document
Answer: By Acceptable Risk Document I'm assuming you are referring to a document informing the results of a risk assessment. Considering that, in this document you have to include a brief description of the methodology you used to identify and analyse the risks, the criteria used to evaluate them and results of the risks assessment, including the list of acceptable risks, so anyone looking for information about how and why you decided to accept the risks can easily find it.
For an example of such similar content, I suggest you to take a look at the free demo of our Risk Assessment and Treatment Report at this link: https://advisera.com/27001academy/documentation/risk-assessment-and-treatment-report/
This article will provide you further explanation about risk assessment:
- ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowl edgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
- Why is residual risk so important? https://advisera.com/27001academy/knowledgebase/why-is-residual-risk-so-important/
These materials will also help you regarding risk assessment:
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- The basics of risk assessment and treatment according to ISO 27001 [free webinar on demand] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/ -
Incident Response Plan and Recovery Plan
Answer: Yes, your understanding is correct.
An incident response plan describes what has to be done immediately after a disaster occurs, to reduce the effects of the incident, while a Recovery Plan describes how to recover the infrastructure, applications, data, and how to decide when the recovery is completed so that normal operations can begin.
These articles will provide you further explanation about contents of a BCP:
- How to write business continuity plans? https://advisera.com/27001academy/blog/2010/04/08/how-to-write-business-continuity-plans/
- Activation procedures for busines s continuity plan https://advisera.com/27001academy/blog/2011/09/26/activation-procedures-for-business-continuity-plan/
This material will also help you regarding contents of a BCP:
- Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/