Search results

Home / Search

Category:
Select
Select

11277 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Change in Production environment as part of Incident Management process


    Answer:
    There are several issues here.
    Not all changes are the same, meaning - changes have (or at least) should have different categories. So, not all changes need to be approved by change management. See the article:
    "Elements of Change Management in ITIL" https://advisera.com/20000academy/blog/2013/04/23/elements-change-management-itil/
    Changes you mention, from production environment, are changes on some service that is not yet in live environment. In that case - you can set different change procedure that is quicker and n ot that formal as for the services in live environment.
    This webinar can also help you: "An overview of the ITIL Change Management Process" https://advisera.com/20000academy/webinar/an-overview-of-the-itil-change-management-process-free-webinar-on-demand/
    And, finally, you are free to decide which changes will be a subject of formal approval, via CAB. Consider risks and costs while making that decision.

  • Risks and opportunities according to clause 6.1 of ISO 9001:2015


    Answer:

    Clause 6.1 of ISO 9001:2015 has two parts. The first part is about determining risks and opportunities that an organization needs to address, according to its potential impact on the intended results, and seize relevant opportunities. The second part is about planning what to do to handle critical risks and opportunities.

    What is a risk? ISO 9000:2015 defines risk as the effect of uncertainty on an expected result. What are the expected results of your company? What can affect those desired results? For example: One company can fail to deliver on time because raw-materials were delivered in an insufficient quantity. So, I would recommend that you start, one process at a time, to identify risks (what can go wrong with each process).

    Then you look to all your identified risks and come up with a way to prio ritize them. Some risks occur more frequently than others, some risks have consequences much more serious than others. A common way is to classify risks considering the likelihood of happening and the potential consequences of that event.

    Opportunities have a positive connotation and occur, for example, because new technology becomes available and allow a process to deliver a higher level of service, or a circumstance change and open a possibility. For example, a competitor decides to concentrate the business in a particular economic sector opening market for your company in other sectors.

    Consider the risks classified as critical and decide what to do. You can act to reduce the likelihood of occurrence and/or act to reduce the potential consequences of those risks. For example, those actions can be implementation of controls, definition of methodologies or practices; substitution of a productive method for a more robust one, identification of alternative or complementary suppliers… You should plan the implementation of those actions and the evaluation of its effectiveness.

    These materials will also help you regarding the topic of opportunities and risks:

    - article - How to address risks and opportunities in ISO 9001 - https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
    - article - Methodology for ISO 9001 Risk Analysis - https://advisera.com/9001academy/blog/2015/09/01/methodology-for-iso-9001-risk-analysis/
    - free webinar – How to implement risk management in ISO 9001:2015 - https://advisera.com/9001academy/webinar/how-to-implement-risk-management-in-iso-90012015-free-webinar/
    - free online training - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/

  • Getting IATF 16949 certified


    Answer:

    Clause 1.1 of IATF 16949 defines to what organizations it can be applied. The standard can be applied to sites of the organization where manufacturing of customer-specified production parts, service parts, and/or accessory parts occur. It cannot be implemented in the organization that doesn't perform at least one of these activities because IATF defines requirements for design, production, assembly, installation and services of automotive products, including products with embedded software and if the organization doesn't perform some of these processes, the standard cannot be implemented.

  • Developing Quality Manual from scratch


    I have just joined marine company as a safety and quality manager. I have now been tasked to develop a quality manual to submit for our next Invitation to tender which closes in 2 weeks.

    This company is a marine company supplying small vessels on lease to our clients at day rate basis and call out basis. Our aim to to be able to bid fro jobs with the oil companies and supply big vessels and barges or even drilling rigs.

    In the meantime we provide tank cleaning services, and maintenance services like Blasting and painting works. We do not manufacture any products but at times may be required to fabricate or build jets for the clients so that boats or ships can come alongside to drop off personnel and equipment.

    Answer:

    If you need to develop all documentation required by ISO 9001 from scratch in two weeks, I'm afraid that it won't be possible without some additional help. Since you have only two weeks to do it, I suggest you to focus primarily on the mandatory documents required by ISO 9001 and not to dev elop a manual, since it is no longer a mandatory document. Here you can see what documents are required by the standard: List of mandatory documents required by ISO 9001:2015 https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/

    If you are required to have the manual, you should develop it in a way that it coves all requirements and yet to be short rather than lengthy document. Try avoiding any theory about the standard, such as terms and definitions and detailed history of the organization, but focus on the key information that the manual should contain. In any case avoid making the document longer that 10 pages. Here is one very interesting article that might help you: Writing a short Quality Manual https://advisera.com/9001academy/knowledgebase/writing-a-short-quality-manual/

    These materials will also help you regarding the QMS documentation:
    - Book Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/
    - Free online training ISO 9001:2015 Foundations Course https://advisera.com/training/iso-9001-foundations-course/
    - Conformio (online tool for ISO 9001) https://advisera.com/conformio/ "

  • Determining KPI for measuring devices


    Answer:

    KPI for calibration of cable instrument would be number of calibrate instruments against number of all cable instruments the company has. But you don't have to establish KPI for every type of measuring equipment, you can have one KPI that covers all measuring equipment your organization uses.

    For more information, see: How to define Key Performance Indicators for a QMS based on ISO 9001 https://advisera.com/9001academy/24/define-key-performance-indicators-qms-based-iso-9001/-iso-9001/

    These materials will also help you regarding establishment of KPIs:
    - Free online training ISO 9001:2015 Foundations Course https://advisera.com/training/iso-9001-foundations-course/
    - Conformio (online tool for ISO 9001) https://advisera.com/conformio/ "

  • Determining EMS scope for financial institution


    Answer:

    According to the standard, the organization needs to define the scope by listing all activities, products and services that it provides. In addition, it can define which locations are also covered with the scope. Waste disposal and use of resources are operational controls to be established once all activities, processes, products and services are examined. You can write financial services as your scope, you don't ave to go into much details but basically, the scope should show what type of business is the organization doing.

    You can have the simple statement t hat the scope of your EMS cover financial services, or something in that style, but you must define it. The statement about your scope is usually something that will be written on your certificate and I assume you wouldn't like it to be something other than what your company does.

    For more information, see: How to determine the scope of the EMS according to ISO 14001:2015 https://advisera.com/14001academy/blog/2016/02/01/how-to-determine-the-scope-of-the-ems-according-to-iso-140012015/

    These materials will also help you regarding EMS scope:
    - Free online training ISO 14001:2015 Foundations Course https://advisera.com/training/iso-14001-internal-auditor-course/
    - Conformio (online tool for ISO 14001) https://advisera.com/conformio/ "

  • Acceptable Risk Document


    Answer: By Acceptable Risk Document I'm assuming you are referring to a document informing the results of a risk assessment. Considering that, in this document you have to include a brief description of the methodology you used to identify and analyse the risks, the criteria used to evaluate them and results of the risks assessment, including the list of acceptable risks, so anyone looking for information about how and why you decided to accept the risks can easily find it.

    For an example of such similar content, I suggest you to take a look at the free demo of our Risk Assessment and Treatment Report at this link: https://advisera.com/27001academy/documentation/risk-assessment-and-treatment-report/

    This article will provide you further explanation about risk assessment:
    - ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowl edgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
    - Why is residual risk so important? https://advisera.com/27001academy/knowledgebase/why-is-residual-risk-so-important/

    These materials will also help you regarding risk assessment:
    - Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
    - The basics of risk assessment and treatment according to ISO 27001 [free webinar on demand] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/

  • Incident Response Plan and Recovery Plan


    Answer: Yes, your understanding is correct.

    An incident response plan describes what has to be done immediately after a disaster occurs, to reduce the effects of the incident, while a Recovery Plan describes how to recover the infrastructure, applications, data, and how to decide when the recovery is completed so that normal operations can begin.

    These articles will provide you further explanation about contents of a BCP:
    - How to write business continuity plans? https://advisera.com/27001academy/blog/2010/04/08/how-to-write-business-continuity-plans/
    - Activation procedures for busines s continuity plan https://advisera.com/27001academy/blog/2011/09/26/activation-procedures-for-business-continuity-plan/

    This material will also help you regarding contents of a BCP:
    - Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/

  • ISO 27001 and Data privacy protection regulations


    Is there a document that supports us when it comes to the point of ISO 27001 and the above mentioned? Data privacy protection regulations. Is there a checklist that would help us to deal with the new regulations we have from May 2018 on?

    The requirement is that we need to show that we can align ISO 27001 A. 18.1.4 and the DSGV. Clause A. 18.1.4 is often considered as not really up to the DSGV and its tight measures of Data privacy protection regulation.

    Answer: I approximately 2 months from now we will launch the EU GDPR Toolkit which will contain checklists and all other documentation required to ensure compliance with EU GDPR. At this moment I can suggest you other material that can help you:
    - Does ISO 27001 implementation satisfy EU GDPR requirements? https://advisera.com/27001academy/blog/2016/10/17/does-iso-27001-implementation-satisfy-eu-gdpr-requirements/
    - Data Privacy Protection, ISO 27001 and CISPE Code of Conduct https://advisera.co m/27001academy/blog/2016/10/31/data-privacy-protection-iso-27001-and-cispe-code-of-conduct/
    - What is EU GDPR and how can ISO 27001 help? https://info.advisera.com/27001academy/free-download/what-is-eu-gdpr-and-how-can-iso-27001-help

  • ISO 27001 software


    Answer: Only some activities related to ISO 27001 can be semi-automated (e.g., control of documents, controls measurement, risk assessment, etc.). Being a management system, ISO 27001 still requires some human intervention to analyse and evaluate information.

    At this link you can see our online tool Conformio, which can help you manage ISO 27001 implementation project and documentation after implementation: https://advisera.com/conformio/

    This article will provide you further explanation about automated tools:
    - When to use tools for ISO 27001/ISO 22301 and when to avoid them https://advisera.com/conformio/blog/2021/06/24/toolkit-vs-conformio-which-is-more-applicable-for-my-company/

    These materials will also help you regarding automated tools:
    - Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Page 866-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +