Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11269 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Legal requirements
I assuming you are referring to clause 4.2 (determination of requirements of interested parties) instead of clause 4.1 (understanding the organization and its context). Considering that, besides this clause and section A.18.1 you mentioned, ISO 27001 refers to legal issues also in control A.8.2.1 (classification of information).
You should also consider clause 9.3 (management review), because it covers among other things interested parties feedback, changes in organizational context and the performance of security controls, as well as controls that regulate agreements, like A.7.1.2 (Terms and conditions of employment), A.13.1.2 (Security of network services), A.13.2.2 (Agreements on information transfer), A.13.2.4 (Confidentiality or nondisclosure agreements), and A.15.1.2 (Addressing security within supplier agreements).
This article will provide you further explanation about audit:
- How to make an Internal Audit checklist for ISO 27001 / ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/
This material will also help you regarding audit:
- ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/ -
ISO 27002 NIST and the Cybersecurity Framework
Answer: All these references provides guidance on the implementation of security controls. ISO 27002 provides guidance on the controls from Annex A from ISO 27001 standard. NIST Special Publications from 800 series (SP-800), provides a series of documents with more detailed recommendations either on implementation of controls (e.g., cryptography, access control, etc.) as well as about implementation of a risk management framework. Cybersecurity Framework is kind of a specific application of NIST documents related to cyber environment.
These articles will provide you further explanation about these documents:
- ISO 27001 vs. ISO 27002 https://advisera.com/27001academy/knowledgebase/iso-27001-vs-iso-27002/
- How to use the NIST SP800 series of standards for ISO 27001 implementation https://advisera.com/27001academy/blog/2016/05/02/how-to-use-the-nist-sp800-series-of-standards-for-iso-27001-implementation/
- How to use NIST SP 800-53 for the implementation of ISO 27001 controls https://advisera.com/27001academy/blog/2016/05/10/how-to-use-nist-sp-800-53-for-the-implementation-of-iso-27001-controls/
- Which one to go with – Cybersecurity Framework or ISO 27001? https://advisera.com/27001academy/blog/2014/02/24/which-one-to-go-with-cybersecurity-framework-or-iso-27001/ -
Monitoring and measuring results and management review inputs
Among the inputs for a sound management review should be information:
• to evaluate if the particular monitoring and measurement methods (clause 9.1.1) have been used and are adequate to demonstrate the organization's ability to achieve planned results. For example, if top management considers important to know if customers are lost after complaining, or if complains are answered in a timely manner, it must assess if the indicators chosen to monitor how the organization handle complains allow to know that.
• to evaluate the performance and effectiveness of the QMS and identify trends and opportunities for improvement (clause 9.1.3). For example, the level of defects with raw materials received in the warehouse is within acceptable limits or are a sign that supplier selection procedures must be improved?
These materials will also help you regarding monitoring and measurement, and management review:
- article - Monitoring an d Measurement: The basis for evidence-based decisions https://advisera.com/9001academy/blog/2020/09/21/how-to-perform-monitoring-and-measurement-according-to-iso-9001/
- article - How to make Management Review more useful in the QMS https://advisera.com/9001academy/blog/2014/01/21/make-management-review-useful-qms/
- free online training - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/ -
Product safety
Hi Elvina,
The element of the product safety can be combustibility of the product, chemical that dissolve over the course of time, It can also be resistance to impact, fire, chemicals, etc. It depends on the type of the product and its purpose. In some cases there are no significant product safety requirements. -
Joining QA/QC team
Answer:
The best way to join the QA/QC team is to get relevant competency and be able to contribute to the team. I suggest you get knowledge on the quality management system and being a document controller makes you already familiar with some parts of the standard. You can also take a look at our free ISO 9001:2015 Internal Auditor Course https://advisera.com/training/iso-9001-internal-auditor-course/ -
Preparing for internal audit
Answer:
When conducting the internal audit you need to check all requirements of the standard and determine to what level the organization is compliant to requirements of the standard. Documents to be reviewed are all documents and records required by the standard and those that the organization determined as necessary for maintaining the EMS (Environmental Management System). For more information about the mandatory documents, see: List of mandatory documents required by ISO 9001:2015 https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/
The best way to develop internal audit checklist is to read the documentation fir st and make notes on what needs to be checked during the audit along with requirements of the standard. For more information, see: Writing an Audit Checklist for ISO 9001 Processes https://advisera.com/9001academy/blog/2014/11/25/writing-audit-checklist-iso-9001-processes/
These materials will also help you regarding internal audit:
- Book ISO INTERNAL AUDIT: A PLAIN ENGLISH GUIDE https://advisera.com/books/iso-internal-audit-plain-english-guide/
- Free online training ISO 9001:2015 Internal Auditor Course https://advisera.com/training/iso-9001-internal-auditor-course/
- Conformio (online tool for ISO 9001) https://advisera.com/conformio/ " -
Sustainability policy as Environmental Policy
Answer:
If the sustainability policy meets all requirements of ISO 14001 regarding environmental policy, you can use it as environmental policy. The standard requires for environmental policy the following:
- to be appropriate to the purpose and context of the organization;
- to provide framework for setting environmental objectives;
- to include commitments to protection of the environment, fulfillment of the compliance obligations, continual improvement and other commitments relevant to the context of the organization
For more information, see: How to write an ISO 14001 environmental policy https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/how-to-write-an-iso-14001-environmental-policy/
These materials will also help you regarding the environmental policy:
- Free online training ISO 14001:2015 Foundations Course https://advisera.com/training/iso-14001-internal-auditor-course/
- Conformio (online tool for ISO 14001) https://advisera.com/conformio/ " -
IMDS requirements and IATF 16949
IMDS requirements are obligatory for the automotive industry.
They can be a regulatory requirement in some countries. As IMDS is a customer-specific requirement, your company has to comply with it (if it is in the automotive industry).
-
Riesgos y aspectos ambientales
Mi respuesta:
Hay una clara relación entre los aspectos ambientales y los riesgos y oportunidades en el SGA, pero este no es el único lugar donde se pueden encontrar riesgos y oportunidades. Aunque los aspectos ambientales no son los únicos riesgos y oportunidades que podrás identificar para el SGA, sí que pueden considerarse un buen sitio para empezar. Los riesgos y oportunidades pueden surgir de los requerimientos legales (especialmente cuando cambian), información procedente de los clientes o de investigaciones de mercado, comparación de los procesos con otras empresas con el fin de mejorar, sugerencias de empleados, o comentarios de vecinos u otras partes interesadas.
La forma de identificar los riesgos y oportunidades depende de la organización, aunque se trata de una actividad importante en el SGA.
Para más información puede ver este artí culo "Gestión de riesgos en ISO 14001:2015, qué, por qué y cómo" : https://advisera.com/14001academy/es/knowledgebase/gestion-de-riesgos-en-iso-140012015-que-por-que-y-como/
Estos materiales además te ayudarán con respecto a los riesgos y oportunidades en ISO 14001:
- Formación gratuita en línea: Curso de fundamentos de ISO 14001 https://advisera.com/training/es/course/curso-fundamentos-iso-14001/
- Conformio (herramienta en línea para ISO 14001): https://advisera.com/conformio/ -
Meeting requirement 7.1
Answer:
Clause 7.1 of ISO 14001:2015 requires organization to determine and provide the resources needed for the establishment, implementation, maintenance and continual improvement of the environmental management system (EMS). There is no requirement to document this clause but rather to determine what resources are necessary for the implementation, maintenance and improvement of the EMS. Resource include people, equipment, finance, infrastructure, etc.
The best way to determine resources for the implementation is to develop project plan for the implementation and define what is necessary in the project plan. In case of maintenance of the EMS, resources are determined according to annual plan of activities within EMS, this includes environmental objectives and plans for achieving them, application of operational controls, internal audit, etc.
For more information, see: 5 tips to maintain your ISO 14001-based EMS after c ertification https://advisera.com/14001academy/blog/2016/01/11/5-tips-to-maintain-your-iso-14001-based-ems-after-certification/