Search results

Home / Search

Category:
Select
Select

11277 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • ISO 27001 and PCI DSS


    Answer: ISO 27000 certification is not equal to PCI, so being ISO 27001 compliant does not make your organization automatically compliant with PCI DSS, although ISO 27001 practices can contribute to achieve PCI compliance. That said, your organization will have to go through all the steps required to PCI certification, but your ISO 27001 certified ISMS will for sure reduce the required effort.

    These articles will provide you further explanation about ISO 27001 and PCI DSS:
    - PCI-DSS vs. ISO 27001 Part 1 – Similarities and Differences https://advisera.com/27001academy/knowledgebase/pci-dss/
    - PCI-DSS vs. ISO 27001 Part 2 – Implementation and Ce rtification https://advisera.com/27001academy/knowledgebase/pci-dss/

  • Writing Quality Manual


    Answer:
    The standard does not require the manual, but if you decide to write it, you can write it in any way that you find the most suitable to your company. Writing the manual that follows clauses of the standard is one of the most common approaches. For more information, see: Writing a short Quality Manual https://advisera.com/9001academy/knowledgebase/writing-a-short-quality-manual/

    Here you can download free preview of our Quality Manual /https://advisera.com/9001academy/documentation/quality-manual/ and our ISO 9001 Documentation Toolkit https://advisera.com/9001academy/iso-9001-documentation-toolkit/

    These materials will also help you regarding the manual and documentation:
    - Book Managing ISO Documentation: A Plain English Guide /books/managin g-iso-documentation-plain-english-guide/
    - Free online training ISO 9001:2015 Foun dations Course https://advisera.com/training/iso-9001-foundations-course/
    - Conformio (online tool for ISO 9001) https://advisera.com/conformio/

  • Writing Environmental Manual for ISO 14001:2015

    Please could you send me a drift of quality manual and a sample of procedures ..many thanks to you.

    Answer:

    The standard does not require the manual, but if you decide to write it, you can write it in any way that you find the most suitable to your company. Writing the manual that follows clauses of the standard is one of the most common approaches. For more information, see: What is an environmental management system manual? https://advisera.com/14001academy/knowledgebase/what-is-an-environmental-management-system-manual/

    Here you can download free preview of our Environmental Manual https://advisera.com/14001academy/documentation/environmental-manual/ and our ISO 14001 Documentation Toolkit https://advisera.com/14001academy/iso-14001-documentation-toolkit/

    These materials will also help you regarding the manual and documentation:
    - Book Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/
    - Free online training ISO 14001:2015 Foundations Course https://advisera.com/training/iso-14001-foundations-course/
    - Conformio (online tool for ISO 14001) https://advisera.com/conformio/

  • Several questions on ISO 9001 transition


    1. We are in middle of some changes in company personnel distribution and work organization. This is effecting the quality procedures and documentation which is not being done the way our quality policy requires. The next external audit is in a few months. The question is: Can the external audit be prolonged for a few months so we have time to change the quality procedures to meet our new work organization policy?

    Yes, you can prolong the certification audit, but you need to contact the certification body and talk with them. Keep in mind that there is possibility that you wont be having certificate until the certification audit is conducted.

    2. Based on the first question. Will the external audit require the documentation that hasn't been done correctly as an result of the new work organization or the audit will accept the new documentation?

    The auditors will examine only the documents that are part of your Quality Management System at the moment of the certification audit, they wont examine the documents that are still not a part of your QMS documentation.

    3. What is the required number of internal audit's in a company of 275 workers, or is this number in hands of the company quality manager?

    The standard does not define number of internal audits that needs to be conducted, but the usual practice is to cover entire scope of the QMS within one year period. How many audits will be needed depends on the capacity of the company, if you have several auditors you can cover entire scope of the QMS in one day and if you have only one auditor you will need several days or several internal audits.

    4. What are the requirements to become company's quality manager? Does ISO 9001 define this?

    The standard doesn't define required competency for quality manager, but usually it includes knowledge about the standard and processes within the organization. For more information, see: What is the job of the Quality Manager according to ISO 9001? https://advisera.com/9001academy/blog/2016/08/23/what-is-the-job-of-the-quality-manager-according-to-iso9001/

    5. What are the requirements to be an internal audit in the company?

    The standard doesn't define competency for internal auditor, but it is usually required from the auditor to be familiar with the standard and auditing techniques. For more information, see: ISO 9001 internal auditor training: Is it for me? https://advisera.com/9001academy/blog/2015/06/02/iso-9001-internal-auditor-training-is-it-for-me/

    6. What if we don't pass the external audit because of faulty documentation? What are the consequences, and what is the procedure to get back on track with quality certification?

    In case when your documentation is not compliant with the standard, the certification audit will issue you nonconformities and will define some deadline for your organization to remove these nonconformities. Once the nonconformities are removed, the certification body will issue your organization the certificate. For more information, see: How to deal with nonconformities in an ISO 9001 certification audit https://advisera.com/9001academy/blog/2015/06/09/how-to-deal-with-nonconformities-in-an-iso-9001-certification-audit/

    These materials will also help you regarding internal audit:
    - Book Preparing for ISO Certification Audit: A Plain English Guide https://advisera.com/books/preparing-for-iso-certification-audit-plain-english-guide/
    - Free online training ISO 9001:2015 Internal Auditor Course https://advisera.com/training/iso-9001-internal-auditor-course/
    - Conformio (online tool for ISO 9001) https://advisera.com/conformio/

  • Ensuring control of Quality Policy


    Answer:

    The way of ensuring that the Quality Policy is controlled is to apply your procedure for document control to it as for any other document in your Quality Management System. The policy should be approved by the top management, preferably signed, and it should have its version number. Having version number will enable you to keep track whether the right version of the policy is available on the website, lobby and other places where it is published.

    For more information, see: How to Write a Good Quality Policy https://advisera.com/9001academy/blog/2014/03/25/write-good-quality-policy/

    These materials will also help you regarding internal audit:
    - Book Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/
    - Free online training ISO 9001:2015 Foundations Course https://advisera.com/training/iso-9001-foundations-course/
    - Conformio (online tool for ISO 9001) https://advisera.com/conformio/

  • Questions on IATF 16949 transition

    1. what are the changes to the Non conformance Report (Internal Audit) closing format?

    There are no changes in requirements regarding nonconformity record or internal audit report. You can continue to use your existing records for nonconformities or internal audit report. For more information, see: Five Main Steps in an IATF 16949:2016 Internal Audit https://advisera.com/16949academy/knowledgebase/five-main-steps-in-an-iatf-169492016-internal-audit/

    2. Who will be audited for areas covered by erstwhile MR?

    Thee fact that the management representative is no longer a mandatory role doesn't mean that it is forbidden. If the organization finds management representative as an important role for its QMS, it can keep it. What areas or what persons will be audited in case when there is no management representative will depend on how the organization assigned roles and responsibilities, but it is usually quality department or quality manag er, who will take charge and be audited. For more information, see: What will be the destiny of the management representative in the new ISO 9001:2015? https://advisera.com/9001academy/knowledgebase/what-will-be-the-destiny-of-the-management-representative-in-the-new-iso-90012015/

    3. Who shall make plans for internal audits - i.e. whose responsibility will it be?

    The standard doesn't prescribe who will be responsible for making plans for internal audits, so the organization can assign this responsibility to any person that it finds the most appropriate. Usually, this will be quality manager or some other member of quality department. For more information, see: What is the job of the Quality Manager according to ISO 9001? https://advisera.com/9001academy/blog/2016/08/23/what-is-the-job-of-the-quality-manager-according-to-iso9001/

    4. What shall be the responsibilities and authorities of person(s) replacing MR/
    The above are some of the doubts I have. Some of my clients are in the process of transition to ISO 9001 2015 and TS 16949 2016,

    Besides requirements of ISO 9001:2015 regarding roles and responsibilities that include ensuring compliance of the QMS with the standard, effectiveness of the processes, reporting on the performances of the QMS to the top management and promoting continual improvement, IATF 16949 has additional requirements to define roles and responsibilities for meeting customer requirements, ensuring conformity of products and services and initiating and enforcing corrective actions.

    All these roles and responsibilities don't have to assigned to one person, but can be spread to several persons so they don't become too big burden.

    These materials will also help you regarding internal audit:
    - Free online training ISO 9001:2015 Internal Auditor Course https://advisera.com/training/iso-9001-internal-auditor-course/
    - Conformio (online tool for ISO 9001) https://advisera.com/conformio/

  • Legal requirements

    I assuming you are referring to clause 4.2 (determination of requirements of interested parties) instead of clause 4.1 (understanding the organization and its context). Considering that, besides this clause and section A.18.1 you mentioned, ISO 27001 refers to legal issues also in control A.8.2.1 (classification of information).
    You should also consider clause 9.3 (management review), because it covers among other things interested parties feedback, changes in organizational context and the performance of security controls, as well as controls that regulate agreements, like A.7.1.2 (Terms and conditions of employment), A.13.1.2 (Security of network services), A.13.2.2 (Agreements on information transfer), A.13.2.4 (Confidentiality or nondisclosure agreements), and A.15.1.2 (Addressing security within supplier agreements).
    This article will provide you further explanation about audit:
    - How to make an Internal Audit checklist for ISO 27001 / ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/
    This material will also help you regarding audit:
    - ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/

  • ISO 27002 NIST and the Cybersecurity Framework


    Answer: All these references provides guidance on the implementation of security controls. ISO 27002 provides guidance on the controls from Annex A from ISO 27001 standard. NIST Special Publications from 800 series (SP-800), provides a series of documents with more detailed recommendations either on implementation of controls (e.g., cryptography, access control, etc.) as well as about implementation of a risk management framework. Cybersecurity Framework is kind of a specific application of NIST documents related to cyber environment.

    These articles will provide you further explanation about these documents:
    - ISO 27001 vs. ISO 27002 https://advisera.com/27001academy/knowledgebase/iso-27001-vs-iso-27002/
    - How to use the NIST SP800 series of standards for ISO 27001 implementation https://advisera.com/27001academy/blog/2016/05/02/how-to-use-the-nist-sp800-series-of-standards-for-iso-27001-implementation/
    - How to use NIST SP 800-53 for the implementation of ISO 27001 controls https://advisera.com/27001academy/blog/2016/05/10/how-to-use-nist-sp-800-53-for-the-implementation-of-iso-27001-controls/
    - Which one to go with – Cybersecurity Framework or ISO 27001? https://advisera.com/27001academy/blog/2014/02/24/which-one-to-go-with-cybersecurity-framework-or-iso-27001/
Page 868-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +