Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11269 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Six mandatory procedures
Answer:
Old version of ISO 9001 required following six mandatory procedures:
- Control of documents (4.2.3)
- Control of records (4.2.4)
- Internal audit (8.2.2)
- Control of nonconforming product (8.3)
- Corrective action (8.5.2)
- Preventive action (8.5.3)
This requirement become obsolete once the new version of ISO 9001 was released in 2015. For more information, see: Infographic: ISO 9001:2015 vs. 2008 revision – What has changed? https://advisera.com/9001academy/knowledgebase/infographic-iso-90012015-vs-2008-revision-what-has-changed/ -
ISO 14001 requirements for construction company
Answer:
ISO 14001 doesn't have such specific requirements for the construction sites or any other type of business. But, if such activity is defined by the organization as an operational control for handling waste, it is compulsory to follow this control, otherwise it would be considered as nonconformity.
If you are their subcontractor, you must follow their rules on the construction site as well as their own employees. For more information, see: ISO 14001 case study: Waste management in a construction company https://advisera.com/14001academy/blog/2017/02/27/iso-14001-case-study-waste-management-in-a-construction-company/ -
Who can train IATF 1649 internal auditor
There is no requirement in the standard for internal auditors to be trained by exemplar certified organization. The only requirement in this regard is for organization to retain documented information about the trainer competency, but it refers to the trainer alone, not to the organization to which the trainer belongs.
How long do you have to repeal a Minor Finding with your registrar?
I assume you are asking, how much time does the organization have to remove minor nonconformity found during the certification audit. Usually the deadline for removing nonconformities is agreed with the certification body, and it depends on the scale of the nonconformity. In case of minor nonconformities, the deadline is usually one week, but there is no rule that defines the time frame explicitly. -
Impact, urgency, priority
Answer:
Impact, urgency and priority are usually used by incident/problem/change management.
Impact describes the effect an e.g. incident has on the service i.e. business process.
Urgency describes how long it takes that an e.g. incident has significant impact on the service i.e. business process.
Priority describes how important an incident (change or a problem) is. Priority is based on impact and urgency..
These articles can help you:
" Three key elements of assessment and evaluation of changes according to ITIL". https://advisera.com/20000academy/blog/2015/06/30/three-key-elements-of-assessment-and-evaluation-of-changes-according-to-itil/
"All about Incident Classification" https://advisera.com/20000academy/knowledgebase/incident-classification/"
and this webinar:
"ITIL Incident Management Process Demystified" https://advisera.com/20000academy/webinar/itil-incident-management-process-demystified-free-webinar-on-demand/ -
Documentation required for Internal External and Interested parties
Answer: The new clauses introduced in the main part of ISO 27001:2013 do not require any specific documentation to be kept related to Internal, External and Interested parties.
Regarding Annex A, control A.18.1.1 - Identification of applicable legislation and contractual requirements, previously control A.15.1.1 on ISO 27001:2005), requires the documentation of Internal, External and Interested parties requirements, such as statutory, regulatory, contractual requirements, but you only have to do that if this control is considered applicable in your Statement of Applicability.
This article will provide you further explanation about ISO 27001 required documentation:
- List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
- How to identify interested parties according to ISO 27001 and ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-identify-interested-parties-according-to-iso-27001-and-iso-22301//
- How to identify ISMS requirements of interested parties in ISO 27001 https://advisera.com/27001academy/blog/2017/02/06/how-to-identify-isms-requirements-of-interested-parties-in-iso-27001/
These materials will also help you regarding ISO 27001 required documentation:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/ -
BCM practitioner certifications
Answer: Considering ISO standards, I'd suggest you the ISO 22301 Lead Auditor and ISO 22301 Lead Implementer certifications. Other certifications you should consider are DRI Certified Business Continuity Professional (CBCP) and Certificate of the Business Continuity Institute (CBCI) from BCI.
These materials will also help you regarding business continuity management:
- ISO 22301: An overview of the BCM implementation process [free webinar] https://advisera.com/27001academy/webinar/iso-22301-an-overview-of-bcm-implementation-process-free-webinar/
- Implementing Business Impact Analysis according to ISO 22301 [free webinar] https://advisera.com/27001academy/webinar/implementing-business-impact-analysis-according-to-iso-22301-free-webinar/
- Developing the business continuity strategy according to ISO 22301 [free webinar] https://advisera.com/27001academy/webinar/developing-the-business-continuity-strategy-according-to-iso-223 01-free-webinar/
- Writing a business continuity plan according to ISO 22301 [free webinar] https://advisera.com/27001academy/webinar/writing-a-business-continuity-plan-according-to-iso-22301-free-webinar-on-demand/ -
Lead implementer and job description
Remote monitoring of Kronos Cloud and hosted environmnets
Remote monitoring of Microsoft Windows 2003/2008/2012 and Linux servers, which includes of Performance, uptime, SQL DB, website status, web based application & server resources
Responding to Alerts on monitoring tools
Identify the root cause and troubleshoot the server performance issues.
Handle Level1 Escalations, and adhere to escalation matrix
Good Administration skills over Windows and Linux OS.
Ensure operating standards are developed, maintained, and adhered to.
Can you please suggest is lead implementer certification will benefit me as I have interested in this course.
Answer: Yes. Besides helping you to understand and implement an ISO 27001 ISMS, a lead implementer course can help you understand how to apply controls in Annex A, which will help you evaluate and improve the activities you perform according your job description (e.g., controls from section A.12.4, related to logging and monito ring, and controls from section A.16, about Information security incident management)
This article will provide you further explanation about lead implementer course:
- What does ISO 27001 Lead Implementer training look like? https://advisera.com/27001academy/blog/2016/11/28/what-does-iso-27001-lead-implementer-training-look-like/
These materials will also help you regarding ISO 27001 implementation:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/ -
Device Master File Documentation & Record Control
DHF is abbreviation for Design History File which is a formal document that is prepared for each medical device. The DHF can be either a collection of the actual documents generated in the product development (PD) process or an index of documents and their storage location.
For more information, see: How to manage design and development of medical devices according to ISO 13485:2016 https://advisera.com/13485academy/blog/2017/08/24/how-to-manage-design-and-development-of-medical-devices-according-to-iso-134852016/ -
Transition in an engineering company
Answer:
For resources on the transition, I suggest you take a look at our web-page dedicated only to the transition: https://advisera.com/9001academy/2015transition/
When it comes to risks and opportunities, the standard doesn't require full scale risk management that includes documented procedure, criteria for evaluation, etc. It only requires organization to determine risks and opportunities and take actions to address them. This can be done by arranging brainstorming session with relevant peo ple in the company and talking about risks and opportunities or using some tools like SWOT or PEST analysis. For more information, see: How to address risks and opportunities in ISO 9001 https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/ -
Internal audit vs. Compliance evaluation
Answer:
In both cases, the aim is to determine whether the organization is conforming to the requirements, in case of internal audit conformance with requirements of the standard and in case of compliance evaluation conformance to legal and other requirements.
Although both internal audit and compliance evaluation require procedure, internal audit is more structured and defined process. Requirements for compliance evaluation procedure are more loose, basically, the only requirement for this procedure is to be consistent with commitment to compliance stated in OH&SMS (Occupational Health & Safety) Policy. For more information, see: How to identify and comply with legal requirements in OHSAS 18001 https://advisera.com/18001academy/blog/2015/06/24/how-to-identify-and-comply-with-legal-requirements-in-ohsas-18001/
On the other hand, procedure for internal audit needs to define responsibilities, competencies, and requirements for planning and conducting audits, reporting results and retaining associated records; and the audit criteria, scope, frequency and methods. For more information, see: How to perform internal audits in OHSAS 18001 https://advisera.com/18001academy/blog/2015/09/23/how-to-perform-internal-audits-in-ohsas-18001/