Search results

Home / Search

Category:
Select
Select

11270 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • 6.1 ACCIONES PARA ABORDAR LOS RIESGOS

    La cláusula 6.1 trata la necesidad de planificar acciones para abordar los riesgos y las oportunidades, integrar estas acciones en el SGC y evaluar las acciones según su efectividad.

    Es importante mencionar que no existen requerimientos obligatorios de un proceso formal para hacer el seguimiento y control de los riesgos y oportunidades dentro del SGC, por lo que se pueden emplear los resultados obtenidos del análisis DOFA ya realizado anteriormente y planificar las acciones para abordar los riesgos y oportunidades que han sido encontrados.

    Para más información, vea: https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/

  • 0.3 ENFOQUE A PROCESOS

    El enfoque basado en procesos, el enfoque basado en riesgos y el ciclo PDCA son tres conceptos que juntos forman una parte fundamental de la norma ISO 9001:2015

    La ISO 9001 fomenta la adopción del enfoque basado en procesos a la hora de desarrollar, implementar y mejorar la efectividad del SGC.

    La gestión de los procesos y del sistema en su conjunto puede ser llevado a cabo mediante el ciclo PDCA (0.3.2) con un enfoque general basado en riesgos (0.3.3).

    Las cláusulas 0 a 3 no contienen requerimientos para el SGC por lo que normalmente no son incluidas en el manual.

  • Communication process for OHSAS 18001


    Answer:

    The means of communication between the top management and other members of the staff will depend on the type of the organization and level of education of the rest of the staff.

    The best ways are the ones that leaves the written trail but it doesn't have to be email or memos, you can create a message board where you will put the notifications to the employees. In case of the significant announcement and big changes, it is better to arrange training for employees where you can explain to them what the company requires from them.

    For more information, see: How to comply with OHSAS 18001 communication requirements https://advisera.com/18001academy/blog/2015/10/28/how-to-comply-with-ohsas-18001-communication-requirements/

  • Corrective action for IT department


    Answer:

    Since the cause was lack of awareness, the corrective action should be to raise awareness and maybe to perform additional training to the IT staff so they get familiar with requirements of the standard and what is expected from them. As a follow up, you can later audit the IT department to check whether it is compliant with the standard and the procedures the organization defined.

    For more information, see: How to proceed once a QMS corrective action is defined? https://advisera.com/9001academy/blog/2016/09/20/how-to-proceed-once-qms-corrective-action-is-defined/

  • Health and Safety certification


    Implementing OHSAS 18001 is sufficient for getting the certificate based on this standard. I'm not sure what you mean by Health and Safety certification, but in most cases OHSAS 18001 is enough.

    2) How best can an employer deal with a worker who does not abide by the safety guidelines stipulated by the company in regards to the implementation of Occupational Health and Safety Management Systems?

    In cases when the employee is not following the company procedures and guidelines all you can do is to warn, punish and ultimately expel the employee from the work site.

    3) Kindly list down the safety requirements, procedures and policies that a company must have in compliance with OSHAS 18001 and the possible optional ones.

    Here you can find mandatory documents according to OHSAS 18001: List of mandatory documents required by OHSAS 18001 https://advisera.com/18001academy/blog/2016/11/23/list-of-mandatory-documents-required-by-ohsas-18001/

  • The context and leadership requirements

    May I be highlighted by you whether clause 4 can be written in details in my Quality Manual without a separate procedure ?
    Is clause 5.1.1 a new requirement? I observe that all the clause 5 and sub_clauses on leadership are basically the same except risks and opportunities that must be identified and addressed so as not to affect customer satisfaction or risks of customer dissatisfaction.

    Answer:

    First, requirements for context of the organization do not include documenting the context or writing the procedure. If you decide to document it, you can include it in your Quality Manual or make separate procedure, since it is not requirement of the standard, you are free to do it in any way that you find the most suitable. For more information, see: How to identify the context of the organization in ISO 9001:2015 https://advisera.com/9001academy/knowledgebase/how-to-identify-the-context-of-the-organization-in-iso-90012015/

    As far as clause 5.1.1 is concerned, there are no new requirements compared to the previous version o the standard. For more information, see: How to comply with new leadership requirements in ISO 9001:2015 https://advisera.com/9001academy/knowledgebase/how-to-comply-with-new-leadership-requirements-in-iso-90012015/

  • SOP vs Quality Plan


    Answer:

    The main difference is in the scope, work instruction usually describes one operation or activity while Quality Plan is written for entire process. Work instructions are usually written in form of text or flow chart while Quality Plan is in for of spreadsheet but the purpose of both documents is to ensure that the process or activity is carried out as planned.

    For more information, see: Making the best out of ISO 9001 Quality Plan https://advisera.com/9001academy/blog/2015/12/08/making-the-best-out-of-iso-9001-quality-plan/

  • BCM training material


    Answer: Yes. At this link: https://advisera.com/27001academy/webinars/

    You can find free webinars about business continuity management like:
    - Implementing Business Impact Analysis according to ISO 22301 [free webinar] https://advisera.com/27001academy/webinar/implementing-business-impact-analysis-according-to-iso-22301-free-webinar/
    - Writing a business continuity plan according to ISO 22301 [free webinar] https://advisera.com/27001academy/webinar/writing-a-business-continuity-plan-according-to-iso-22301-free-webinar-on-demand/
    - Developing the business continuity strategy according to ISO 22301 [free webinar] https://advisera.com/27001academy/webinar/developing-the-business-continuity-strategy-according-to-iso-22301-free-webinar/

  • Vulnerabilities understanding


    Answer: No. Vulnerabilities are weaknesses that also may be result of improper implementation of an otherwise well designed project (e.g., a safe made of a defective alloy) or a control misconfiguration (e.g., a password policy that enforces alphanumeric characters but limits the size to a small value).

    This article will provide you further explanation about vulnerabilities:
    - How to manage technical vulnerabilities according to ISO 27001 control A.12.6.1 https://advisera.com/27001academy/blog/2015/10/12/how-to-manage-technical-vulnerabilities-according-to-iso-27001-control-a-12-6-1/

    These materials will also help you regarding vulnerabilities:
    - Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

  • Asset owner


    Currently we are writing the Risk Assessment Table and we have found some doubts about the definition of "Asset Owner". Considering the risk "mail exchanged with customers and partners (docs in paper)", the asset owner is:
    - who is exchanging the mail so that the responsible to guarantee the security of the mail exchanging or
    - who is the responsible to guarantee (or not, in case of leak of information, for example) the security of information exchange (ie. some governance or compliance department)

    I apologize if I was not clear in the explanation. If you have any question, please let me know.

    Answer: The asset owner in this case is the person who is exchanging the mail, because he is the one most interested that the information won't be compromised and will seek for the implementation of proper security controls.

    The other role in the risk assessment is the "Risk Owner", the one with the accountability to ensure the risk is properly handled (e.g., the responsible for the mail services).

    This article will provide you further explanation about asset owner and risk owner:
    - Risk owners vs. asset owners in ISO 27001:2013 https://advisera.com/27001academy/knowledgebase/risk-owners-vs-asset-owners-in-iso-270012013/

    These materials will also help you regarding asset owner and risk owner:
    - Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Page 881-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +