Search results

Home / Search

Category:
Select
Select

11272 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Filling SoA

    Sorry, I don't understand your answer. Can you point us specifically to Annex A in the documentation toolkit provide with the ISO27001 package?

  • ISO 27001 and information security governance

    The article links on this post helped me. Thanks Rhand Leal

  • Risk-based thinking in IATF 16949


    Answer:

    When it comes to risk-based thinking or addressing risks and opportunities, IATF 16949 has addition to requirements of ISO 9001. IATF 16949 requires risk analysis to include, at minimum, product recalls, product audits, returns and repairs, complaints, scraps and rework. The evidence of the risks-based thinking would be FMEA (Failure Mode Effect Analysis) conducted for processes with appropriate actions taken to address the risks. As far as the staff operating the processes is concerned, the best approach is to focus primarily on the risks emerging from their processes and what has to be done to avoid the risks. For example, how to perform the activities and avoid the nonconformities.

  • Conducting "desktop audit"


    Answer:

    I assume you are thinking about ISO 9001 audit, but it is pretty much the similar approach for any standard. Desktop audit is usually a review of quality documents of an organisation to ensure compliance to higher level documents and to familiarize auditor with the auditee's quality management system.This is done generally prior to an audit.

    The purpose of this audit is to determine whether the documentation is compliant with requirements of the standard. So, the best way to approach it is to determine first what clauses and what requirements of the standard are relevant to particular documents and then to audit the documents against these requirements. If you are new to auditing, it can be helpful to develop the checklist first and then to conduct the audit by following the checklist.

    For mor e information, see: ISO 9001 Audit Checklist https://advisera.com/9001academy/knowledgebase/iso-9001-audit-checklist/

  • Audit criteria and evidence-based approach


    Answer:

    Audit criteria represents set of requirements against which you will perform the audit. In case of internal audit or certification audit, the criteria is the standard and relevant management system documentation, for example is the production process conducted according to production procedure. Other criteria can be requirements of the customers, legal requirements, etc. For more information, see: What is the ISO 9001 audit program, and how does it work? https://advisera.com/9001academy/blog/2017/01/24/what-is-the-iso-9001-audit-program-and-how-does-it-work/

    Evidence-based approach means that you are basing your decision or judgement on evidence you've collected. For example, if you want to determine whether the organization has conducted training according to the training program it developed, you will look for the training records.

  • ISMS audit


    Answer: An ISO 27001:2005 certified lead auditor can perform internal audit if he/she can prove competence in 2013 revision of the standard. If not, then this person needs to take a training to obtain this competence.

    This articles will provide you further explanation about new version of ISO 27001 and internal audit:
    - Infographic: New ISO 27001 2013 revision – What has changed? https://advisera.com/27001academy/knowledgebase/infographic-new-iso-27001-2013-revision-what-has-changed/
    - How to prepare for an ISO 27001 internal audit https://advisera.com/27001academy/blog/2016/07/11/how-to-prepare-for-an-iso-27001-internal-audit/

    These materials will also help you regarding internal audit:
    - ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
    - ISO 27001:2013 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/

  • Lead Auditor Training for ISO27K

    There are many organizations who say they provide certification with training in a cost less than 5000 INR and some are providing it for the cost of more than 50000 INR too.
    Which is to be considered is a big question and I want this to be done from a recognized/accredited institution only.

    Can you please suggest?

    Answer: We do not have deep knowledge of India market to point to give you the best solution, but you can make contact with these training providers:
    - SGS https://www.sgsgroup.in/en-GB/Office-Directory.aspx
    - BSI https://www.bsigroup.com/en-IN/Contact-us/
    - Bureau Veritas https://www.bureauveritas.co.in/home/worldwide-locations/coin-locations

    This article will provide you further explanation about Lead Auditor course:
    - What does ISO 27001 Lead Auditor training look like? https://advisera.com/27001academy/blog/2016/08/29/what-does-iso-27001-lead-auditor-training-look-like/

  • Cost of downtime


    Answer:
    Downtime consists of two types of costs:
    1. Direct, like:
    - Lost profit
    - cost generated by resolving the issues which caused downtime (hours of your employees)
    - SLA penalties (or even lost SLA)
    - cost of en-user (un)productivity
    . costs towards third parties
    - etc.
    2. Indirect, like:
    - reputation damage
    - cost of lost opportunity
    - regulatory/compliance breach costs
    - etc.

    So, as you can see, while calculation costs of downtime some costs are easily identifiable, and some are just good estimation. Financial people or business will be of great help, so use the chance and include their inputs in calculation.

  • New 9001 and 13485 standard

    Hi Juanito,

    ISO 13485:2016 still requires management representative, so in order to be compliant with the standard you need to assign this role to someone in your organization.

  • Risk register and environmental aspects

    1.can we make a single risk register for a company as a whole or should we have to make functional/ departmental wise or the option left to the Organ.?

    The standard does not define how organization will compile its risks register, so you can do it in any way that you find the most suitable. For more information, see: How to address risks and opportunities in ISO 9001 https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/

    Regarding EMS 2015 standard
    1.Should we have to make risk register for EMS also as per cl.6.1

    Yes, you should make risk register for risks and opportunities related to the EMS and you can do it in the same way as for ISO 9001. For more information, see: Risks and opportunities in ISO 14001:2015 – What they are and why they are important https://advisera.com/14001academy/blog/2016/03/07/risks-and-opportunities-in-iso-140012015-what-they-are-and-why-they-are-important/

    2.For Aspect Impact study is their any template / format to use?

    Yes, we do have templates for identification and evaluation of environmental aspects and impacts. Here you can download free preview of our Procedure for Identification and Evaluation of Environmental Aspects and Risks https://advisera.com/14001academy/documentation/procedure-for-identification-and-evaluation-of-environmental-aspects/
Page 886-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +