Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Implementation steps


    (What is the first thing that must be done within an organization to implement ISO 27001: 2013.)

    Answer: The first and most critical step is to get management support for the implementation. Implementing information security will need resources in terms of people, material and capital, and most of all, it involves cultural change, and for that you will need top management support and involvement.

    These articles will provide you further explanation about implementation steps:
    - ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
    - ISO 27001 project – How to make it work https://advisera.com/27001academy/blog/2013/04/22/iso-27001-project-how-to-make-it-work/
    - Four key benefits of ISO 27001 implementation https://advisera.com/27001academy/knowledgebase/four-key-benefits-of-iso-27001-implementation/

    These materials will also help you regarding implementation steps :
    - Preparations for the ISO Implementation Project: A Plain English Guide https://advisera.com/books/preparations-for-the-iso-implementation-project-a-plain-english-guide/
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

  • Writing a Quality Manual


    Answer:

    New version of ISO 9001:2015 doesn't require Quality Manual, so the organizations that decide to keep it as a part of their QMS (Quality Management System Documentation) are free to develop it in any way they find the most suitable for their needs.

    You can apply the conventional style which is to follow the structure of the standard and explain how the requirements are meet or reference to other documents and procedures that explain this in more details. Also, you can include organizational structure and short description of the organization, together with process map.

    Another way is to be more creative and make a process based manual which is much shorter and provides only essential information about the processes and the QMS. For more information, see: Writing a short Quality Manual https://advisera.com/9001academy/knowledgebase/writing-a-short-quality-manual/

  • Addressing the product life-cycle


    Answer:

    The standard does not require organizations to address product life-cycle but rather to examine it and determine significant environmental aspects and establish operational controls for them. The controls should be appropriate to the life-cycle stage, for example, once your product reaches the end user, you cannot control how the end user will recycle it, but you can give some instructions on what is the best way to do it.

    For more information, see: Lifecycle perspective in ISO 14001:2015 – What does it mean? https://advisera.com/14001academy/blog/2017/02/20/lifecycle-perspective-in-iso-140012015-what-does-it-mean/

  • Updating the manual to meet IATF 16949 requirements


    Answer:

    I assume you've meant Quality Manual, because the standard doesn't mention Apex manual and I'm not sure what Apex manual is. As far as the Quality Manual is concerned, IATF 16949, just like ISO TS 16949 requires quality manual and extends requirements regarding this document.

    The previous version of the standard only had requirements from ISO 9001:2008, IATF 16949 kept this requirement and added basically two requirements to the ones existing in the previous version of the standard:
    1. to include extent and type of controls for outsourced processes in description of sequence and interaction of processes; and
    2. document indicating where in the QMS the customer specific requirements have been met.

    For more information, see: How to write the IATF 16949 Quality Manual https://advisera.com/16949academy/blog/2017/05/31/how-to-write-the-iatf-16949-quality-manual/

  • Evidences for policies and controls


    Answer: There is no generic answer for this question, because depending upon the policy or control objective, the requirements regarding which should be kept as compliance evidence will vary.

    For example, for a backup policy, a record identifying the date, content and ID of the backup media is required, while for access control policy an user account creation record would be needed, and they basically do not share any kind of information field.

    So, what I can say to you for identifying required logs, forms and records needed is to evaluate ISO 27001 requirements and which results you expect from an implemented policy or control and which information you need to present, or evaluate, to prove to someone you are actually achieving those results.

    This article will provide you further explanation about mandatory records for ISO 27001:
    - List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-ma ndatory-documents-required-by-iso-27001-2013-revision/

    These materials will also help you regarding mandatory records for ISO 27001:
    - Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

  • Surveillance audit

    Thank you for the information that you given to me. this ideas are big help to me.

  • Risks, opportunities, objectives and aspects


    Thanks for your valuable replay

    How to determine Risk & Opportunity with mitigation plan document pl. guide ?

    Risks and opportunities to be identified for Environmental Management System should be related to environmental aspects, compliance obligations and other issues emerging from context of the organization. Once you identify the risks you need to plan actions to address them. Planning actions includes defining what needs to be done, who will do it, what resources are needed and what is the deadline. For more information, see: Risks and opportunities in ISO 14001:2015 – What they are and why they are important https://advisera.com/14001academy/blog/2016/03/07/risks-and-opportunities-in-iso-140012015-what-they-are-and-why-they-are-important/

    How to set Objectives?

    Objectives for the EMS or any other management system need to be SMART (Specific, Measurable, Attainable, Relevant and Timely). This enables organization to monitor achievement of the objectives. For more information, see: How to Use Good Environme ntal Objectives https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/how-to-use-good-environmental-objectives/

    How to determine format for the Aspect and Impact study.

    The best way to identify environmental aspects and impacts and to demonstrate process approach is to conduct assessment process by process and activity by activity. You need to observe every process, its inputs and outputs and to determine what can be environmental aspects arising from each process. Then you need to apply some criteria to determine what aspects are significant and require operational controls. For more information, see: 6 ways to deal with significant environmental aspects in your EMS https://advisera.com/14001academy/blog/2016/12/12/6-ways-to-deal-with-significant-environmental-aspects-in-your-ems/

  • Metodologia para determinar aspectos ambientales significativos

    Es importante que emplees una metodología que ofrezca resultados repetibles y coherentes. Además la metodología va a depender de la complejidad de la organización, la disponibilidad de información y el impacto que tenga el producto a lo largo de todo su ciclo de vida.
    Por otro lado, la evaluación debe de llevarse a cabo para todos los aspectos ambientales generados tanto en condiciones de funcionamiento normales como anormales, y situaciones de emergencia.

    La determinación de cuáles de los aspectos son significativos debería de involucrar aquellas personas dentro de la organización que estén familiarizadas con los aspectos ambientales asociados a estos impactos.

    Los métodos para evaluar los aspectos ambientales pueden dividirse en dos tipos distintos: cuantitativos y cualitativos. Algunas organizaciones desarrollan matrices complejas y algoritmos sofisticados, sin embargo siempre van a existir elementos subjetivos en la definición de la escala de relevancia. Por eso si la organización no implementa una metodología cuantitativa científica es mejor usar una cualitativa.
    Algunas de las metodologías cualitativas son:
    1. Matriz de relevancia, con criterios de evaluación a través de una sesión de tormenta de ideas.
    2. Método ABC, donde el análisis y los resultados son determinados por los valores e ideas definidos por la organización y se categorizan en:
    A= alto impacto; B=medio impacto; C= bajo impacto
    siguiendo ciertos criterios como la escala, severidad, ocurrencia y duración.
    También es posible desarrollar la evaluación utilizando tu propio sistema de escala

    El uso de criterios puede ayudar a la organización a establecer cuáles de los aspectos ambientales e impactos son significativos. A la hora de determinar esos criterios de significancia, la organización necesita considerar:
    - Los criterios para la conservación del medio ambiente: como la escala, severidad, duración del impacto o el tipo, tamaño y frecuencia de los aspectos ambientales
    - Los requerimientos legales y otros requerimientos, por ejemplo, las limitaciones de las emisiones, las licencias para las emisiones, regulaciones legales, etc.
    - Las necesidad y expectativas de las partes interesadas: reputación, ruido, olor, degradación visual, etc

    Para más información, vea : https://advisera.com/14001academy/blog/2016/10/31/iso-140012015-how-to-set-criteria-for-environmental-aspects-evaluation/#

  • DUDA

    En cuanto a la cláusula 7.1.2 de la norma ISO 9001:2015 no es obligatorio aunque sí recomendable un procedimiento sobre competencia, formación y concienciación; sin embargo las funciones y responsabilidades aparecen en raras ocasiones reflejadas en este procedimiento. Pueden ser incluidas en procedimientos relevantes para organización como las funciones y responsabilidades del proceso de producción, dentro del procedimiento de producción, o en un documento separado que contenga todas las funciones y responsabilidades.

    Para más información puedes ver: https://advisera.com/9001academy/pt-br/kit-de-documentacao-da-iso-9001/nowledgebase/como-asegurar-la-competencia-y-la-concienciacion-en-iso-90012015/

  • Documenting clause 6.3


    Answer:

    The standard does not require organization to document clause 6.3, but if you choose to do it, the best way to do it is by documenting procedure and conducting risk assessment for the planned change.

    The procedure can describe how the organization is planning the changes, how the organization considers the purpose and consequences of the changes, integrity of the QMS, availability of resources and roles and responsibilities for the actions taken to make the changes in the QMS. Additionally, you can conduct risk assessment using FMEA or some other methodology to demonstrate that the consequences of the change are examined and actions to mitigate consequences are taken.
Page 888-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +