Search results

Home / Search

Category:
Select
Select

11270 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Defining context of the organization in IATF 16949


    Answer:

    The requirements for context of the organization in IATF 16949 are no different than the ones stated in ISO 9001:2015. First, you do not have to document context of the organization, you only need to determine it and this can be done on the brainstorming session with the relevant people in the company including the top management.

    You need to examine all internal and external issues that can affect the QMS(Quality Management System) and its ability to achieve the objectives and customer satisfaction. The easiest way o do it is by applying the SWOT analysis which can even provide sufficient documented information to demonstrate that you've determined the context.

    For more information, see: How to define the context of the organization in IATF 16949:2016 https://advisera.com/16949academy/knowledgebase/how-to-define-the-context-of-the-organization-in-iatf-169492016/

  • BCM and datacenters


    Answer: As a BCM manager your main role would be ensuring that the results of Business Impact Analysis and the chosen strategies for business continuity are considered in the construction of the new datacenter. This may mean location definition, infrastructure features (e.g., redundant electrical circuits, use of fire proof material, etc.). Additionally, you have to ensure the documentation and testing of business continuity plans related to the most probable disruption incidents.

    Specifically about datacenters I'd suggest the standard TIA 942. It can provide you recommendations regarding datacenter features to ensure different levels of availability that can fulfill your needs. You can buy this standard at this link: https://global.ihs.com/doc_detail.cfm?&input_search_filter =TIA&item_s_key=00414811&item_key_date=860905&input_doc_number=942&inp ut_doc_title=&org_code=TIA#product-de tails-listse of fire proof material, etc.). Additionally, you have to ensure the documentation and testing of business continuity plans related to the most probable disruption incidents.

    Specifically about datacenters I'd suggest the standard TIA 942. It can provide you recommendations regarding datacenter features to ensure different levels of availability that can fulfill your needs. You can buy this standard at this link: https://global.ihs.com/doc_detail.cfm?&input_search_filter =TIA&item_s_key=00414811&item_key_date=860905&input_doc_number=942&inp ut_doc_title=&org_code=TIA#product-details-list

  • BCM awareness

    Thanks but I want to know if you have awareness for end users

  • Service desk escalaton


    Answer:
    Service Desk is, actually, heavily involved in Incident Management process. In Incident Management - there are two kinds of escalations:
    - hierarchical
    - functional.
    What you are mentioning is - functional. That means - to the group with more expert knowledge. However, there is no requirement i.e recommendation that there must be e.g. three levels of escalation. Adopt it to your own organization. You can have more, as well as less than three.
    Read the article "Incident Management in ITIL – solid foundations of operational processes" https://advisera.com/20000academy/blog/2013/05/21/incident-management-itil-solid-foundations-operational-processes/ to learn more about it.

  • Modification of the Quality Manual in IATF 16949


    Answer:

    ISO/TS 16949 didn't have any additional requirements for Quality Manual other the ones stated by ISO 9001:2015. Although new ISO 9001 is foundation for IATF 16949 and does not require the manual, IATF 16949 kept this requirement and added basically two requirements to the ones existing in the previous version of the standard:
    1. to include extent and type of controls for outsourced processes in description of sequence and interaction of processes; and
    2. document indicating where in the QMS the customer specific requirements have been met.

    For more information, see: How to write the IATF 16949 Quality Manual https://advisera.com/16949academy/blog/2017/05/31/how-to-write-the-iatf-16949-quality-manual/

  • ISO 27002 and application of control A.9.4.4

    Thanks a lot. Your response has been very helpful.

  • Internal team for penetration and vulnerability tests


    Answer: Yes, the penetration testing and vulnerability tests can be performed by internal employees. Regarding ISO 27001, there is no mandatory requirement demanding that these tests must be performed by a third party. What happens is that you should ensure that these tests are performed by people not directly involved with the process, so you can ensure impartiality since, like internal audits, no one should audit their own work.

    This article will provide you further explanation about penetration and vulnerability tests:
    - How to use penetration testing for ISO 27001 A.12.6.1 https://advisera.com/27001academy/blog/2016/01/18/how-to-use-penetration-testing-for-iso-27001-a-12-6-1/

    These materials will also help you regarding penetration and vulnerability tests:
    - ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

  • GPDR training


    Answer: Unfortunately we do not provide specific training regarding GDPR, but considering our knowledge base I can suggest you these materials:
    - What is EU GDPR and how can ISO 27001 help? https://info.advisera.com/27001academy/free-download/what-is-eu-gdpr-and-how-can-iso-27001-help
    - What is the EU GDPR and why is it applicable to the whole world? https://advisera.com/27001academy/blog/2016/10/03/what-is-eu-gdpr-and-why-is-it-applicable-to-the-whole-world/
    - Does ISO 27001 implementation satisfy EU GDPR requirements? https://advisera.com/27001academy/blog/2016/10/17/does-iso-27001-implementation-satisfy-eu-gdpr-requirements/
    - EU GDPR controller vs. processor – What are the differences? https://advisera.com/27001academy/blog/2017/01/30/eu-gdpr-controller-vs-processor-what-are-the-differences/
    - IS O 27001 vs. ISO 27018 – Standard for protecting privacy in the cloud https://advisera.com/27001academy/blog/2015/11/16/iso-27001-vs-iso-27018-standard-for-protecting-privacy-in-the-cloud/

  • Defining scope and repercussions

    We are thinking about certifying our core process – sighttest provided by our stores. Our company has a franchise-structure. Thus each store is its own company. We also have a country support office providing all support processes (eg product, finance, marketing, etc) to our stores. My question is if we can certify the core business provided by the store only, or if we need to include all subprocesses also (of course, it's something we would like to add at least in a second stage). If we then get the ISO 9001:2015 certification, will it then be one per store?
    Many thanks for your reply,

    Answer:

    You can limit the scope of your QMS on only one store only and core processes but in that case, the certificate will apply to this store only since it is assigned to the scope of the QMS. Since every store is a separate legal entity, it is better to certify them all separately, it can cost more in total but it will allow you to go step by step and to create multiple simple systems instead of one complex QMS.

    Also, you wont be needing t he consultant help in every store because you can copy the QMS to the similar stores and processes and basically, the only expense will be the certification.

  • Metodologías aplicación cláusula 4

    De la misma manera busco metodologías que ayuden a cumplir con el apartado 4.4 de la norma que hace referencia a la gestión de calidad y sus procesos, por ejemplo una metodología que encontré aquí es el mapeo de procesos.

    Mi respuesta:

    Antes de determinar el alcance de la organización es necesario abordar las cláusulas 4.1 y 4.2. Por lo tanto, podría seguir estos pasos:

    - Para las cuestiones internas y externas se puede usar un análisis DOFA.
    - Para determinar las partes interesadas se puede utilizar un análisis PEST.
    - Definir cuáles son los productos y servicios de la organización. Por ejemplo, mediante un mapa de procesos.
    - Determinar las exclusiones.
    - Escribir el alcance: incluyendo las distintas localizaciones de la organización, productos y servicios que han sido identificados, procesos dentro del SGC, exclusiones y su justificación.
    - Mantener el alcance co mo una información documentada.
    - Revisar periódicamente el alcance

    Para más información vea "Cómo definir el alcance del SGC de acuerdo a la ISO 9001:2015" : https://advisera.com/9001academy/pt-br/kit-de-documentacao-da-iso-9001/nowledgebase/como-definir-el-alcance-del-sgc-de-acuerdo-a-la-iso-90012015/

    Además del mapa de procesos, en referencia a la cláusula 4.4, se podría usar un diagrama de tortuga. Este esquema contiene todos los elementos de un proceso y adopta la forma de una tortuga con:

    - Un cuerpo o caparazón: donde se escribe el nombre del proceso.
    - Una cabeza: que representa las entradas del proceso.
    - Una cola: que serían los resultados o salidas del proceso.
    - Cuatro patas: que son las preguntas que serán contestadas por la organización - con qué, con quién, cómo, y cuántos.
Page 895-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +