Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Management Systems Integration


    Answer: All ISO management standards released after 2012 now have the same structure, which makes easier to integrate them between each other, since most of requirements are the same (e.g., sections 4, 5, 7, 9 and 10 are practically the same). Regarding integration of ISO standards with other systems of quality, for integration you should first built a map of requirements so you can identify which requirements are the same and for which you have to make adjustments or elaborate new documents. After that you can define a plan to make the adjustments and new implementations, as well as to train your staff, evaluate results and implement corrections and improvements, just like in a normal implementation.

    This article will provide you further explanation about management systems integration:
    - How to implement integrated management systems ht tps://advisera.com/27001academy/blog/2015/10/05/how-to-implement-integrated-management-systems/
    - Using ISO 9001 for implementing ISO 27001 https://advisera.com/27001academy/blog/2010/03/08/using-iso-9001-for-implementing-iso-27001/

    This material will also help you regarding management systems integration:
    - ISO 27001 implementation: How to make it easier using ISO 9001 [free webinar] https://advisera.com/27001academy/webinar/iso-27001-implementation-make-easier-using-iso-9001-free-webinar-demand/

  • Could you please give me an example of a Gantt Chart for ISO 14001

    It is really hard to provide you with precise estimation, since the duration of the implementation process will differ depending on various factors, i.e. size of the company, complexity of the processes, products and services, type of operational control you choose to apply, etc.

    Most of the time, you will spend on identification and evaluation of environmental aspects and implementation of operational controls, approximately 40% of the time, the rest of the time you will spend on creating documents, implementing other requirements and performing internal audit and management review.

    For more information, see: How long does it take to implement ISO 14001:2015? https://advisera.com/14001academy/blog/2016/04/04/how-long-does-it-take-to-implement-iso-140012015/

  • Risks and opportunities and SWOT


    Answer:

    The organization needs to determine risks related to the context of the organization which means clauses 4.1 and 4.2. SWOT analysis as a methodology was developed long time ago and it doesn't fit 100% into the terminology or needs of the standard. The approach you took is in line with the requirements of the standard and this is a good way to distinguish internal and external issues.

    For more information, see: ISO 9001:2015 Case study: Context of the organization as a success factor in manufacturing company https://advisera.com/9001academy/blog/2016/10/11/iso-90012015-case-study-context-of-the-organization-as-a-success-factor-in-manufacturing-company/

  • Role of quality department and management representative


    Answer:

    The standard does not prescribes roles and common processes for Quality Assurance department, but it is usual that this department manages the QMS, reports to the top management about performances of the QMS, conducts internal audits, helps with corrective actions, etc.

    Management Representative is no longer a mandatory role in the QMS, so the standard does not have any specific requirements regarding the responsibilities and authorities of the MR (Management Representative). Usual responsibilities of the MR are:
    - ensuring the QMS conforms to the standard;
    - report on the performance of the QMS;
    - coordinates regular activities related to the QMS.

    For more information, see: What is the job of the quality management representative? https://advisera.com/9001academy/knowledgebase/what-is-the-job-of-the-quality-management-representative/

  • Is addressing risks and opportunities one time activity?

    Is to be done periodically or to be done if there is any change in QMS process?

    Answer:

    Addressing risks and opportunities shouldn't be one time process. The risks and opportunities should be assessed any time there are some changes in the context of the organization and changes in the QMS. Additionally, during the management review, you need to evaluate effectiveness of the actions taken to address risks and opportunities and as an output of the management review, you need to define opportunities for improvement.

    For more information, see: How to address risks and opportunities in ISO 9001 https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/

  • Internal audit frequency


    Answer: ISO 27001 allows you to set your own frequency and audit scope, however you need to perform at least one internal audit per year because of the certification body surveillance visits. This means that you can take both approaches you suggested - full audit scope every year, or full audit scope in the 3-year period.

    It is better if your internal audit covers the whole scope every year, because this way you reduce the likelihood of being non-compliant at surveillance visits.

    There is one exception to what I explained above: when you go for the initial certification audit, your internal audit needs to cover the whole ISMS scope.

    These materials will also help you regarding internal audit:
    - Book ISO Internal Audit: A Plain English Guide https: //advisera.com/books/iso-internal-audit-plain-english-guide/
    - Free online training ISO 27001 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/

  • Inventory of assets

    In that for example I bundled laptops together in assest name and category of IT equipment as our main risks/concerns were loss or theft during travel and hence our treatment was MDM and encryption of drives. However I believe in the inventory table I need to list each laptop the company owns, every member of staff for example? Please confirm as if that is the case I have my work cut out.
    Thanks in advance for your help

    Answer: There is no need to mention specific laptops and staff members in the inventory if you are applying the same controls for all laptops. You can use a general asset description like "corporate laptop" and as asset owner you can define "laptop user" for example.

    This article will provide you further explanation about inventory of assets:
    - How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/

  • Waste management audit


    Answer:

    The first thing when auditing waste management is to see if there are any statutory and regulatory requirements regarding the type of waste being managed. If there are such legislation, then you need to see if the waste management process is compliant with these requirements first.

    Then you need to see if there is any documented procedure or work instruction that explains how the waste management process is carried out and audit the process according to information provided in the procedure. This type of audit requires from the auditor to conduct interviews with employees and the manager responsible for the process to determine if the process is carried out as planned and also whether the process is effective.

    For more information, see: 7 steps in handling waste according to ISO 14001 https://advisera.com/14001academy/blog/2016/11/07/7-steps-in-handling-waste-according-to-iso-14001/

  • Defining quality objective


    Answer:

    When defining any quality objective, you must ask yourself what is the best for the QMS and how the objective affects customer satisfaction. In case of the response to the quality issues raised by customer, the best way to respond is as soon as possible but you need to define some time frame (e.g. 24 or 12 hours) and measure your response rate so you can see if the objective is achieved or not. Also, you need to define plan for achieving the objective, in this case, it can be changing the procedure for communication with customers, or hiring new people to ensure that the response time is within limits you previously defined.

    For more information, see: How to Write Good Quality Objectives https://advisera.com/9001academy/knowledgebase/how-to-write-good-quality-objectives/

  • Reaching objectives and targets in OHSAS 18001


    Answer:

    First step in reaching the objectives and targets is to define them in a way that enables you to evaluate level of achievement of the objectives. This means that the objectives and targets needs to be SMART (Specific, Measurable, Attainable, Relevant and Timely). Once you define the objectives and targets, you need to define programs for achieving the objectives and targets. This means that you need to define what actions will be taken, what resources are needed, who is responsible and what is the deadline for those actions. Finally, during the management review you need to evaluate level of achievement of the objectives. For more information, see: How to define OHSAS 18001 objectives and programs https://advisera.com/18001academy/blog/2015/11/11/how-to-define-ohsas-18001-objectives-and-program s/

    Here you can download free preview of our Management Review Minutes for OHSAS 18001 https://advisera.com/18001academy/documentation/management-review-minutes/
Page 902-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +