Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11277 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
ISO courses for individuals
Answer: Regarding ISO 27001, the courses you should consider are:
- ISO 27001 internal auditor: this course is made for beginners in information security and internal auditing, requiring no prior knowledge.
- ISO 27001 Lead Auditor: this course will clarify you about management system purpose and structure and how to plan and conduct an audit, alone or leading an audit team. This is the only course for which someone receive an international recognized certification, if the course is done with an accredited provider.
- ISO 27001 Lead Implementer: this course will clarify you about the process how to implement an ISMS according ISO 27001 requirements.
This articles will provide you further explanation about ISO courses for individuals:
- ISO 27001 Internal Auditor training – Is it good for my career? https://advisera.com/27001academy/blog/2016/03/29/iso-27001-internal-auditor-training-is-it-good-for-my-career/
- What does ISO 27001 Lead Auditor training look like? ht tps://advisera.com/27001academy/blog/2016/08/29/what-does-iso-27001-lead-auditor-training-look-like/
- What does ISO 27001 Lead Implementer training look like? https://advisera.com/27001academy/blog/2016/11/28/what-does-iso-27001-lead-implementer-training-look-like/
- How to learn about ISO 27001 and BS 25999-2 https://advisera.com/27001academy/blog/2010/11/30/how-to-learn-about-iso-27001-and-bs-25999-2/
These materials will also help you regarding ISO courses for individuals:
- ISO 27001 Lead Auditor Course preparation training [free webinar on demand] https://advisera.com/training/iso-27001-lead-auditor-course/
- ISO 27001:2013 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/ -
Implementing ISO 9001 in a library
ok -
Documenting clause 5
Answer:
Requirements of the new clause 5 doesn't differ much from the clause 5 in the previous version of the standard when it comes to documentation. There is no requirement to make any document other than Quality Policy. Most of the requirements, such as leadership and commitment, roles, responsibilities and authorities do not require documenting a procedure and can be meet indirectly through other actions.
For example, the top management will demonstrate leadership and commitment by participating in determining the context and risks and opportunities, setting the objectives,etc. On the other hand, although the roles and responsibilities are not required to be documented, they usually are through other procedures such as procedure for production, sales procedure, etc where you define who do es what.
For more information, see: How to comply with new leadership requirements in ISO 9001:2015 https://advisera.com/9001academy/knowledgebase/how-to-comply-with-new-leadership-requirements-in-iso-90012015/ -
Política ambiental
Mi respuesta:
La política ambiental que tiene actualmente la empresa debería de seguir los mismos principios de ISO 14001, que establece las intenciones y direcciones de la organización respecto a su impacto en el medio ambiente. Además tendría que incluir los siguientes elementos:
- Ser apropiada a los impactos ambientales de las actividades de la empresa
- Un compromiso de mejora continua
- Cumplir con todos los requerimientos legales y contractuales
- Establecer objetivos y metas
Si la política ambiental no cumple con todos estos elementos y/o éstos no están bien documentados, implementados y mantenidos, entonces sería necesario cambiar o adaptar la política ambiental de la organización a los requerimientos de ISO 14001
Para más información vea, "Cómo escribir una política ambiental en ISO 14001": https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/how-to-write-an-iso-14001-environmental-policy/# -
Changes in Quality Policy per IATF 16949
Answer:
When it comes to Quality Policy, ITAF 16949 doesn't have any additional requirements to requirements of ISO 9001:2015 and since ISO/TS 16949:2009 didn't have any additional requirements to requirements of ISO 9001:2008, the difference is the same as the difference between ISO 9001:2015 and ISO 9001:2008.
Basically, the only new requirement is that the policy must be appropriate to the purpose and context of the organization and supports its strategic direction.
For more information, see: Aligning quality objectives of the QMS with the strategic direction of the company https://advisera.com/9001academy/blog/2017/03/07/aligning-quality-objectives-of-the-qms-with-the-strategic-direction-of-the-company/ -
Process validation in IATF 16949:2016
Answer:
New version of IATF 16949:2016 does not have separate section dedicated to production process validation and it does not have any additional requirements for validation other the requirements of ISO 9001:2015 and that is the organization must perform "the validation, and periodic revalidation, of the ability to achieve planned results of the processes for production and service provision, where the resulting output cannot be verified by subsequent
monitoring or measurement" -
Requirements for documented procedures in ISO 9001:2015
Answer:
There is no explicit requirement in ISO 9001:2015 to document procedures for any process. When it comes to requirements for documentation, the standard requires organization to:
a) maintain documented information to support the operation of its processes;
b) retain documented information to have confidence that the processes are being carried out as planned.
This means that he company can decide whether it needs a documented procedure, flowchart or any other document to ensure that the process is carried out as planned but it doesn't mean that you need documented procedure for any process in the QMS. The good rule of thumb when it comes on deciding whether the documented procedure is needed is to consider whether such procedure would prevent occurrence of nonconformities. If it does, then you should document a procedure, if not, then the docume nted procedure is redundant.
For more information, see: Deciding Which Procedures to Document in QMS https://advisera.com/9001academy/blog/2013/11/26/deciding-procedures-document-qms/ -
Design validation, verification and review
We are an architecture firm, we make design also and execution of the same for Interior fit out.
Design review from my angle is We need to collect all the customer requirements and review the same against the drawings and issue drawings to client for their review.
Once the review comes from client and all our doubts are clear we go for
Design Verification - we need to Verify all the remarks and requirements of client, Specifications and after verification issue the Working drawings for execution
Design Validation – We check the execution with the specifications laid down by the client
Please give your remark on the above understanding.
Answer:
The purpose of the design review is to determine whether the final design is aligned with requirements of the customer or any other input requirements for the design. Customer requirements regarding the design should be reviewed prior to accepting to deliver the design and once the company a greed to deliver design according to customer requirements, those requirements become input for the design.
Design verification activities are conducted to ensure that the design and development outputs meet the input requirements. It can be done in different stages of the design project and it is an input for the design review.
Design validation is conducted to ensure that the resulting design meets the requirements for the specified application or intended use. Validation is for example, computer simulation or 3D view of the design or static calculation.
In simple terms, the validation should prove that the building wont collapse, before building has even started and verification demonstrates that the building that is already built is compliant with input requirements including customer requirements and legal requirements.
For more information, see: ISO 9001 Design Verification vs Design Validation https://advisera.com/9001academy/knowledgebase/iso9001-design-verification-vs-design-validation/ -
Asset register
1 - We as an organisation have a LinkedIn account, which have a number of contacts on so would we need to put this on the register?
Answer: If your organization uses this account to help support the business you should include it as an asset, because it contains information that should be properly protected (the business contacts). To help you define this need you can ask yourself "what if I do not have access to information from this account any more?"
2 - What about our email folders and actual emails, do they have to be recorded on the register?
Answer: Also yes if these emails contain information the business needs to be performed and the loss of these will affect the organization capacity to do business. But you do not need to refer to the e-mail folders and e-mails themselves in the register. You can included only the relevant e-mail account (e.g., CEO email account) or e-mail service (if you are using a cloud service like Gmail).
3 - Some of the girls in the office record information on Notebooks and store them in locked draws when they are not in use, again would these need to be recorded on the register?
Answer: Again you have to think about what would happen to the business if the information on these notebooks was lost (in case of a robbery or damage of the notebooks, at least you would have a financial loss regarding the equipment). If the impact is relevant to the organization it should be considered in the asset register.
This article will provide you further explanation about asset registry:
- How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/
These materials will also help you regarding asset registry:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/ -
Integrating ISO 27001 and ISO 9001
(In our organization, we were able to certify ISO 9001, and we are considering achieving a certification in 27001. From your experience, you believe that the implementation of 27001 could have a shorter time curve in relation to the 9001 already fulfilling some requirements of the rule? Could you give us some tips to facilitate the implementation of 27001?)
Answer: Certainly yes. As you said ISO 9001 implementation already covers many requirements from ISO 27001, which can help speed up the process. For detailed information about implementing integrated systems I suggest you these material:
- How to implement integrated management systems https://advisera.com/blog/2015/10/05/how-to-implement-integrated-management-systems/
- Using ISO 9001 for implementing ISO 27001 https://advisera.com/27001academy/blog/2010/03/08/using-iso-9001-for-implementing-iso-27001/
- ISO 27001 implementation: How to make it easier using ISO 9001 [free webinar on demand] https://advisera.com/27001academy/webinar/iso-27001-implementation-make-easier-using-iso-9001-free-webinar-demand/
These materials will also help you regarding ISO 27001 implementation:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/