Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11275 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Environmental aspects and risks and opportunities
Opportunity Assessment....
They both use matrix assessment....?
What the different......
Can you give me advise or you have some example doc let me know....
Answer:
The main difference between environmental aspects and risks and opportunities is in the scope of assessment. Environmental aspects are assessed within the processes and are directly linked to environmental impacts. Risks and opportunities assessment covers entire context of the organization and they can be related to performance of the EMS (Environmental Management System) or possibilities for improvement of the EMS and not only to environmental aspects.
The second important difference is that environmental aspect assessment requires methodology while risks and opportunities can be assessed in some free form like brainstorming session and only key risks and opportunities need to be documented.
Finally, significant environmental aspects require operational contro ls which are continual and ongoing activities while risks and opportunities require actions to address them which can be one time activity. For more information, see: ISO 14001 risks and opportunities vs. environmental aspects https://advisera.com/14001academy/blog/2016/06/06/iso-14001-risks-and-opportunities-vs-environmental-aspects/ -
Emergency preparedness and response and environmental aspects
Answer:
Emergency preparedness and response plans should be developed according to identified emergency situations which do not have to be related to significant environmental aspects. The purpose of these plans is to enable the organization to respond to potential emergency situations. For example, if your organization is close to fuel pump, there is a chance of fire that can affect your organization, so you need to develop emergency preparedness and response plan for this situation.
If emergency and response plans are made only for convenience, then the requirements of the standard will be only formally met without any benefit for the organization. For more information, see: How to satisf y emergency response requirements in ISO 14001:2015 https://advisera.com/14001academy/blog/2015/10/19/how-to-satisfy-emergency-response-requirements-in-iso-140012015/ -
ISMS scope
Answer: First of all, ISO 27001 cannot be used to certify products. This standard can be used to certify an organization's Information Security Management Systems, regarding processes, organizations units and locations. That said, your assumption is correct when considering that you can have a limited scope, defining your Information Security Management System in terms of the software development process used to deliver the product, as means to ensure to your customers that the required information security measures are identified, included and maintained in the software. But you should also note that limiting the scope doesn't make sense for smaller companies, since it will require greater effort than managing the security considering the whole organization.
This art icle will provide you further explanation about ISMS scope:
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
- Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/
These materials will also help you regarding ISMS scope:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/ -
Observer in a audit
My company has already implemented 27001:2013 and we have an external audit scheduled in the comming week.
I would want be an observer in this external audit, before I start auditing. Is it possible? Is it the right way to start off Please share your inputs.
Answer: Yes, it is possible, but this situation varies from organization to organization and according to certification body policies, so you should verify this first with the person responsible for the audit in your organization (e.g., CISO, management representative, etc.). After that this person has to communicate the request to the external auditor so he can see if for that audit is possible to have an observer. If all is ok, the most important issue you have to note is that an observer, as the name says, cannot interfere during the audit. If you have anything to say or ask you have to do that outside the audit scheduled activities.
This article will provide you further explanation about becoming an auditor:
- Which q uestions will the ISO 27001 certification auditor ask? https://advisera.com/27001academy/blog/2015/07/20/which-questions-will-the-iso-27001-certification-auditor-ask/
- How to approach an auditor in a certification audit https://advisera.com/articles/how-to-approach-an-auditor-in-a-certification-audit/
These materials will also help you regarding becoming an auditor:
- ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/ -
ISMS scope definition
I could put a two page document together detailing the reasons why the whole business should be included but need to put this into a couple of lines.
Do you have any suggestions
Answer: You can write that by ISO 27001, clause 4.3 c, when defining the ISMS scope an organization has also to consider its relationships with all external elements that can influence it, and since support and installation have relationships with all other organization's elements, the effort for managing this reduced scope and these relationships would be greater than managing a scope including all the organization.
This article will provide you further explanation about problems with scope definition:
- Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/
This material will also help you regarding scope definition:
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/ -
Questions about ISO 9001 implementation
ISO 9001 is the world's most well known norm. This standard is pertinent to every one of the fields independent of the size, nature and size of the association. ISO 9001 confirmation in Lagos furnishes an association with a bunch of rules that assurance focused, educated, logical and set up way to deal with the administration of business exercises to efficiently achieve customer fulfillment and regularly improve operational adequacy and helps a wide range of associations to prevail through improved consumer loyalty, staff inspiration and persistent improvement. ISO 9001 in Lagos assists your associations with exhibiting clients that they can offer items and administrations of reliably great quality. It empowers you to more readily adjust and coordinate various administration guidelines. This assists your association with tending to production network the executives all the more viably.
-
Implementación en un solo area
Lo que pensamos hacer y es lo que quiero que me comentes si es correcto hacerlo de la siguiente manera: Las demás áreas de la empresa (administración, software, soporte técnico e ingeniería) que no se desea que implementen ISO 9001, las podemos como proveedores externos y que solo les aplique el requisito 8.4 control de producto y servicios suministrados externamente , ¿es correcto lo que queremos hacer? O ¿de qué otra forma puede hacerse?
Respuesta:
El alcance del SGC no necesita cubrir todos los procesos de la organizació n, sin embargo sí que tiene que incluir al menos un producto o servicio que será entregados al cliente o al menos que formen parte de él. Como en tu caso, es posible implementar el estándar estando el cliente y/o proveedor dentro de la propia organización.
Aunque se quiera implementar la norma en sólo un área de la empresa, es necesario cumplir con todos los requerimientos de ISO 9001, esto aplica a todos los procesos estratégicos y de apoyo en la organización. Es decir, que certificarse en un solo área no exime a la empresa de definir la política de calidad, establecer objetivos, identificar el contexto, llevar a cabo un método de identificación y evaluación de riesgos, etc.
Aquí puedes encontrar información sobre la lista de documentos obligatorios por la ISO 9001:2015: https://advisera.com/9001academy/pt-br/kit-de-documentacao-da-iso-9001/nowledgebase/lista-de-documentos-obligatorios-requeridos-por-la-iso-90012015/ -
Codificación de documentos y registros
Lo anterior es porque que trato de eliminar el número de formato dados de alta en el SGC y reducirlo.
Me gustaría una opinión sobre que criterios debería aplicar para la codificar un registro y si lo que se decidan usar en electrónico como una base de datos debería codificarse?
Respuesta:
La norma no especifica ningún método concreto para la codificación de los documentos y/o registros, lo único obligatorio es cumplir con los documentos y registros que se determinan en ISO 9001:2015, aquí puede encontrar la lista: https://advisera.com/9001academy/pt-br/kit-de-documentacao-da-iso-9001/nowledgebase/lista-de-documentos-obligatorios-requeridos-por-la-iso-90012015/
En cuanto a la codificación de los registros, el estándar sólo exige que la información debe ser identificable y trazable, así que podría utilizar su propio criterio. Mi recomendación es aplicar un sistema sencillo, que pueda ser comprendido por todos los empleados de la empresa, para que puedan encontrar los documentos de forma fácil y rápida. -
ISO 9001 and ISO 17025
Answer:
ISO/IEC 17025 standard specifically addresses factors relevant to a laboratory’s ability to produce precise, accurate test and calibration data. The main difference between ISO 17025 and ISO 9001 is the accreditation and certification. ISO 17025 stands for accreditation, which means the recognition of competence of specific technical competence. ISO 9001 stands for certification, which means accordance with a standard assessed by management systems, certified by any independent body that is internationally agreed. Also, there is the difference with the accurate products. ISO 9001 does not mean accurate products are produced. For that, product should be approved by ISO 17025.
The standards are too different when it comes to requirements and structure so it will be very difficult to integrate them. Besides docu ment and record control, corrective actions, internal audit and management review there is no a lot of similarities. ISO 9001 can be used as a supplement for ISO 17025 to meet requirements of ISO 17025 clauses 4.1 and 4.2 but other than that there is no much place for integrating them. -
Quality objectives and plans to achieve them
A) Automate 100% of HR processes by end of Year?
B) Over the period of 3 months (May to July), determine the skills, knowledge, and resources needed to full automation of HR processes before end of current year?
Please advise.
Answer:
The objectives need to be SMART (Specific, Measurable, Attainable, Relevant and Timely) and the objective itself doesn't need to explain how it will be achieved. For that, the standard requires plans for achieving the quality objectives. The plan includes defining actions, responsibilities, resources and deadlines.
Example "A" that you provided is a good example of the quality objective, example "B" seems more like a plan f or achieving the objective "A".
For more information, see: How to Write Good Quality Objectives https://advisera.com/9001academy/knowledgebase/how-to-write-good-quality-objectives/