Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Implementación en un solo area

    Lo que pensamos hacer y es lo que quiero que me comentes si es correcto hacerlo de la siguiente manera: Las demás áreas de la empresa (administración, software, soporte técnico e ingeniería) que no se desea que implementen ISO 9001, las podemos como proveedores externos y que solo les aplique el requisito 8.4 control de producto y servicios suministrados externamente , ¿es correcto lo que queremos hacer? O ¿de qué otra forma puede hacerse?

    Respuesta:

    El alcance del SGC no necesita cubrir todos los procesos de la organizació n, sin embargo sí que tiene que incluir al menos un producto o servicio que será entregados al cliente o al menos que formen parte de él. Como en tu caso, es posible implementar el estándar estando el cliente y/o proveedor dentro de la propia organización.

    Aunque se quiera implementar la norma en sólo un área de la empresa, es necesario cumplir con todos los requerimientos de ISO 9001, esto aplica a todos los procesos estratégicos y de apoyo en la organización. Es decir, que certificarse en un solo área no exime a la empresa de definir la política de calidad, establecer objetivos, identificar el contexto, llevar a cabo un método de identificación y evaluación de riesgos, etc.

    Aquí puedes encontrar información sobre la lista de documentos obligatorios por la ISO 9001:2015: https://advisera.com/9001academy/pt-br/kit-de-documentacao-da-iso-9001/nowledgebase/lista-de-documentos-obligatorios-requeridos-por-la-iso-90012015/

  • Codificación de documentos y registros

    Lo anterior es porque que trato de eliminar el número de formato dados de alta en el SGC y reducirlo.
    Me gustaría una opinión sobre que criterios debería aplicar para la codificar un registro y si lo que se decidan usar en electrónico como una base de datos debería codificarse?

    Respuesta:

    La norma no especifica ningún método concreto para la codificación de los documentos y/o registros, lo único obligatorio es cumplir con los documentos y registros que se determinan en ISO 9001:2015, aquí puede encontrar la lista: https://advisera.com/9001academy/pt-br/kit-de-documentacao-da-iso-9001/nowledgebase/lista-de-documentos-obligatorios-requeridos-por-la-iso-90012015/

    En cuanto a la codificación de los registros, el estándar sólo exige que la información debe ser identificable y trazable, así que podría utilizar su propio criterio. Mi recomendación es aplicar un sistema sencillo, que pueda ser comprendido por todos los empleados de la empresa, para que puedan encontrar los documentos de forma fácil y rápida.

  • ISO 9001 and ISO 17025


    Answer:

    ISO/IEC 17025 standard specifically addresses factors relevant to a laboratory’s ability to produce precise, accurate test and calibration data. The main difference between ISO 17025 and ISO 9001 is the accreditation and certification. ISO 17025 stands for accreditation, which means the recognition of competence of specific technical competence. ISO 9001 stands for certification, which means accordance with a standard assessed by management systems, certified by any independent body that is internationally agreed. Also, there is the difference with the accurate products. ISO 9001 does not mean accurate products are produced. For that, product should be approved by ISO 17025.

    The standards are too different when it comes to requirements and structure so it will be very difficult to integrate them. Besides docu ment and record control, corrective actions, internal audit and management review there is no a lot of similarities. ISO 9001 can be used as a supplement for ISO 17025 to meet requirements of ISO 17025 clauses 4.1 and 4.2 but other than that there is no much place for integrating them.

  • Quality objectives and plans to achieve them


    A) Automate 100% of HR processes by end of Year?
    B) Over the period of 3 months (May to July), determine the skills, knowledge, and resources needed to full automation of HR processes before end of current year?

    Please advise.

    Answer:

    The objectives need to be SMART (Specific, Measurable, Attainable, Relevant and Timely) and the objective itself doesn't need to explain how it will be achieved. For that, the standard requires plans for achieving the quality objectives. The plan includes defining actions, responsibilities, resources and deadlines.

    Example "A" that you provided is a good example of the quality objective, example "B" seems more like a plan f or achieving the objective "A".

    For more information, see: How to Write Good Quality Objectives https://advisera.com/9001academy/knowledgebase/how-to-write-good-quality-objectives/

  • Ciclo PDCA y Productividad


    Mi respuesta:

    El nombre de PDCA viene de las palabras en inglés "Planificar, Hacer, Revisar, Actuar". Esta metodología describe cuatro fases que necesitan ser llevadas a cabo de manera sistemática para poder lograr una mejora continua y por lo tanto, una mayor productividad en la empresa. Cuando se alcanza la fase final ("Actuar") se regresará a la primera fase ("Planificar") y de nuevo se repetirá el ciclo, de esta forma las actividades serán reevaluadas periódicamente.
    Además, como el primer paso en el ciclo PDCA es Planificar, habrá que realizarse un diagnóstico inicial, en el cual se determinen las actividades en la organización que necesitan hacerse para cumplir con los requerimientos de la norma ISO 9001:2015. Todo ello conducirá a una mayor productividad, trabajando de una manera más eficaz ya que todos los procesos estarán alineados y serán comprendidos por el personal de la organización.

    Para más información, vea "Planificar-hacer-revisar-actuar en el estánd ar ISO 9001": https://advisera.com/9001academy/pt-br/kit-de-documentacao-da-iso-9001/nowledgebase/planificar-hacer-revisar-actuar-en-el-estandar-iso-9001/

  • ISMS implementation

    Answer: The best way to establish a ISMS is by considering an enterprise as a project, and by adopting a well proved framework, as ISO 27001. These articles will provide you further explanation about ISMS implementation: - ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/ - ISO 27001 project – How to make it work https://advisera.com/27001academy/blog/2013/04/22/iso-27001-project-how-to-make-it-work/ - Who should be your project manager for ISO 27001/ISO 22301? https://advisera.com/27001academy/blog/2014/12/01/who-should-be-your-project-manager-for-iso-27001-iso-22301/ These materials will also help you regarding ISMS implementation: - Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/ - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/ - Free webinar – Seven key problems to avoid in ISO 27001 implementation https://advisera.com/27001academy/webinar/seven-key-problems-to-avoid-in-iso-27001-implementation-free-webinar-on-demand/

  • Internal auditor training


    Is that fine for a company that none of staff contain a standard internal auditor training qualification but an intensive training certification?

    Thank you for your reply.

    Answer:

    Both ISO 9001 and ISO 14001 do not require internal auditors to have accredited certificates for internal auditors, so the company can send its auditors to any training that it finds appropriate. For more information, see: ISO 9001 internal auditor training: Is it for me? https://advisera.com/9001academy/blog/2015/06/02/iso-9001-internal-auditor-training-is-it-for-me/

  • IRCA auditor

    Just as a background: We (our team of 3) have just finished the ISO 27001 (ISMS), 5 days training course and also we have cleared the written examination.
    However, as the trainer explained to us on the final day, that for us to be IRCA certified Lead Auditors, we need to pay a certain royalty fee to IRCA, also, we need to gain some experience as observers/auditors in a certain time frame. So, could you please explain the process further?

    Answer: IRCA's fees vary from country to country. To have precise information regarding you country you can find it here: https://www.quality.org/content/irca-fees
    Regarding audit experience, you must have at least 20 days of auditing, including at least 15 on site (this generally covers 3 or four certifications audit). For more information, see: https://www.quality.org/article/auditor

  • Organizational context

    Please specify on which type of context organisation has its own controls and on which not?

    Answer: For different contexts you can consider banks, hospitals and internet providers. All of them have specific business requirements to drive information security. Banks need to protect account holders financial data, hospitals need to protect patient's health data, and internet providers must protect users data flow. All of them must protect confidentiality, integrity and availability, but for different information, and in different degrees, so they will require different controls set and security levels.

    For example, the acceptable delay in providing information for a internet user can be completely different from a hospital patient, leading to a different set of controls.

    Regarding responsibility for controls, organizations that run its own IT infrastructure owns much more controls than those which outsource them, for example, by adopting a Software as a Service Solution.

    These articles will provide you further explanation about Organizational context:
    - Explanation of ISO 27001:2013 clause 4.1 (Understanding the organization) https://advisera.com/27001academy/knowledgebase/how-to-define-context-of-the-organization-according-to-iso-27001/
    - The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/

    These materials will also help you regarding Organizational context:
    - Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

  • Non Disclosure Agreement


    Answer: Most frequently, the duration used for NDAs is 2, 3, and 5 years, but you can define a different period based on a risk assessment (a NDA can even last forever), and you do not have to define one single period for all your information. But you have to notice that the longer is the period, the greater is the cost involved.

    This article will provide you further explanation about handling classified information:
    - Information classification according to ISO 27001 https://advisera.com/27001academy/blog/2014/05/12/information-classification-according-to-iso-27001/

    These materials will al so help you regarding handling classified information:
    - Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Page 909-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +