Search results

Home / Search

Category:
Select
Select

11268 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Scope of the certification audit

    Our management approach was to select a team and provide them with a training in order for this team to implement the system instead of hiring a consultant.
    Therefore, it is a bit challenging; however, we are doing our best.
    The question i would like to ask is when the certification body comes to audit the QMS in the organization will the audit be done only against the quality policy and the quality objectives stated in the QMS Manual? or will the audit also will be done against the policies and procedures published in the organization?

    Answer:

    The certification audit will cover the entire scope of your QMS (Quality Management System), this includes review of all your QMS documentation (1st stage of the audit) and auditing of your processes and activities against your procedures and requirements of the standard (2nd stage audit).

    For more information about the certificatio n audit, see: How to prepare your company for the ISO 9001 certification audit https://advisera.com/9001academy/03/how-to-prepare-your-company-for-the-iso-9001-certification-audit/

  • Developing procedure for the context


    Answer:

    The standard itself doesn't require procedure for determining context of the organization to be documented, but if you choose to do so, the best way is to explain in the procedure how determining of the context will be conducted, who will participate, what elements of the context will be considered and so on. Here you can download a free preview of our Procedure for Determining Context of the Organization and Interested Parties https://advisera.com/14001academy/documentation/procedure-for-determining-context-of-the-organization-and-interested-parties/

    Also, if you want to find out more about the context, see: Determining the context of the organization in ISO 14001 https://advisera.com/14001academy/knowledgebase/determining-the-context-of-the-organization-in-iso-14001/

  • ISO 27001 requirements for controls


    Answer: What ISO 27001 requires is that an organization considers its context and assesses its risks to implement proper controls to bring risks to acceptable levels. So the decision for immediate removal of users access is up to each organization, based on its risk assessments, legal or contractual requirements.

    This article will provide you further explanation about access control:
    - How to handle access control according to ISO 27001 https://advisera.com/27001academy/blog/2015/07/27/how-to-handle-access-control-according-to-iso-27001/
    - The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/

    These materials will also help you regarding access control:
    - Book Secure & Simple: A Small-Bu siness Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

  • Risk assessment

    Thank you. Your answer is very userfull for me :)

  • Information with different classification levels


    Answer: There will be no problem as long as you ensure all that people who needs to access both, the policy and the related SOP can do that, and they are aware on how to handle the information regarding their respective classification. You should note that ISO 27001 does not prevent this kind of situation, but can help handle related risks.

    This article will provide you further explanation about information classification:
    - Information classification according to ISO 27001 https://advisera.com/27001academy/blog/2014/05/12/information-classification-according-to-iso-27001/

    These materials will also help you regarding information classification:
    - Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

  • Information with different classifications

    There will be no problem as long as you ensure all that people who needs to access both, the policy and the related SOP can do that, and they are aware on how to handle the information regarding their respective classification. You should note that ISO 27001 does not prevent this kind of situation, but can help handle related risks.
    This article will provide you further explanation about information classification:
    - Information classification according to ISO 27001 https://advisera.com/27001academy/blog/2014/05/12/information-classification-according-to-iso-27001/
    These materials will also help you regarding information classification:
    - Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

  • Issue reporting to third party


    Answer:
    That depends what kind agreement you have with third party (if you have one). If it's an IT issue I would rather let support guys report issues. If you have an ITSM tool - even more important to have it in scope of the support desk.

  • QMS effectiveness and customer satisfaction


    Answer:

    Effectiveness of the QMS can be demonstrated through achievement of the quality objectives, improving quality performance and customer satisfaction.

    Improvement of customer satisfaction is demonstrated by conducting customer satisfaction survey and comparing results with the ones gathered with the previous survey. For more information, see: Main elements of handling customer satisfaction in ISO 9001 https://advisera.com/9001academy/blog/2014/07/01/main-elements-handling-customer-satisfaction-iso-9001/

  • Using ISO 9001 for IATF 16949 implementation

    My company as you know is presently ISO 9001:2008. I was in the process of transitioning to ISO 9001 2015. My company decided to change over to TS 16949-2016 instead. At this time I am having to start over. My question to you is, can I use any of the templates that I purchased from you? Or would I have to purchase new templates for TS?

    Answer:

    IATF 16949 is practically ISO 9001:2015 plus requirements for automotive industry. If you take a look at the text of IATF 16949, you can see that it refers to requirements of ISO 9001 but due to copyrights it doesn't quote the ISO 9001.

    Also, some of requirements of IATF 16949 are completely the same as in ISO 9001 and in these cases you can use the documentation of ISO 9001 Documentation Toolkit as is (for example context of the organization), in other cases you only need to amend the documentation to meet additional requirements of IAT F 16949.

    For more information, see: How to structure IATF 16949:2016 documentation https://advisera.com/16949academy/knowledgebase/how-to-structure-iatf-16949-2016-documentation/
Page 912-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +