Search results

Home / Search

Category:
Select
Select

11272 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Questions regarding clauses 8.3 and 6.1

    “The organization shall establish, implement and maintain a design and development process that is appropriate to ensure the subsequent provision of products and services”.

    My interpretation of this clause is; organisation should design and develop process FOR provision of products and services. The organisation I work for generate, transmit and distribute electricity. Am I wrong that the standard is not interested in the design of electricity but wants us to design and develop processes to provide that electricity and associated services?

    Answer: The standard is referring to design and developing of products or services and not processes, so in case of your company you can exclude clause 8.3 from the scope of QMS. For more information, see: What clauses can be excluded in ISO 9001:2015? https://advisera.com/9001academy/blog/2015/07/07/what-clauses-can-be-excluded-in-iso-90012015/2015/

    Clause 6.1 reads as thus; “When planning for the quality management system, the organization shall consider the issues referred to in 4.1 and the requirements referred to in 4.2 and determine the risks and opportunities that need to be addressed.

    The reading of the clause gives me an indication that risks and opportunities should first be Determined in relation to the “QMS Processes defined” in response to clause 4.4 and then ACTION taken.

    Please help me in interpreting these clauses 6.1 and 8.3

    Answer: Organization needs to consider risks and opportunities emerging from the context of the organization and that includes he QMS processes. Actions to address risks and opportunities cannot be defined or taken without identifying risks and opportunities first.

    For more information, see: How to address risks and opportunities in ISO 9001 https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/

  • Management representative in ISO 9001:2015


    Answer:

    The article you've reading is written according to ISO 9001:2008 which required management representative as a mandatory role in QMS (Quality Management System). New version of the standard does not require management representative as a mandatory role, however the standard still requires roles and responsibilities within the QMS to be assigned.

    For more information, see: What will be the destiny of the management representative in the new ISO 9001:2015? https://advisera.com/9001academy/knowledgebase/what-will-be-the-destiny-of-the-management-representative-in-the-new-iso-90012015/

  • Documents for ISO 45001 implementation


    Answer:

    Since the official version of ISO 45001 is not published yet (it is expected by the end of this year), I can only tell you what I know based on the draft version of the standard. Keep in mind that this is subjected to change and we cannot know with 100% certainty what will be requirements for documentation of the official ISO 45001 before it is published.

    The most important group of documents needed for implementation of ISO 45001 are the ones explicitly required by the standard, the company must have these documents in order to be compliant with the standard. This includes the policy, objectives, procedures and records.

    The second group of the documents are the ones that are not mandatory but the company finds them necessary for maintaining the Occupational Health and Safety Management System, this can be various procedures, policies, work instructions and records that can be useful for maintaining the system although they are not explicitly required by the standard.

    For more information about documents used in ISO 45001 implementation, see: List of mandatory documents required by DIS ISO 45001:2016 https://advisera.com/18001academy/blog/2016/01/27/list-of-mandatory-documents-required-by-dis-iso-450012016/

  • Scope of the certification audit

    Our management approach was to select a team and provide them with a training in order for this team to implement the system instead of hiring a consultant.
    Therefore, it is a bit challenging; however, we are doing our best.
    The question i would like to ask is when the certification body comes to audit the QMS in the organization will the audit be done only against the quality policy and the quality objectives stated in the QMS Manual? or will the audit also will be done against the policies and procedures published in the organization?

    Answer:

    The certification audit will cover the entire scope of your QMS (Quality Management System), this includes review of all your QMS documentation (1st stage of the audit) and auditing of your processes and activities against your procedures and requirements of the standard (2nd stage audit).

    For more information about the certificatio n audit, see: How to prepare your company for the ISO 9001 certification audit https://advisera.com/9001academy/03/how-to-prepare-your-company-for-the-iso-9001-certification-audit/

  • Developing procedure for the context


    Answer:

    The standard itself doesn't require procedure for determining context of the organization to be documented, but if you choose to do so, the best way is to explain in the procedure how determining of the context will be conducted, who will participate, what elements of the context will be considered and so on. Here you can download a free preview of our Procedure for Determining Context of the Organization and Interested Parties https://advisera.com/14001academy/documentation/procedure-for-determining-context-of-the-organization-and-interested-parties/

    Also, if you want to find out more about the context, see: Determining the context of the organization in ISO 14001 https://advisera.com/14001academy/knowledgebase/determining-the-context-of-the-organization-in-iso-14001/

  • ISO 27001 requirements for controls


    Answer: What ISO 27001 requires is that an organization considers its context and assesses its risks to implement proper controls to bring risks to acceptable levels. So the decision for immediate removal of users access is up to each organization, based on its risk assessments, legal or contractual requirements.

    This article will provide you further explanation about access control:
    - How to handle access control according to ISO 27001 https://advisera.com/27001academy/blog/2015/07/27/how-to-handle-access-control-according-to-iso-27001/
    - The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/

    These materials will also help you regarding access control:
    - Book Secure & Simple: A Small-Bu siness Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

  • Risk assessment

    Thank you. Your answer is very userfull for me :)

  • Information with different classification levels


    Answer: There will be no problem as long as you ensure all that people who needs to access both, the policy and the related SOP can do that, and they are aware on how to handle the information regarding their respective classification. You should note that ISO 27001 does not prevent this kind of situation, but can help handle related risks.

    This article will provide you further explanation about information classification:
    - Information classification according to ISO 27001 https://advisera.com/27001academy/blog/2014/05/12/information-classification-according-to-iso-27001/

    These materials will also help you regarding information classification:
    - Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

  • Information with different classifications

    There will be no problem as long as you ensure all that people who needs to access both, the policy and the related SOP can do that, and they are aware on how to handle the information regarding their respective classification. You should note that ISO 27001 does not prevent this kind of situation, but can help handle related risks.
    This article will provide you further explanation about information classification:
    - Information classification according to ISO 27001 https://advisera.com/27001academy/blog/2014/05/12/information-classification-according-to-iso-27001/
    These materials will also help you regarding information classification:
    - Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Page 912-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +