Search results

Home / Search

Category:
Select
Select

11272 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Backup control


    Answer: ISO 27001 control A.12.3.1 - Information Backup requires the implementation of:
    - a backup policy, for definition of backup requirements considering information, software and systems, as well as requirements for retention and protection of backup media.
    - facilities with capability to ensure information and software recovery following a disaster or media failure.
    - procedures for backup, recovery and testing procedures, as well as how to act in case of one of these procedures fail.
    - a backup schedule, considering what to backup, the frequency, the type of backup (e.g. full or differential backup), all considering business needs.

    It is important to note that all these definitions should be aligned with existent business continuity plans.

    This article will provide you further explanation about Backup control:
    - Backup policy – How to determine backup frequency https: / /advisera.com/27001academy/blog/2013/05/07/backup-policy-how-to-determ ine-backup-frequency/

    This material will also help you regarding Backup control:
    - ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/

  • Determinación del contexto y partes interesadas


    Respuesta:

    En la ISO 14001:2015 no hay procedimientos que sean obligatorios de manera explícita, sólo existen una serie de documentos como la política, planes y registros que necesitan ser documentados.
    Para más información sobre este tema, vea: https://advisera.com/14001academy/es/knowledgebase/list-of-mandatory-documents-required-by-iso-140012015/

    Respecto al contexto de la organización, es necesario considerar todas las consecuencias directas e indirectas, los requerimientos legales y todos los efectos en las partes interesadas que tendrá el funcionamiento del SGA.
    En cuanto a las partes interesadas, la sección 4.2. explica que la razón para identificar las mismas es determinar las necesidades y expectativas relevantes de las mismas para poder deducir cuáles son de obligado cumplimiento. Ejemplos de part es interesadas son: gobierno, accionistas, clientes, vecinos, empleados.
    Para más información sobre este tema, vea: https://advisera.com/14001academy/es/knowledgebase/como-determinar-las-partes-interesadas-de-acuerdo-a-la-iso-140012015/

  • Risk evaluation


    Answer:

    In addition to requirements of ISO 9001:2015 to address risks and opportunities, IATF 16949 requires the risk analysis to include at minimum lessons learned from product recalls, product analysis, field returns and repairs, complaints, scraps and rework. It also requires FEMA to be applied on production and design and development process.

  • IATF 16949 Quality Policy


    Answer:

    IATF has no additional requirements regarding the Quality Policy compared to ISO 9001:2015. If you already implemented ISO 9001:2015, you can use the same policy for both standards.

    If you are developing it from scratch, the policy must meet following requirements:
    - it must be appropriate to the purpose and context of the organization and supports its strategic direction;
    - it must provide a framework for setting quality objectives;
    - it must include a commitment to satisfy applicable requirements;
    - it must include a commitment to continual improvement of the quality management system.

    For more information about writing the Quality Policy, see: How to Write a Good Quality Policy https://advisera.com/9001academy/blog/2014/03/25/write-good-quality-policy/

  • Online course related questions


    I have a few questions:

    Do I have to purchase both or can I purchase just the Internal Auditor Course?

    Internal auditor course contains the foundation course and auditing techniques, so you don't need to purchase both of them.

    What does the foundation course cover?

    Foundation course only covers requirements of the standard.

    DO you provide model answers for the exams?

    Yes, every question has four offered answers and only one is correct.

    When you say “Once you purchase the exam, you can take it at a later date”:
    When is the cut-off date?

    There are no limits on when you can take the exam.

    Will there be any further costs to take the exam?

    There are no further cost after you purchase the exam.

    What’s the pass mark?

    The pass mark is 60%.

    How soon will I get my certification?

    You will receive the certificate shortly after you pass the exam.

    Will this be recognised by IRCA?

    The courses are not recognized by IRCA because IRCA doesn't recognize Exemplar Global.

    How difficult is the exam? 😊😊😊

    Answers to all questions are in the course video, so if you pay attention, you won't have any problems passing it.

    As always, I look forward to hearing from you.

  • Context and risk assessment templates


    Answer:

    When it comes to determining context of the organization, we suggest organizations to use Procedure for Determining Context of the Organization and Interested Parties https://advisera.com/9001academy/documentation/procedure-for-determining-context-of-the-organization-and-interested-parties/ Also, here is one article that provides case study for determining context of the organization: ISO 9001:2015 Case study: Context of the organization as a success factor in manufacturing company https://advisera.com/9001academy/blog/2016/10/11/iso-90012015-case-study-context-of-the-organization-as-a-success-factor-in-manufacturing-company/

    For addressing risks and opportunities, we offer Procedure for Addressing Risks and Opportunities https://advisera.com/9001academy/documentation/procedure-for-addressing-risks-and-opportunities/

    You can download free previews of both procedures on the links I provided and see if they meet your needs.

  • When employee is unfit for fork


    Answer:

    It will depend on the nature of the unfitness. If the employee only has a flu, he will have to take couple of days off before returning to job. However, if the employee is permanently unfit for the job, there is no much you can do other than reassigning him to other workplace with less demanding health requirements.

  • BCP project budget


    Answer: For budgeting your BCP project you need to specify as much as possible:
    - the scope you will have to work on, in terms of customer's organization number of processes, people and locations involved;
    - the activities you will perform, such as Business impact analysis, risk assessment, documents elaboration, training, etc.;
    - information of previous similar projects you can use as reference

    These information will help you estimate how many plans you will need to develop and the people you will need to complete the project in the specified duration.

    Roughly speaking, you can consider costs divided this way:
    - project plan: 5% to 10%
    - diagnostic (BIA, Risk assessment, etc.): 20%
    - BCPs elaboration and people training: 50%
    - BCP's tests: 20% to 25%

    It is important to note that you have to make clear to your client that the costs involved in the implementation of controls related to BCPs (e.g., acquisition of equipment, implementation of new process, etc.) will be available only after BIA and risk assessment.

    This article will provide you further explanation about BCP project:
    - Business continuity plan: How to structure it according to ISO 22301 https://advisera.com/27001academy/knowledgebase/business-continuity-plan-how-to-structure-it-according-to-iso-22301/

    These materials will also help you regarding BCP project:
    - Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/
    - How to Budget an ISO 27001 Implementation Project https://info.advisera.com/27001academy/free-download/how-to-budget-an-iso-27001-implementation-project (although you are not planing for a BCMS, the project structure is rather similar).

  • Cambios en los procedimientos

    He recibido esta pregunta: Cómo se debe realizar los procedimientos de la ISO 14001 versión 2015 y si son diferentes a los de la ISO 14001 versión 2004 Respuesta: En la nueva norma 14001:2015 hay partes que han sufrido cambios más significativos y otras sólo cambios menores. Por ejemplo, en la nueva versión existen 16 documentos obligatorios y registros, mientras que en la anterior versión de 2004 eran únicamente 12. Entre los nuevos requisitos más importantes se encuentran el contexto de la organización (cláusula 4) y las acciones para abordar riesgos y oportunidades (cláusula 6.1), mientras que otros requisitos se han eliminado. Esto significa que será necesario redactar nuevos procedimientos pero que otros podrán mantenerse de manera similar. Para más información, vea: https://advisera.com/14001academy/es/knowledgebase/infografia-iso-140012015-vs-2004-que-ha-cambiado/

  • Evaluation of QMS performance and effectiveness


    Answer:

    In order to be able to evaluate performance of the QMS, you need to define KPI (key performance indicators) to be measured. KPIs should be some indicator that will tell you whether your process is delivering what you expect from it. For example, it can be number of nonconformities during storage against total amount of stored products. For more information, see: How to define Key Performance Indicators for a QMS based on ISO 9001 https://advisera.com/9001academy/24/define-key-performance-indicators-qms-based-iso-9001/-iso-9001/

    When trying to determine effectiveness of the QMS, the main question is whether the QMS is really achieving its objectives. This is the ultimate measure of QMS effectiveness.
Page 919-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +