Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11268 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Online course related questions
I have a few questions:
Do I have to purchase both or can I purchase just the Internal Auditor Course?
Internal auditor course contains the foundation course and auditing techniques, so you don't need to purchase both of them.
What does the foundation course cover?
Foundation course only covers requirements of the standard.
DO you provide model answers for the exams?
Yes, every question has four offered answers and only one is correct.
When you say “Once you purchase the exam, you can take it at a later date”:
When is the cut-off date?
There are no limits on when you can take the exam.
Will there be any further costs to take the exam?
There are no further cost after you purchase the exam.
What’s the pass mark?
The pass mark is 60%.
How soon will I get my certification?
You will receive the certificate shortly after you pass the exam.
Will this be recognised by IRCA?
The courses are not recognized by IRCA because IRCA doesn't recognize Exemplar Global.
How difficult is the exam? 😊😊😊
Answers to all questions are in the course video, so if you pay attention, you won't have any problems passing it.
As always, I look forward to hearing from you. -
Context and risk assessment templates
Answer:
When it comes to determining context of the organization, we suggest organizations to use Procedure for Determining Context of the Organization and Interested Parties https://advisera.com/9001academy/documentation/procedure-for-determining-context-of-the-organization-and-interested-parties/ Also, here is one article that provides case study for determining context of the organization: ISO 9001:2015 Case study: Context of the organization as a success factor in manufacturing company https://advisera.com/9001academy/blog/2016/10/11/iso-90012015-case-study-context-of-the-organization-as-a-success-factor-in-manufacturing-company/
For addressing risks and opportunities, we offer Procedure for Addressing Risks and Opportunities https://advisera.com/9001academy/documentation/procedure-for-addressing-risks-and-opportunities/
You can download free previews of both procedures on the links I provided and see if they meet your needs. -
When employee is unfit for fork
Answer:
It will depend on the nature of the unfitness. If the employee only has a flu, he will have to take couple of days off before returning to job. However, if the employee is permanently unfit for the job, there is no much you can do other than reassigning him to other workplace with less demanding health requirements. -
BCP project budget
Answer: For budgeting your BCP project you need to specify as much as possible:
- the scope you will have to work on, in terms of customer's organization number of processes, people and locations involved;
- the activities you will perform, such as Business impact analysis, risk assessment, documents elaboration, training, etc.;
- information of previous similar projects you can use as reference
These information will help you estimate how many plans you will need to develop and the people you will need to complete the project in the specified duration.
Roughly speaking, you can consider costs divided this way:
- project plan: 5% to 10%
- diagnostic (BIA, Risk assessment, etc.): 20%
- BCPs elaboration and people training: 50%
- BCP's tests: 20% to 25%
It is important to note that you have to make clear to your client that the costs involved in the implementation of controls related to BCPs (e.g., acquisition of equipment, implementation of new process, etc.) will be available only after BIA and risk assessment.
This article will provide you further explanation about BCP project:
- Business continuity plan: How to structure it according to ISO 22301 https://advisera.com/27001academy/knowledgebase/business-continuity-plan-how-to-structure-it-according-to-iso-22301/
These materials will also help you regarding BCP project:
- Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/
- How to Budget an ISO 27001 Implementation Project https://info.advisera.com/27001academy/free-download/how-to-budget-an-iso-27001-implementation-project (although you are not planing for a BCMS, the project structure is rather similar). -
Cambios en los procedimientos
He recibido esta pregunta: Cómo se debe realizar los procedimientos de la ISO 14001 versión 2015 y si son diferentes a los de la ISO 14001 versión 2004 Respuesta: En la nueva norma 14001:2015 hay partes que han sufrido cambios más significativos y otras sólo cambios menores. Por ejemplo, en la nueva versión existen 16 documentos obligatorios y registros, mientras que en la anterior versión de 2004 eran únicamente 12. Entre los nuevos requisitos más importantes se encuentran el contexto de la organización (cláusula 4) y las acciones para abordar riesgos y oportunidades (cláusula 6.1), mientras que otros requisitos se han eliminado. Esto significa que será necesario redactar nuevos procedimientos pero que otros podrán mantenerse de manera similar. Para más información, vea: https://advisera.com/14001academy/es/knowledgebase/infografia-iso-140012015-vs-2004-que-ha-cambiado/ -
Evaluation of QMS performance and effectiveness
Answer:
In order to be able to evaluate performance of the QMS, you need to define KPI (key performance indicators) to be measured. KPIs should be some indicator that will tell you whether your process is delivering what you expect from it. For example, it can be number of nonconformities during storage against total amount of stored products. For more information, see: How to define Key Performance Indicators for a QMS based on ISO 9001 https://advisera.com/9001academy/24/define-key-performance-indicators-qms-based-iso-9001/-iso-9001/
When trying to determine effectiveness of the QMS, the main question is whether the QMS is really achieving its objectives. This is the ultimate measure of QMS effectiveness. -
Meeting requirements of clause 8.5.1 f) - validation
If “motor winding & wielding” are not incorporated in your product clause 8.5.1 f) is not applicable.
If “motor winding & wielding” services are considered relevant perhaps your organization should include requirements for your suppliers of those products.
-
Control of external providers
8.4.2 The type and extent of the controls to be applied to the external provision and processes, products and services have been determined
What documentation would LRQA Assessor require?
Answer:
As you can see the standard does not have explicit requirements for documentation regarding controls of external providers. The amount of documentation in this regard will depend on the type and extent of the controls you enforce to your external providers but in most cases the contract, work instruction or similar will the auditor require to see during the audit.
For more information, see: How to control outsourced processes using ISO 9001 https://advisera.com/9001academy/blog/2015/05/05/how-to-control-outsourced-processes-using-iso-9001/ -
El nuevo contexto de la organización
He recibido esta pregunta: Estoy en proceso de certificarme en ISO 9001:2015 y tengo dudas respecto al punto 4 de la norma que habla del contexto de la organización Respuesta: La cláusula 4 es un nuevo requerimiento de la norma ISO 9001:2015 para la organización en la cual es necesario considerar no sólo cuestiones internas sino también externas que pueden causar un impacto en los objetivos estratégicos y la planificación del Sistema de Gestión de Calidad. Esto implica que necesitará definir algunos elementos de la organización y cómo estos son reflejados en el SGC, por ejemplo, el tamaño de la organización, mercados, consumidores, etc. Para más información, vea: https://advisera.com/9001academy/pt-br/kit-de-documentacao-da-iso-9001/nowledgebase/como-identificar-el-contexto-de-la-organizacion-en-iso-90012015/ -
Benefits from ISO 27018
To give you some context, my organisation is a SaaS, providing Cloud Products and Services to our customers (who typically use our software).
As an organisation, we utilise Cloud IaaS from some of the Big Vendors. So, we are a SaaS, not actually a Cloud Infrastructure Service provider.
We already understand the benefits of ISO27001, and are leaning towards establishing a program towards compliance. however, given our business profile, do you think it would be a good fit to extend our control environment to include ISO 270018.
Answer: You can think of ISO 27018 the same way as ISO 27002, a set of detailed recommendations on how to implement controls described in ISO 27001 Annex A, the difference being that ISO 27018 focuses on recommendations to protect personally identifiable information (PII) in cloud environments. It can be used both by cloud services providers, which can use the standards recommendations to improve their security controls, and cloud custom ers, that can use the standard to help them verify is potential or current providers have proper controls to protect their PII information.
Considering this, for your second question I can say yes, as a Cloud IaaS customer, your organization can benefit by extending you control environment to include recommendations from ISO 27018 with the purpose to have a better basis to evaluate security controls for PII implemented by your cloud providers.
This article will provide you further explanation about ISO 27018:
- ISO 27001 vs. ISO 27018 – Standard for protecting privacy in the cloud https://advisera.com/27001academy/blog/2015/11/16/iso-27001-vs-iso-27018-standard-for-protecting-privacy-in-the-cloud/