Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11268 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Excluding design and development
Answer:
If the organization does not have design and development process within scope of the QMS, it can exclude the clause 8.3 from the scope. When excluding clauses of the standard, you need to document the exclusions in the document about the scope of the QMS and provide justification for exclusions.
You should also consider excluding clause 7.1.5 because I assume you do not use monitoring and measuring equipment in your processes. For more information about exclusions in ISO 9001:2015, see: What clauses can be excluded in ISO 9001:2015? https://advisera.com/9001academy/blog/2015/07/07/what-clauses-can-be-excluded-in-iso-90012015/2015/ -
Legal requirements and documentation
Is there a requirement to document specific work instructions relating to our key legislation i.e. a work instruction dedicated to the CRC Regulations or Clean Air Act and how they relate to our processes on site?
Answer:
The environmental aspects that are regulated by the legislation automatically become significant and operational controls should be applied. The level of documentation to be produced will depend on the requirements of the legislation (i.e. does the legislation itself requires some records to be produced) and the type of the operational control you decide to apply. If there are no legal requirements to produce records or to document procedure or work instruction it sis completely up to organization to decide whether to document them or not.
For more information about legal r equirements and ISO 14001, see: Demystification of legal requirements in ISO 14001 https://advisera.com/14001academy/blog/2014/10/01/demystification-legal-requirements-iso-14001/ -
Organizational knowledge
Kindly supply me with information on the Organizational Knowledge which is really tough to implement and meet ISO 2015 requirements.
I would appreciate it if you could clarify the following points:
1 What exactly the meaning of Organizational Management?
By organizational management I assume you meant organizational knowledge. Organizational knowledge includes all information and know how necessary to deliver product or service. For example, if you have a bakery, the recipe for making bread or cookies represent organizational knowledge. For more information, see: How to manage knowledge of the organization according to ISO 9001 https://advisera.com/9001academy/blog/2016/08/30/how-to-manage-knowledge-of-the-organization-according-to-the-iso9001/
2 Does ISO 2015 means the experience knowledge only?
By ISO 2015, I assume you meant ISO 9001:2015. Organizational knowledge includes experience and know hoe on how to deliver product or serv ice. Some of it will be in written form like work instructions, some will be part of competence and experience, for example if employee has a driving licence, he doesn't need to attend additional training neither he needs work instruction on how to drive a vehicle.
3 Do existing written knowledge including documentation and records are also required as part of 7.1.6. Organizational Knowledge?
The clause 7.1.6 doe not require producing some additional procedures and records. You only need to identify the organizational knowledge and to maintain it. In some cases, it can be beneficial to have documented procedure or reference to the documents that contain organizational knowledge.
4 How can we capture, store and made this knowledge available for users?
This can be done in numerous ways, you can document the work instructions and distribute them to relevant people or you can have the knowledge available on the intranet in the company. It will depend of the needs of the company, number of employees, locations, etc.
5 How can we audit this process (clause 7.1.6)?
Since the clause doesn't require documented information, the most of the auditing will be done by interviewing and observing. The purpose of auditing clause 7.1.6 is to determine whether the organization has identified and maintain the organizational knowledge and the questions asked during the audit should go in that direction. -
Procedure for document control and ISO 27002 controls
Answer: Actually, procedure for document control is related to the management part of information security - i.e. it is related to the main part of ISO 27001, and not to security controls listed in ISO 27002.
So in my opinion, it wouldn't make sense to try to fit it anywhere in ISO 27002 controls - document control belongs to the management part of information security.
These articles will help you:
- ISO 27001 vs ISO 27002 https://advisera.com/27001academy/knowledgebase/iso-27001-vs-iso-27002/
- Document management in ISO 27001 & BS 25999-2 https://advisera.com/27001academy/blog/2010/03/30/document-management-within-iso-27001-bs-25999-2/
These materials will also help you regarding document management:
- book Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/
- Free o nline training ISO 27001 Foundations Course
https://advisera.com/training/iso-27001-foundations-course/ -
Auditing of the new version
Answer:
The auditing techniques would be the same, you will still review the documentation, interview employees and observe processes. But, since the new version requires less documentation then the previous one, it is reasonable to assume that documentation review wouldn't provide the same results as with previous version of the standard. This means that most of the evidences will be gathered through interviewing employees and observing processes and activities.
This again depends on how you document your QMS, if it remains heavily documented like in previous version, the job of the auditors will be facilitated because they will have the most of the information on paper.
For more information about internal audit, see: Five Mai n Steps in ISO 9001 Internal Audit https://advisera.com/9001academy/knowledgebase/five-main-steps-in-iso-9001-internal-audit/ -
Regulations and work instructions
Answer:
There is no need for work instruction to contain text of the regulation. It can be even counterproductive because the most of the employees would not even understand what they need to do. The purpose of the work instruction is to ensure that the regulations are followed on the work place, so they need to be clear and simple and explain how activities are preformed according to the regulations.
For more information, see: Demystification of legal requirements in ISO 14001 https://advisera.com/14001academy/blog/2014/10/01/demystification-legal-requirements-iso-14001/ -
Prioritizing hazards
Answer:
There is no requirements in OHSAS 18001 that define how to prioritize implementation of operational controls, but basically there are two approaches. You can either start with the controls that are the easiest to implement, such s administrative controls (i.e. writing work instructions), or you can start with the controls that address the most severe consequences regardless of the effort needed to implement them.
Keep in mind that some of the operational controls are mandated by law and they should be implemented first, without any delay.
For more information, see: 5 levels of hazard controls in OHSAS 18001 and how they should be applied https://advisera.com/18001academy/blog/2015/09/02/5-levels-of-hazard-controls-in-ohsas-18001-and-how-they-should-be-applied/ -
Forms for admin department
Answer:
There are no particular requirements in ISO 14001 for documentation within the Admin department. The amount of documentation will depend on the type of operational controls that you apply in the department and this will depend on significant environmental aspects emerging from processes within this department.
In most cases Admin department has significant environmental aspects as waste paper, electronics and maybe batteries, this means that you will probably need some record about waste disposal and maybe a work instruction on how to store the waste prior to disposal.
For more information, see: How to identify environmental aspects in your office using ISO 14001 https://advisera.com/14001academy/blog/2015/05/18/how-to-identify-environmental-aspects-in-your-office-using-iso-14001/ -
Alternative site safe distance
We are planning to build a Secondary Data Center for xxxxxx the current distance is only less than kilometre and in a there will be 20 flights will come and go it is is xxxxx – please advise
Answer: Placing a data center near an airport never is a good idea, but if you do not have alternative, you should consider placing the data center out of the airport's flight paths and at a distance where air planes still are in a good altitude, starting landing procedures (something between 20 and 100 miles for large air crafts, and a minimum of 3 miles for small ones). this way you reduce likelihood to almost the same as for other builds being hit in case of a disaster.
Impacts related to an incident involving an air craft goes from total destruction of the site, to interruption of operations because support services are disrupted (e.g., power lines, water supply, etc.)
This article will provide you further explanation about how ide ntify related impacts and site location:
- How to implement business impact analysis (BIA) according to ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-implement-business-impact-analysis-bia-according-to-iso-22301/
- Disaster recovery site – What is the ideal distance from primary site? https://advisera.com/27001academy/knowledgebase/disaster-recovery-site-what-is-the-ideal-distance-from-primary-site/
These materials will also help you regarding how identify related impacts:
- Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/
- Implementing Business Impact Analysis according to ISO 22301 [free webinar on demand] https://advisera.com/27001academy/webinar/implementing-business-impact-analysis-according-to-iso-22301-free-webinar-on-demand/