Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11269 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Auditing marketing and sales against ISO 14001 and OHSAS 18001
We are preparing now for ISO 14001, OHSAS 18001 certification and we are conducting the internal audits now, does marketing and sales operations should be involved in the internal audit cycle?
If yes, what are the references that I can conduct my audit based on it? And what are the type of questions that should be asked?
Answer:
If the marketing and sales departments are part of the scope of your implementation of ISO 14001 and OHSAS 18001, you should definitely audit them. Unlike ISO 9001 where you have specific requirements that relate to these requirements, ISO 14001 and OHSAS 18001 have more general requirements that can apply to any process or department.
First thing to be audited is whether the identification and evaluation of environmental aspects and occupational health and safety hazards is conducted for these processes and then whether the operational controls for environmental protection and occupational health and safety are implemented.
For more information, see: Internal Audits in the EMS: Five Main Steps https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/internal-audits-in-the-ems-five-main-steps/ -
Inventory of assets
Answer: Sorry for the inconvenience. Please try this link: https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/
2 - The problem I am having is that, from the different assets categories, e.g. people, applications and databases e.t.c. I do not know if there is a certain procedure to follow to fill the categories in the given template.
Answer: No, there is no such procedure to be followed. I suggest you to click the 'Checklist of assets' sheet, which contains examples for each category, to guide you which category you should apply to your asset. -
HIDRAC and identification of environmental aspects
Answer:
HIDRAC (Hazard Identification, Risk Assessment and Determining Control) is general approach and methodology for identification and evaluation of hazards, risks and dangers and determining control to threat them. Identification and evaluation of environmental aspects can be done in the same way, you only need to apply the HIDRAC to the environmental aspects and impact and you will meet requirements from both clause 6 and 8 of ISO 1401:2015.
For more information about environmental aspects identification and evaluation, see: 4 steps in identification and evaluation of environmental aspects https://advisera.com/14001academy/knowledgebase/4-steps-in-identification-and-evaluation-of-environmental-aspects/ -
Risks assessment in ISO 9001
I would like to discuss some important things regarding ISO 9001:2015 documentation as I am working on Risk Assessment Matrix.
What I need to know is that is there need of formal documentation regarding risk assessment?
Because we have integrated management system and I think that we have already addressed many risks in the form of HAXCCP Matrix and Environmental Aspect & impact.
As per my understanding what additional thing we have to do in QMS is, that keeping in view the context of the Organization & needs and expectations of the interested parties existing risk assessment will be reviewed and revised accordingly.
Kindly guide me in this regard.
I would like to share the document on which I am working now a days.
I am interested to hear back from you.
Answer:
ISO 9001 does not require formal documentation regarding risk assessment, but it is beneficial to have at least the registry or list of risks and opportunities. HACCP and Environmental Aspect/Impact risk assessment are coveri ng different types of risks, one is for food safety and the other is for environment. ISO 9001 requires you to address risks and opportunities related to quality of products and services, achieving quality objectives and customer satisfaction.
The risk and opportunities assessment for ISO 9001 can be done in more simple way than those to above mentioned methodologies. You can conduct SWOT analysis or arrange a brainstorming session with relevant people in the company and talk about the risks. For more information, see: How to address risks and opportunities in ISO 9001 https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/ -
Getting certified
Answer:
Since you did't stated against what standard you want to get certified, I assume you've meant ISO 9001. In order to get certified, you need to implement the standard first and there are some similar steps for every management system standard.
First step in implementation is to conduct a gap analysis to determine to what level your company is already compliant with the standard and what needs to be done to achieve full compliance. Here you can find our free GAP analysis tool https://advisera.com/9001academy/iso-9001-gap-analysis-tool/
Once you determine what needs to be done, you should develop a project plan for the implementation to define what activities needs to be taken, what documents need to be produced as well as responsibilities and deadlines. Here you can find free Project Plan for ISO 9001 Implementation https://info.advisera.com/9001academy/free-download/project-plan-for-iso-9001-implementation-ms-word
Then you can start implementing requirements of the standard and when everything is finished, you should conduct internal audit and management review to make sure that your Quality Management System is compliant with the standard.
Finally, you will be ready to hire certification body that will come to your company, conduct the audit and issue you the certificate. For more information about the implementation and certification, see: Checklist of ISO 9001 implementation & certification steps https://advisera.com/9001academy/knowledgebase/checklist-of-iso-9001-implementation-certification-steps/ -
Root cause analysis on ISO 27001
but on Procedure_for_Corrective_Action_EN.docx not mention any root cause analysis and how to implement it. -
Clean desk procedure
Answer: Generally a clear desk procedure is not required, being sufficient performing periodic awareness and monitoring activities to evaluate policy effectiveness.
This article will provide you further explanation about clear desk policy:
- Clear desk and clear screen policy – What does ISO 27001 require? https://advisera.com/27001academy/blog/2016/03/14/clear-desk-and-clear-screen-policy-what-does-iso-27001-require/ -
Why implementing ISO 27001?
Answer: Besides reducing the likelihood of security incidents, the companies that implement ISO 27001 can achieve other benefits as well - getting new clients, better organizing their processes, quicker compliance with laws and regulations, etc.
All these benefits are explained here: Four key benefits of ISO 27001 implementation https://advisera.com/27001academy/knowledgebase/four-key-benefits-of-iso-27001-implementation/ -
QMS in pharmaceutical distribution company
Answer:
You are correct, the definition of the scope is one of the crucial steps in ISO 9001 implementation and the way you determine the scope will guide you through the next steps. Since you are only distributor of the pharmaceutical products and not a manufacturer, many of clauses of the standard will not be applicable to your QMS, Therefore you wont be needing as many documents as some production company.
You will be able to exclude design and development, production and many other processes and requirements so your system will be much smaller in therms of documentation. For more information, see: What clauses can be excluded in ISO 9001:2015? https://advisera.com/9001academy/blog/2015/07/07/what-clauses-can-be-excluded-in-iso-90012015/2015/ -
Change classification
Answer: Changes are, usually, classified according to the risks and costs they have. Here are criteria for Normal changes: 1. Minor change - low risk and/or low cost 2. Significant change - medium risk and/or cost 3. Major change - high risk and/or cost This article can provide few more details: "Three key elements of assessment and evaluation of changes according to ITIL"