Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11275 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Project risk assessment
Quite clear now. Appreciate your response. Thanks. -
ISO 9001:2015 documentation level
Answer:
Not all processes need to be documented and this version of the standard aims to decrease the amount of documentation. The documentation should be a balance between the competence of employees and complexity of processes. If you have competent employees you don't have to document every singe activity, the same is for the simple processes. Instead of writing procedures, sometimes it can be much easier to develop process flowchart or Quality Plan. For more information, see: New approach to document and record control in ISO 9001:2015 https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/ -
Gaining competence for ISO 9001:2015
Answer:
There is no requirement for the top management to get training in ISO 9001 requirements. The auditors, on the other hand, must get familiar with the standard requirements in order to be able to audit the system. They can get familiar with the standard by themselves or take some in-house or external course, but they do not have to have the certificate.
Here you can find our free ISO 9001:2015 Internal Auditor Course https://advisera.com/training/iso-9001-internal-auditor-course/ -
The transition and the document coding system
For example, I have a flow-down list of document numbers, however it only lists one form number for a calibration list, using F-715-001. Currently we have a calibration form for each piece of lab equipment. Same form just, individual form for each thermometer, balance, etc. Would this form then be F-715-002?
Answer:
New version of the standard doesn't change the coding system, so you can keep the existing one and there is no reason for change. What will change during the transition are the documents themselves and their version number should be changed but they can have the same identification code.
For more information, see:
- New approach to document and record control in ISO 9001:2015 https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/ -
How to address life cycle perspective in providing services?
The life cycle perspective is not relevant for every type of business in the same way, the service companies will have far less difficulties meeting this requirement. In case of logistic company, you will basically examine the steps you go through when delivering the product and determine that environmental aspects regarding each step and it will overlap with your processes such as transportation and storage.
So, in your case you only need to identify and evaluate environmental aspects in your processes and there is no need for further assessments. For more information about life cycle perspective, see: Lifecycle perspective in ISO 14001:2015 – What does it mean? https://advisera.com/14001academy/blog/2017/02/20/lifecycle-perspective-in-iso-140012015-what-does-it-mean/ -
ISO 20000 / ISO 27001 cost of implementation
There are two calculators which can help you:
ISO 27001 - "Return on Security Investment Calculator" https://advisera.com/27001academy/free-tools/free-return-security-investment-calculator/
ISO 20000 - "ITIL Return On Investment (ROI) Calculator" https://advisera.com/20000academy/itil-iso-20000-tools/roi-calculator/ (although it's ITIL calculator, it can help you with ISO 20000).
Additionally, there are some articles which explain this topic:
"How much does the ITIL/ISO 20000 implementation cost?" https://advisera.com/20000academy/blog/2016/12/13/how-much-does-the-itiliso-20000-implementation-cost/
"How much does ISO 27001 implementation cost?" https://advisera.com/27001academy/blog/2011/02/08/how-much-does-iso-27001-implementation-cost/ -
ISO 27001 and ISO 9001 integration
Answer: Yes, both standards have the same structure and can be implemented as an integrated system. This article will provide you further explanation about ISO 27001 and ISO 9001 integration: - How to implement integrated management systems https://advisera.com/articles/how-to-implement-integrated-management-systems/ - Using ISO 9001 for implementing ISO 27001 https://advisera.com/27001academy/blog/2010/03/08/using-iso-9001-for-implementing-iso-27001/ These materials will also help you regarding ISO 27001 and ISO 9001 integration: - Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/ - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-14001-internal-auditor-course/ - ISO 27001 implementation: How to make it easier using ISO 9001 [free webinar] https://advisera.com/27001academy/webinar/iso-27001-implementation-make-easier-using-iso-9001-free-webinar-demand/ -
Applying ISO principles in practice
Answer:
I'm not sure what ISO principles do you mean, but I assume your thinking of ISO 9001 principles. New version of the standard has 8 principles instead of 7 in the previous version. The principles are translated into requirements of the standard and by meeting the requirements, you will apply the quality principles.
There is no requirements for expertise regarding the principles, they only need to be applied through compliant with the standard and establishing the Quality Management System. For more information on quality principles, see: Seven Quality Management Principles behind ISO 9001 requirements https://advisera.com/9001academy/blog/2014/02/04/seven-quality-management-principles-behind-iso9001-requirements/ -
Presentation for ISO 9001 tansition
Please can you assist me with a presentation on introduction to ISO 9001:2015 Transition slide to be presented for my staff and the management entirely.
Thank you for always there for always there for me.
Answer:
The first part of the presentation on the transition should explain benefits of the transition. Here you can find some useful materials:
- ISO 9001:2015 – The benefits of early implementation https://advisera.com/9001academy/blog/2015/09/29/iso-90012015-the-benefits-of-early-implementation/
- ISO 9001:2015 benefits of early transition https://info.advisera.com/9001academy/free-download/iso-90012015-benefits-of-early-transition
The second part should explain the steps in the transition and how those steps will be conducted. Here are some useful resources from our website:
- How to make the transition from ISO 9001:2008 revision to the 2015 revision https://advisera.com/0 01academy/blog/2015/10/06/how-to-make-the-transition-from-iso-90012008-revision-to-the-2015-revision/
- Free webinar – ISO 9001:2015 - How to make the transition from ISO 9001:2008 https://advisera.com/9001academy/webinar/iso-90012015-how-to-make-the-transition-from-iso-90012008-free-webinar-on-demand/
- Twelve-step transition process from ISO 9001:2008 to the 2015 revision https://info.advisera.com/9001academy/free-download/twelve-step-transition-process-from-iso-90012008-to-the-2015-revision
The last part of the presentation should describe options for the transition, i.e. doing the transition by yourself, using consultant or some online solution. Here you can find a whitepaper that can be helpful to you:
- Implementing ISO 9001:2015 with a consultant vs. DIY approach https://info.advisera.com/9001academy/free-download/implementing-iso-9001-with-a-consultant-vs-diy-approach -
Security of remote access
Answer: I assume you are referring to security practices from IT applicable to SCADA (Supervisory Control and Data Acquisition). Information Technology (IT) and Industrial Control System (ICS), which embraces SCADA, have different business requirements, implementation architectures, and security goals, which makes direct application of security solutions from IT to SCADA unpractical. But in terms of concepts and high level approaches, they are highly compatible (you can also consider for SCADA security approaches like harden the perimeter, defense in depth and securing remote access). Considering ISO standards, ISO 27002 may help with some approaches (for remote access you have control 6.2.2 - Teleworking, and 13.1.2 - Security of network services), but ISO 27019:2013, wh ich provides guiding principles based on ISO/IEC 27002 for information security management applied to process control systems used in the energy utility industry, can provide more related information regarding Industrial Control Systems in general.
Unfortunately, we do not have some specific materials for remote access, but perhaps these materials can help you:
- How to manage the security of network services according to ISO 27001 A.13.1.2 https://advisera.com/27001academy/blog/2017/02/13/how-to-manage-the-security-of-network-services-according-to-iso-27001-a-13-1-2/
- How to handle access control according to ISO 27001 https://advisera.com/27001academy/blog/2015/07/27/how-to-handle-access-control-according-to-iso-27001/