Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Risks and opportunities in ISO 14001:2015

    Answer: Risks in ISO 14001 as well as opportunities need to be identified not only regarding environmental aspects but also regarding compliance obligations and context of the organization. You don't need to turn your significant environmental aspects into risk but rather to examine what can go wrong in operational controls that can lead to escalation of the environmental aspect and damaging the environment. The example you stated is a good direction for identifying risks. Also you need to determine risks related to legal requirements and possible actions to avoid violation of those requirements. For more information, see: Risks and opportunities in ISO 14001:2015 – What they are and why they are important https://advisera.com/14001academy/blog/2016/03/07/risks-and-opportunities-in-iso-140012015-what-they-are-and-why-they-are-important/

  • Identifying Legal Requirements


    Answer: The most common ways to gather this kind of information is by interviewing people involved in the process (e.g., operators, technical staff, process owners, contract managers, legal support, etc.), reading the available documentation, and by doing an Internet search. By applying these three methods you will have a good base for which legal, regulatory and other requirements you must comply.

    2 - And what if my organization has several locations in different countries?"

    Answer: The methods described are still applicable, but you have to ensure to collect this information also from people living in those countries, not only from someone who made an Internet search, because they generally have a closer and better view of what is relevant and needed in terms of requirements.

    This article will provide you fu rther explanation about identifying requirements:
    - How to identify ISMS requirements of interested parties in ISO 27001 https://advisera.com/27001academy/blog/2017/02/06/how-to-identify-isms-requirements-of-interested-parties-in-iso-27001/

    These materials will also help you regarding identification of legal requirements:
    - Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

  • Nonconformity in production process

    Which clause in the standard effects this. Should I put it under 8.7 or 8.5?

    Answer:

    If the nonconformity occurred in production process, than it is related to the clause 8.5. Clause 8.7 defines how to control the nonconforming product, the nonconformity related to clause 8.7 would mean that you didn't control the nonconforming product properly.

    For more information, see: How to use root cause analysis to support corrective actions in your QMS https://advisera.com/9001academy/blog/2016/03/01/how-to-use-root-cause-analysis-to-support-corrective-actions-in-your-qms/

  • Where to start with ISO 9001 transition


    Answer:

    The best way to start with the transition is to raise awareness in the company regarding the transition and what it brings to the company. This can be done with presentation on the benefits of making the transition and how it will affect the everyday activities (decrease of documentation requirements, etc.). For more information, see: ISO 9001:2015 benefits of early transition https://info.advisera.com/9001academy/free-download/iso-90012015-benefits-of-early-transition

    The next step would be to conduct gap analysis and determine to what extent you company is already compliant with the new version and once you learn that you can develop project plan for the transition and implement the changes in you system. For more information about transition steps, see: How to make the transition from ISO 9001:2008 revision to the 2015 revision https://advisera.com/9001academy/blog/2015/10/06/how-to-make-the-transition-from-iso-90012008-revision-to-the-2015-revision/

    I wouldn't start with particular document but with requirements sthat need to be implemented and once you know them you can start updating your documents and processes. Quality manual is no longer mandatory but if you find it useful, you can keep it, you just need to update it according to the new version. For more information, see: The future of the Quality Manual in ISO 9001:2015 https://advisera.com/9001academy/knowledgebase/the-future-of-the-quality-manual-in-iso-90012015/

  • Nonconformity and related clauses


    Answer:

    It is definitely a nonconformity but not related to the clause 8.7. This clause only explains what needs to be done in case of nonconforming product. Part of the process of resolving a nonconformity is to determine what requirements of the standard and applicable work instructions and procedures haven't been meet during the production or service delivery. The nonconformity you mentioned is probably related to the clause 8.5 Production and service provision but nonconformity does not necessarily has to be related to the clause of the standard, it can also be related to the procedures and rules that you defined in the company.

    For more information, see: Understanding dispositions for ISO 9001 nonconforming product
    https://advisera.com/9001academy/blog/2014/11/18/understanding-dispositions-iso-9001-nonconforming-product/

  • Qualitative and quantitative risk assessment

    so qualitative method is also called simple risk assessment while quantitative risk assessment is called details risk assessment..

  • Risk calculation and implemented controls


    Answer: For determining the risk value, you must consider the current situation, i.e., including the influence of the controls currently implemented. If you do not do that you may finish overestimating risks and waste resources to handle an already acceptable risk.

    This article will provide you further explanation about risk assessment:
    - ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/

    These materials will also help you regarding risk calculation and implemented controls:
    - Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
    - The basics of risk assessment and treatment according to ISO 27001 [free webinar on deman d] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/

  • Implementing SMS


    Answer:

    I assume by SMS you meant Safety Management System. Implementing SMS can be done in numerous ways but for this answer I will explain how to do it with OHSAS 18001.

    The first step is to conduct the GAP analysis to determine to what level your company is already compliant with OHSAS 18001 and what needs to be done to achieve full compliance and establish effective SMS. Here you can find free OHSAS 18001 Gap Analysis Tool https://advisera.com/18001academy/ohsas-18001-gap-analysis-tool/

    Once you determine what needs to be done you should develop project plan for the implementation with defined activities, resources responsibilities and deadlines. In this way you will distribute the burden of the implementation to several people and this can make your implementation faster and more effective. Here you can download our free Project Plan for OHSAS 18001 implementation https://info.advisera.com/18001academy/free-download/project-plan-for-ohsas-18001-implementation

    After you impl ement all activities and develop all necessary documents, you need to conduct internal audit and management review to ensure that the system is in place and compliant with OHSAS 18001. For more details on implementation, see: 12 Steps for implementation and certification against OHSAS 18001 https://advisera.com/18001academy/blog/2015/11/04/12-steps-for-implementation-and-certification-against-ohsas-18001/

  • Risk Assesment

    Qualitative risk assessment is based on perceptions and judgements to assess probabilities and impacts, does not make use of complex mathematical analysis, and its results makes sense only in the context of the analysis, generally represented by scales like “low, medium and high” or “80 in a scale from 0 to 99” (e.g., high risk of data loss, or a risk of data loss of 80 in a scale from 0 to 99 ). 99% of the companies use qualitative assessment to perform quick assessments in simple situations or to help identify risks that requires further analysis when they have many risks to work on.

    On the other hand, quantitative risk assessment is based on heavy use of mathematics (e.g., statistical distribution) and simulation tools to assess probabilities and impacts, and its results makes sense outside the context of the analysis, generally in terms of money and time impacts if a risk occurs in a specific period (e.g., 30% of chance of data loss results in a loss of 550k if the risk occurs in the next five years). Terms related to quantitative risk assessment are ROSI, SLE, ARO and ALE, which you can know more by watching this free webinar:

    - ISO 27001 benefits: How to obtain management support https://advisera.com/27001academy/webinar/iso-27001-benefits-how-to-get-management-buy-in-free-webinar-on-demand/

    These materials will also help you regarding qualitative risk assessment:
    - Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
    - The basics of risk assessment and treatment according to ISO 27001 [free webinar on demand] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/

  • ISO 27001 roles


    Answer: Yes. You only have to take care to not define Senior Management as the responsible role in too much activities.

    2 - If so, do I have to specify who is meant by Senior Management?

    Answer: Yes. Instead of concepts like manager or process owner, Senior Management may mean one or more persons, like when you define the responsibility to project team. In these cases people, and auditors usually look for the one in the highest position, so you should make well clear what Senior Management means to your organization.

    3 - If so, where do I have to do this? In which document?

    Answer: You have many options where to define the Senior management. You can define them in job descriptions, in the organizational chart, or in the Information Security Policy.

    These articles will provide you further explanation about roles and responsibilities:
    - How to document roles and responsibilities according to ISO 27001 https://advisera.com/27001academy/blog/2016/06/20/how-to-document-r oles-and-responsibilities-according-to-iso-27001/
    - Roles and responsibilities of top management in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/06/09/roles-and-responsibilities-of-top-management-in-iso-27001-and-iso-22301/

    These materials will also help you regarding roles and responsibilities:
    - Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Page 943-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +