Search results

Home / Search

Category:
Select
Select

11272 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • SMETA Certificate


    Answer:

    The Sedex Members Ethical Trade Audit (SMETA) was developed by the Sedex Associate Auditor Group (AAG). SMETA is designed to reduce duplication of effort in ethical trade auditing, benefiting retailers, consumer brands, and their suppliers. It was developed in response to member demand for an ethical audit report format that could more easily be shared.

    SMETA is not a code of conduct, a new methodology, or a certification process, but describes an audit procedure which is a compilation of good practice in ethical audit technique.

    Unfortunately, we do not have any materials regarding it, since we are focused on ISO and ITIL standards.

  • PIR


    The answer:
    You noticed right, Post Implementation Review (PIR) is a must in case of unsuccessful changes. There is no out-of-the box solution how to do it. That depends on the, e.g.:
    - company size
    - type of change
    - available resources...etc.

    But, once you define further activities (you mentioned - recommended actions) in order to make things right (i.e. change implementation) and learn the lesson, I see few things to do:
    - analysis - usually Change Advisory Board (CAB) will do that. Make minutes and define responsibilities
    - preparation - you will need to take new attempt. Be sure that something changed from last time (what - well, that depends on your analysis). Define all steps you need to do, take a trial if possible.
    - implementation - when you get to this point, you'll be familiar with new implementation. Be sure to track all activities (and have all responsibilities defined).
    - review - review new attempt. I f it was a success - compare it to unsuccessful attempt and look for difference -that's your lesson learned.

    Read the article "
    Post Implementation Review – Buzzword, or mighty tool?" https://advisera.com/20000academy/blog/2015/02/03/post-implementation-review-buzzword-or-mighty-tool/ to learn more about PIR.

  • Evidence about providers


    Answer: The point is not whether these providers are ISO 27001 certified or not, the point is whether they comply fully with the security clauses that are part of the contract they have signed with you.

    The evidence about this you can get in couple of ways:
    - They can send you reports
    - You can send your auditor to their company
    - You can send third-party auditor to their company to check whether they are compliant with the contract

    This article explains more how this relationship with suppliers work: 6-step process for handling supplier security according to ISO 27001 https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/

    These materials will also help you regarding handling suppliers:
    - Book Secure & Simple: A Small-Busines s Guide to Implementing ISO 27001 On Your
    Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
    - Free online training ISO 27001 Foundations Course
    https://advisera.com/training/iso-27001-foundations-course/

  • Justification in a Statement of Applicability


    Answer: To justify an implemented control that do not have identified risks on the Risk Assessment, that can be related to it, the most suitable justification on the Statement of Applicability would be, as you thought, the original reason that justified the control implementation, something like "control implemented as a requirement of interested parties", or "control considered common sense / normal operating procedure in our industry".

    This article will provide you further explanation about risk assessment:
    - ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/

    This article will provide you further explanation about the Statement of Applicability:
    - The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/

    These materials will also help you regarding risk assessment and SoA:
    - Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your
    Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
    - Free online training ISO 27001 Foundations Course
    https://advisera.com/training/iso-27001-foundations-course/

  • List of internal documents


    Answer:

    All documents produced by the company regarding the QMS are considered as internal documents and should be listed in the List of Internal Documents.

    For more information about the documentation, see: New approach to document and record control in ISO 9001:2015 https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/

  • Environmental aspects in warehouse


    Answer:

    There are no environmental aspects that will emerge in every warehouse. The aspects will depend mostly on the materials being stored and the way being stored. For example if you are storing oils, environmental aspect will be oil, the impact will be on soil and water, so you will need to implement operational controls to prevent oil spillage by defining what kind of barrels will be used for storage, how much they will be filled in, how they will be arranged in the warehouse, etc.

    For more information about environmental aspects and operational control, see Free webinar – ISO 14001: Identification and evaluation of environmental aspects https://advisera.com/14001academy/webinar/iso-14001-identification-and-evaluation-of-environmental-aspects-free-webinar/

  • Establishing operational controls


    Answer:

    The most important is that you identified and evaluated environmental aspects. For those aspects that you determined as significant, you need to establish operational controls. The controls can be:
    - administrative - meaning that you need to place signs or to develop work instructions or procedures,
    - engineering - meaning that you will introduce some new technology or change your processes to decrease impact on the environment.

    Examples of operational controls are work instructions for waste disposal or installation of filters to decrease polluting gases emission.

    For more information about establishing operational controls, see: Defining and implementing operation al control in ISO 14001:2015 https://advisera.com/14001academy/blog/2016/04/11/defining-and-implementing-operational-control-in-iso-140012015/140012015/

  • Methodology for developing documentation


    Answer:

    There is no prescribed methodology for developing documentation, different people have different approaches. The documentation itself is not an only factor for compliance with the standard, it is only a tool for achieving compliance and avoiding nonconformities.

    The most important thing is to understand requirements of the standard and develop set of activities and processes to meet those requirements, than you need to document them through procedures in order to avoid nonconfomances. Records and forms are then used to demonstrate that the procedures are being followed.

    For more information, see: 7 steps in writing QMS policies and procedures for ISO 9001 https://advisera.com/9001academy/blog/2015/03/10/7-steps-in-writing-qms-policies-and-procedures-for-iso-9001/

  • Language requirements for an ISO 27001 certification


    Answer: Yes, references and/or evidences in multiple languages are acceptable for the final ISO 27001 audit certification, but you should inform the certification body of this fact when arranging the certification audit. In the audit, it is certain that the certification auditor will seek evidence that people who use this documented information to carry out their activities, have the necessary fluency in the languages involved (e.g. lawyers evaluating contracts, buyers evaluating suppliers proposals, etc.), so be prepared for that.

    This article will provide you further explanation about why to consider language issues in a relationship with a certification body:
    - How to choose a certification body https://advisera.com/blog/2021/01/11/how-to-choose-an-iso-certification-body/

    Thes e materials will also help you regarding requirements to consider for a certification audit:
    - Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your
    Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
    - Free online training ISO 27001 Foundations Course
    https://advisera.com/training/iso-27001-foundations-course/

  • Developing internal audit program

    If you plan the audit this way, you wont be auditing entire scope of QMS over the course of one year, it would be much better if you define your plan like this:
    1st location in March
    2nd location in June
    3rd location in September

    Yes, it is recommendable to audit entire scope of QMS during the year. The aspects you mentioned influence frequency of the audit, meaning that some locations can be audit more frequently if they have greater number of nonconformities or if they have more complex or crucial processes.
Page 963-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +