Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11268 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
List of internal documents
Answer:
All documents produced by the company regarding the QMS are considered as internal documents and should be listed in the List of Internal Documents.
For more information about the documentation, see: New approach to document and record control in ISO 9001:2015 https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/ -
Environmental aspects in warehouse
Answer:
There are no environmental aspects that will emerge in every warehouse. The aspects will depend mostly on the materials being stored and the way being stored. For example if you are storing oils, environmental aspect will be oil, the impact will be on soil and water, so you will need to implement operational controls to prevent oil spillage by defining what kind of barrels will be used for storage, how much they will be filled in, how they will be arranged in the warehouse, etc.
For more information about environmental aspects and operational control, see Free webinar – ISO 14001: Identification and evaluation of environmental aspects https://advisera.com/14001academy/webinar/iso-14001-identification-and-evaluation-of-environmental-aspects-free-webinar/ -
Establishing operational controls
Answer:
The most important is that you identified and evaluated environmental aspects. For those aspects that you determined as significant, you need to establish operational controls. The controls can be:
- administrative - meaning that you need to place signs or to develop work instructions or procedures,
- engineering - meaning that you will introduce some new technology or change your processes to decrease impact on the environment.
Examples of operational controls are work instructions for waste disposal or installation of filters to decrease polluting gases emission.
For more information about establishing operational controls, see: Defining and implementing operation al control in ISO 14001:2015 https://advisera.com/14001academy/blog/2016/04/11/defining-and-implementing-operational-control-in-iso-140012015/140012015/ -
Methodology for developing documentation
Answer:
There is no prescribed methodology for developing documentation, different people have different approaches. The documentation itself is not an only factor for compliance with the standard, it is only a tool for achieving compliance and avoiding nonconformities.
The most important thing is to understand requirements of the standard and develop set of activities and processes to meet those requirements, than you need to document them through procedures in order to avoid nonconfomances. Records and forms are then used to demonstrate that the procedures are being followed.
For more information, see: 7 steps in writing QMS policies and procedures for ISO 9001 https://advisera.com/9001academy/blog/2015/03/10/7-steps-in-writing-qms-policies-and-procedures-for-iso-9001/ -
Language requirements for an ISO 27001 certification
Answer: Yes, references and/or evidences in multiple languages are acceptable for the final ISO 27001 audit certification, but you should inform the certification body of this fact when arranging the certification audit. In the audit, it is certain that the certification auditor will seek evidence that people who use this documented information to carry out their activities, have the necessary fluency in the languages involved (e.g. lawyers evaluating contracts, buyers evaluating suppliers proposals, etc.), so be prepared for that.
This article will provide you further explanation about why to consider language issues in a relationship with a certification body:
- How to choose a certification body https://advisera.com/blog/2021/01/11/how-to-choose-an-iso-certification-body/
Thes e materials will also help you regarding requirements to consider for a certification audit:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your
Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course
https://advisera.com/training/iso-27001-foundations-course/ -
Developing internal audit program
If you plan the audit this way, you wont be auditing entire scope of QMS over the course of one year, it would be much better if you define your plan like this:
1st location in March
2nd location in June
3rd location in September
Yes, it is recommendable to audit entire scope of QMS during the year. The aspects you mentioned influence frequency of the audit, meaning that some locations can be audit more frequently if they have greater number of nonconformities or if they have more complex or crucial processes. -
Assets valuation and the information classification policy
Answer: I assume you are referring to how to valuate an asset, considering the information it handles. A direct answer would be using the results of the risk assessment, i.e. the higher the impact you identified for a particular asset, the higher level of classification you should use.
This article will provide you further explanation about risk assessment:
- How to assess consequences and likelihood in ISO 27001 risk analysis https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#assessment
This article will provide you further explanation about information classification:
- Information classification according to ISO 27001 https://advisera.com/27001academy/blog/2014/05/12/information-classification-according-to-iso-27001/
These materials will also help you regarding risk assessment and information classification:
- B ook Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your
Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course
https://advisera.com/training/iso-27001-foundations-course/ -
Implementation steps for OHSAS 18001
Answer:
The best way to start with the implementation is to get familiar with requirements of the standard first and then to conduct a GAP analysis to determine to what level your company is already compliant with the standard and what needs to be done to achieve full compliance. Here you can find our free GAP Analysis tool https://advisera.com/18001academy/ohsas-18001-gap-analysis-tool/
Once you determine what needs to be done, it is good to develop project plan for the implementation, to define deadlines for each step as well as the responsibilities. Here you can download our free Project Plan for OHSAS 18001 Implementation https://info.advisera.com/18001academy/free-download/project-plan-for-ohsas-18001-implementation
When you finish the implementation, you can hire a certification body to conduct the certification audit and issue your company the certificate.
For more information about i mplementation and certification steps, see: OHSAS 18001 Implementation diagram https://info.advisera.com/18001academy/free-download/ohsas-18001-implementation-diagram -
Quality Policy as a framework for quality objectives
5.2.1 Establishing the quality policy Top management shall establish, implement and maintain a quality policy that:
b) "provide a frame for setting quality objectives".....it means what..?
Answer:
Purpose of the Quality Policy is to define general mission and vision of the company and to provide strategic direction in which the company is going. It contains statements regarding different aspects of the QMS (Quality Management System) that demonstrate company's commitment to satisfy applicable requirements and strive towards continual improvement.
All the statements in the Quality Policy provide a framework for setting Quality Objectives. For example, is you say in your policy that your company is committed to enhance customer satisfaction, this statement provides you with a framework on the objectives regarding customer satisfaction. The objective based on this statement in the policy would be to increase custom er satisfaction for 10% in the next year.
For more information about the policy, see: How to Write a Good Quality Policy https://advisera.com/9001academy/blog/2014/03/25/write-good-quality-policy/