Search results

Home / Search

Category:
Select
Select

11275 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Fixing nonconformities before the certification audit

    I've received further question:
    > You say that we can plan to implement some of the controls after the externa audit. Sorry, but it's still a bit confusing to me. Maybe better with an example. A.12.1.4 says: Development, testing, and operational environments shall be separated to reduce the risks of unauthorized access or changes to the operational environment. Can this be implemented after the audit? If yes, how can the auditor verify that we are going to implement it? How can we know what controls can be implemented after, and what controls have to be implemented before the certification audit?

    Answer:

    Although this is not very popular, you can leave some of the less important controls for the implementation after the certification. There is no hard rule for this, but if you have controls that are not related to major risks, then you can leave them for later, and explain that you were not able to implement those because of time and budget restraints.

    You have to make this planning very clear through the Risk treatment plan, and your risk owners need to accept the risks while those controls are not implemented.

    The certification auditor will check whether you implemented those controls during the surveillance visits - see this article: Surveillance visits vs. certification audits https://advisera.com/27001academy/knowledgebase/surveillance-visits-vs-certification-audits/

  • When will ISO 45001 start to apply


    Answer:

    ISO 45001 is currently in DIS (Draft International Standard) stage and the final draft (FDIS) will be published in September 2017, while approval and publication of the ISO 45001 is expected in December 2017. There were some complications with the text of the standard so the deadline for publication is prolonged.

    Currently, no one can provide e-learning or any other information simply because none of the information about the requirements are official and basically no one knows hoe the standard will look like. Once the FDIS version of the standard is published we will know exact requirements of the standard and then it will be possible to create e-leaning course which we will certainly do. At this moment you can see our free online courses for ISO 9001, ISO 14001 and ISO 27001, they are all available here https://advisera.com/training/ and are made according to the latest versions of the standards.

  • ISO 27001 training & awareness

    Thank You!

  • Auditing design and development


    Answer:

    The design and development process is audited in a same way as any other process. You need to identify first all requirements of the standard, you can also create a checklist just to make sure you don't miss anything. For more information, see: Writing an Audit Checklist for ISO 9001 Processes https://advisera.com/9001academy/blog/2014/11/25/writing-audit-checklist-iso-9001-processes/

    Once you determine all requirements of the standard, you need to examine your design and development process and determine whether it is compliant with the standard or not. For more information, see: The ISO 9001 Design Process Explained https://advisera.com/9001academy/blog/2013/11/05/iso-9001-design-process-explained/

    For more information about internal audit process, see:
    - How to create a check list for an ISO 9001 internal audit for your QMS https://advisera.com/9001academy/blog/2016/07/12/how-to-create-a-check-list-for-an-iso-9001-internal-audit-for-your-qms/
    - Five Main Steps in ISO 9001 Internal Audit https://advisera.com/9001academy/knowledgebase/five-main-steps-in-iso-9001-internal-audit/

    And we also have free ISO 9001:2015 Internal Auditor online course available here https://advisera.com/training/iso-9001-internal-auditor-course/

  • Certified Implementer ISO 27001


    Answer:
    Basically to initiate your career you need courses and basic information about these standards, and our site is the best place for this, because we give many free resources.

    For example, we have this course that can help you to learn basic principles about ISO 27001 “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/

    Our learning center can be also very interesting for you “What is ISO 27001” : https://advisera.com/27001academy/what-is-iso-27001/, "ISO 22301 Basics" : https://advisera.com/27001academy/what-is-iso-22301/

    These material can be also interesting for you:

    - Our free downloads section https://advisera.com/27001academy/free-downloads/

    - Our free webinars : https://advisera.com/27001academy/webinars/

    - Article about how to become consultant “How to become an ISO 27001 / ISO 22301 consultant" : https://advisera.com/27001academy/blog/2014/07/21/how-to-become-an-iso-27001-iso-22301 -consultant/

    - Article about Lead Implementer Course “Lead Auditor Course vs. Lead Implementer Course - Which one to go for?” : https://advisera.com/27001academy/blog/2014/06/16/lead-auditor-course-vs-lead-implementer-course-which-one-to-go-for/

    Finally, our ebook can be also very interesting for you: book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/

  • ISO 9001 scope and clause exclusions

    We do not have a formal procedure written for design work BUT we have a gateway for products we produce
    this, to us, means that we regard our Operations as the customer of design. Our Operations ensures that the design is correct to achieve the end product through operations....
    Can we then state that the scope of our ISO 9001 certification application is our Operations only?
    We have procedures which control the drawings and Bills of Material that are used to make our products
    Scope of the Quality Management System.... I need to know what to include in the scope and how to write what we exclude

    Answer:

    If your company does not conduct design and development of products, you can exclude clause 8.3 of ISO 9001:2015. Reviewing your customer design prior to production is part of clause 8.2.3 Review of requirements related to products and services so they are not di smissed once the clause 8.3 Design and development of product and services is excluded.

    In the document about scope of QMS or in Quality Manual, you can write that clause 8.3 is not applicable to your business because you do not conduct design and development and this will be enough.

    For more information, see:
    - How to define the scope of the QMS according to ISO 9001:2015 https://advisera.com/9001academy/knowledgebase/how-to-define-the-scope-of-the-qms-according-to-iso-90012015/
    - What clauses can be excluded in ISO 9001:2015? https://advisera.com/9001academy/blog/2015/07/07/what-clauses-can-be-excluded-in-iso-90012015/2015/

  • Storing too many documents


    Answer:

    The standards does not usually prescribe how long you need to keep the outdated documents and records, they only require organization to define retention and disposition of the documents. Usuall practice is to keep the documents and records for three years but this period can be shorter or longer.

    For more information, see:
    - New approach to document and record control in ISO 9001:2015 https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/

  • Documentation and classification in ISO 27001


    Answer:
    I am not sure what you mean with your first question, but ISO 27001:2013 has the point 7.5 Documented information, where defines basic principles to manage documents and registers.

    This article can be interesting for you “Document management in ISO 27001 & BS 25999-2” : https://advisera.com/27001academy/blog/2010/03/30/document-management-within-iso-27001-bs-25999-2/

    Regarding the top secret documents, the best way to send them to another party, is to encrypt the information, and for this you can use various open source tools (and free). By the way, this article about the classification of information according to ISO 27001 can be also interesting for you “Information classification according to ISO 27001” : https://advisera.com/27001academy/blog/2014 /05/12/information-classification-according-to-iso-27001/

    Finally, these materials will help you to learn more about ISO 27001 and the classification of information:
    - free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
    - book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/

  • ISO 20000 implementation order


    Answer
    ISO 20000 does not require any particular order in which requirements will be implemented. But, from the experience point of view, I would recommend to:
    1. establish the SMS (Service Management System
    2. Implement the processes

    There are two elements which can help. First one is to follow the order in the toolkit (you can see the list of documents here https://advisera.com/20000academy/iso-20000-documentation-toolkit/# .
    Additional help could be "ISO 20000 implementation diagram" https://advisera.com/20000academy/free-downloads/

    On the other side, ITIL needs different approach, and you can get useful ideas in the article "Ready, steady… go – Starting ITIL implementation" https://advisera.com/20000academy/blog/2014/06/10/ready-steady-go-starting-itil-implementation/

  • Documents requred by clause 4.4


    Answer:

    This clause has overall requirements for entire quality management system. Requirements for this clause are related to every part of the quality management system, and can be met indirectly through documented procedures, policies and records.

    When it requires organization to maintain documented information to support the operation of its processes, this means that you need to decide what documentation (procedures, SOP, work instruction, etc) are necessary for running the processes and to create them. Another requirement is to retain documented information to have confidence that the processes are being carried out as plan and this means that you need to decided what records are needed and to create them according to your needs.

    For more information, see:
    - New approach to document and r ecord control in ISO 9001:2015 https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/
Page 984-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +