Search results

Home / Search

Category:
Select
Select

11268 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Assess the risk for each asset


    Answer:
    I am not sure if I have understood 100% your question, but you need to assess the risk for each asset, and obviously the risk is related to the business. To calculate the risk in a simple way, you can use basically 2 parameters: Consequences and likelihood. This article can be interesting for you “How to assess consequences and likelihood in ISO 27001 risk analysis” : https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#assessment

    And also this one “ISO 27001 risk assessment & treatment - 6 basic steps” : https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/

    Finally, our online course can be also interesting for you because we give more information about the risk assessment process “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/

  • Access directly to a database?


    Answer:
    If this information is not confidential, I do not see problems, although to give direct access to the Oracle database for me is not a best practice, so would be better to give this information in another way, for example through a web page (in an architectural pattern Model-View-Controller).

    Another recommendation is that you define a classification for the information, so this article can be interesting for you “Information classification according to ISO 27001” : https://advisera.com/27001academy/blog/2014/05/12/information-classification-according-to-iso-27001/

    And remember that before the implementation of controls, you need to perform the risk assessment in order to determine what kind of security controls are needed. This article can be interesting for you "The basic logic of ISO 27001: How does information security work?" : https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work /

    Finally, this online course can be also interesting for you, because we give more information about the classification of the information “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/

  • Setting up ISO 14001 in construction company


    Answer:

    First step is to conduct GAP analysis to determine to what level your company is already compliant with the standard. The GAP analysis will provide you with answers on what needs to be done to achieve full compliance with the standard. Here you can find free GAP Analysis tool https://advisera.com/14001academy/iso-14001-gap-analysis-tool/

    Once you determine what documents need to be created and what activities need to be performed, you should create a Project Plan where you will define all above mentioned as well as deadlines, responsibilities and resources. You can find a free sample of the Project Plan here https://advisera.com/14001academy/free-downloads/ . This step is not mandatory, however it will help you avoid missing something out.

    Next step is to create all necessary documents, this includes the documents required by the standard itself and the documents that you find necessary to run your environmental management system and achieve intende d results. Here yo can use our documentation template which includes all mandatory documents together with most common documents used to set up the EMS (environmental management system) according to ISO 14001:2015. You can find free preview of the toolkit here https://advisera.com/14001academy/iso-14001-premium-documentation-toolkit/

    Then you need to implement all the activities prescribed by the documentation into your daily business activities. Finally, you need to conduct internal audit and management review to ensure your system is compliant with ISO 14001 requirements. And then you can hire certification body to conduct certification audit and issue your company the certificate.

    For more information about steps in ISO 14001 implementation, see: ISO 14001 Implementation diagram https://advisera.com/14001academy/free-downloads/

  • Applicability of ISO 14001


    Answer:
    ISO 14001 is applicable to any type of industry and especially for manufacturing . It helps organizations adopt systematic way to handle environmental aspects and also provides a framework for identifying and complying with legal and other requirements regarding the environment.

    For more information, see:
    - 6 Key Benefits of ISO 14001 https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/6-key-benefits-of-iso-14001/
    - Case study: Using ISO 14001 KPIs to reduce waste in manufacturing https://advisera.com/14001academy/blog/2016/05/16/5135/

  • Exclusion of clause 8.5.5 in cement manufacturing company


    Answer:

    Clause 8.5.5 relates only to the organization that provide post delivery activities such as installment, servicing, maintenance, recycling, etc. Since your business is production of cement and once you sell it to the customer, you don't have any further activities related to the sold product, you can exclude this clause from the scope of your QMS.

    For more information, see:
    - What clauses can be excluded in ISO 9001:2015? https://advisera.com/9001academy/blog/2015/07/07/what-clauses-can-be-excluded-in-iso-90012015/2015/

  • Competence, training and awareness documentation


    Answer:

    The standard only requires you to keep records as an evidence of employees competence and this can be training records, employees CV, diplomas, certificates, etc. No procedure or documented training modules are necessary, but you can create them if you find them necessary. In my opinion it is good to have a procedure that defines how you identify need for training and awareness, how you conduct them and how you evaluate their effectiveness and to have training and awareness raising program, but training modules seem as an overkill.

    Here you can find free previews of the documents related to competence, training and awareness:
    - Procedure for Competence, Training and Awareness https://advisera.com/9001academy/documentation/procedure-human-resources/
    - Training P rogram https://advisera.com/9001academy/documentation/training-program/
    - Training Record https://advisera.com/9001academy/documentation/training-record/
    - Record of Attendance https://advisera.com/9001academy/documentation/record-attendance/

  • Budgeting the selected controls

    Sure, you can document the budget separately, but then you have to refer to that budget from your Risk treatment plan.

  • Implementing the documentation in a very small company


    Answer:

    If you want to be fully compliant with ISO 27001, you should use our toolkit and go step by step through the folders and write all the required documents. However, since you have only a couple of employees, you should take care of the following:
    1) You should aim to write as little documents as possible - if you open a PDF document called "List of documents" in your toolkit, you'll see which documents are mandatory - this means that you'll write other documents only if you consider them as necessary.
    2) Our documents are already short, but you should shorten them even more if you feel part of the text doesn't apply to you - in other words, when editing the documents you should not write "does not apply" for particular section, simply delete that section. By the way, you will have to specify which security controls are not applicable to your company in the Statement of Applicability.

    These materials will also help you:
    - article The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/
    - free online course ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

  • Internal and external issues according to ISO 9001:2015


    Answer:

    First step is to identify all the issues relevant to the QMS, this means to focus only on the issues that affect ability of your organization to achieve its objectives. This can be done on the meeting of top management and process owners in the company.

    Once you determine all the issues, you need to decide whether to take actions to address them or not. If you decide to take actions, you need to plan actions by defining responsibilities, resources and deadlines for enforcing the actions. And finally, during the management review, the top management must evaluate effectiveness of the actions taken and to decide whether to initiate new actions or not.

    For more information see:
    - How to identify the context of the organization in ISO 9001:2015 https://advisera.com/9001academy/knowledgebase/how-to-identify-the-context-of-the-organization-in-iso-90012015/

  • Integrating OHSAS 18001 with ISO 9001 and ISO 14001


    Answer:

    Integrating basically means to create one system that is compliant with all three standards. When integrating two or more management systems it is important first to identify their common requirements and activities that can address requirements of all three standards at once.

    New versions of ISO 9001 and ISO 14001 are highly compatible, with same number of clauses and same clause numbers for same and similar requirements. OHSAS 18001 will be replaced with ISO 45001 in the future so it will be much easier to integrate those standards.

    The common requirements of all three standards are:

    - Scope (you need to define single scope for your system)
    - Policies (each standard requires policy, it can be one policy or three separate policies)
    - Objectives (they can be defined in one or in separate documents for each standard)
    - Competence, training and awareness (the standards have same requirements regarding this so it can be done through one procedure)
    - Document and record control (the standards have same requirements regarding this so it can be done through one procedure)
    - Internal audit (the standards have same requirements regarding this so it can be done through one procedure)
    - Management review (the process itself is the same only the inputs and outputs are different for each standard but this also can be addressed through the same procedure)
    - Nonconformities and corrective actions (the standards have same requirements regarding this so it can be done through one procedure, only OHSAS 18001 still have preventive actions so this should be taken into account)

    Common requirements of ISO 9001 and ISO 14001:
    - Context of the organization
    - Risks and opportunities

    Common requirements of ISO 14001 and OHSAS 18001:
    - Compliance obligations
    - Emergency preparedness and response

    For more information, see:
    - Is integrating ISO 9001 and OHSAS 18001 that hard? https://advisera.com/9001academy/blog/2015/02/03/integrating-iso-9001-ohsas-18001-hard/
    - Integrating ISO 9001 and ISO 14001 https://advisera.com/9001academy/blog/2013/11/19/integrating-iso-9001-iso-14001/
    - ISO 14001 vs. OHSAS 18001: What is different and what is the same? https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/iso-14001-vs-ohsas-18001-what-is-different-and-what-is-the-same/
Page 994-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +