Search results

Home / Search

Category:
Select
Select

11275 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Applicability of ISO 14001


    Answer:
    ISO 14001 is applicable to any type of industry and especially for manufacturing . It helps organizations adopt systematic way to handle environmental aspects and also provides a framework for identifying and complying with legal and other requirements regarding the environment.

    For more information, see:
    - 6 Key Benefits of ISO 14001 https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/6-key-benefits-of-iso-14001/
    - Case study: Using ISO 14001 KPIs to reduce waste in manufacturing https://advisera.com/14001academy/blog/2016/05/16/5135/

  • Exclusion of clause 8.5.5 in cement manufacturing company


    Answer:

    Clause 8.5.5 relates only to the organization that provide post delivery activities such as installment, servicing, maintenance, recycling, etc. Since your business is production of cement and once you sell it to the customer, you don't have any further activities related to the sold product, you can exclude this clause from the scope of your QMS.

    For more information, see:
    - What clauses can be excluded in ISO 9001:2015? https://advisera.com/9001academy/blog/2015/07/07/what-clauses-can-be-excluded-in-iso-90012015/2015/

  • Competence, training and awareness documentation


    Answer:

    The standard only requires you to keep records as an evidence of employees competence and this can be training records, employees CV, diplomas, certificates, etc. No procedure or documented training modules are necessary, but you can create them if you find them necessary. In my opinion it is good to have a procedure that defines how you identify need for training and awareness, how you conduct them and how you evaluate their effectiveness and to have training and awareness raising program, but training modules seem as an overkill.

    Here you can find free previews of the documents related to competence, training and awareness:
    - Procedure for Competence, Training and Awareness https://advisera.com/9001academy/documentation/procedure-human-resources/
    - Training P rogram https://advisera.com/9001academy/documentation/training-program/
    - Training Record https://advisera.com/9001academy/documentation/training-record/
    - Record of Attendance https://advisera.com/9001academy/documentation/record-attendance/

  • Budgeting the selected controls

    Sure, you can document the budget separately, but then you have to refer to that budget from your Risk treatment plan.

  • Implementing the documentation in a very small company


    Answer:

    If you want to be fully compliant with ISO 27001, you should use our toolkit and go step by step through the folders and write all the required documents. However, since you have only a couple of employees, you should take care of the following:
    1) You should aim to write as little documents as possible - if you open a PDF document called "List of documents" in your toolkit, you'll see which documents are mandatory - this means that you'll write other documents only if you consider them as necessary.
    2) Our documents are already short, but you should shorten them even more if you feel part of the text doesn't apply to you - in other words, when editing the documents you should not write "does not apply" for particular section, simply delete that section. By the way, you will have to specify which security controls are not applicable to your company in the Statement of Applicability.

    These materials will also help you:
    - article The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/
    - free online course ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

  • Internal and external issues according to ISO 9001:2015


    Answer:

    First step is to identify all the issues relevant to the QMS, this means to focus only on the issues that affect ability of your organization to achieve its objectives. This can be done on the meeting of top management and process owners in the company.

    Once you determine all the issues, you need to decide whether to take actions to address them or not. If you decide to take actions, you need to plan actions by defining responsibilities, resources and deadlines for enforcing the actions. And finally, during the management review, the top management must evaluate effectiveness of the actions taken and to decide whether to initiate new actions or not.

    For more information see:
    - How to identify the context of the organization in ISO 9001:2015 https://advisera.com/9001academy/knowledgebase/how-to-identify-the-context-of-the-organization-in-iso-90012015/

  • Integrating OHSAS 18001 with ISO 9001 and ISO 14001


    Answer:

    Integrating basically means to create one system that is compliant with all three standards. When integrating two or more management systems it is important first to identify their common requirements and activities that can address requirements of all three standards at once.

    New versions of ISO 9001 and ISO 14001 are highly compatible, with same number of clauses and same clause numbers for same and similar requirements. OHSAS 18001 will be replaced with ISO 45001 in the future so it will be much easier to integrate those standards.

    The common requirements of all three standards are:

    - Scope (you need to define single scope for your system)
    - Policies (each standard requires policy, it can be one policy or three separate policies)
    - Objectives (they can be defined in one or in separate documents for each standard)
    - Competence, training and awareness (the standards have same requirements regarding this so it can be done through one procedure)
    - Document and record control (the standards have same requirements regarding this so it can be done through one procedure)
    - Internal audit (the standards have same requirements regarding this so it can be done through one procedure)
    - Management review (the process itself is the same only the inputs and outputs are different for each standard but this also can be addressed through the same procedure)
    - Nonconformities and corrective actions (the standards have same requirements regarding this so it can be done through one procedure, only OHSAS 18001 still have preventive actions so this should be taken into account)

    Common requirements of ISO 9001 and ISO 14001:
    - Context of the organization
    - Risks and opportunities

    Common requirements of ISO 14001 and OHSAS 18001:
    - Compliance obligations
    - Emergency preparedness and response

    For more information, see:
    - Is integrating ISO 9001 and OHSAS 18001 that hard? https://advisera.com/9001academy/blog/2015/02/03/integrating-iso-9001-ohsas-18001-hard/
    - Integrating ISO 9001 and ISO 14001 https://advisera.com/9001academy/blog/2013/11/19/integrating-iso-9001-iso-14001/
    - ISO 14001 vs. OHSAS 18001: What is different and what is the same? https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/iso-14001-vs-ohsas-18001-what-is-different-and-what-is-the-same/

  • Teleworking


    Answer:
    I am not sure if I have understood your question, but teleworking means that your company has employees working usually from their home, and if you want to implement the control 6.2.2 Teleworking of the Annex A of ISO 27001:2013, basically you need to define a policy that defines the conditions and restrictions for using teleworking.

    For this, our template can be useful for you (you can see a free version clicking on “Free demo” tab) “Mobile Device and Teleworking Policy” : https://advisera.com/27001academy/documentation/mobile-device-and-teleworking-policy/

    You can also use a BYOD policy, so this article can be also interesting for you “How to write an easy-to-use BYOD policy compliant with ISO 27001” : https://advisera.com/27001academy/blog/2015/09/07/how-to-write-an-easy-to-use-byod-policy-compliant-with-iso-27001/

    Finally, our online course can be also interesting for you because we give more information about the controls of the Annex A of ISO 27001:2013 “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/

  • Are the documents from Annex A mandatory?


    Answer: Basically you are right - if you do not select the control A.8.1.1 "Inventory of assets" as applicable (this is done in the Statement of Applicability), then you don't have to create the document for inventory of assets.

    These articles will also help you:
    - The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
    - The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/

    And this free online course will also describe you above mentioned logic, as well as describe the controls fro m the Annex A: ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

  • Cuadro de mando integral


    Respuesta:
    No existe un estándar específico enfocado únicamente a un cuadro de mando integral Balanced Scorecard, pero puedes utilizar ISO 27004 para desarrollarlo, porque es un estándar que básicamente contiene un código de buenas prácticas que te puede ayudar a medir un SGSI (Sistema de Gestión de Seguridad de la Información) basado en ISO 27001 (definiendo métricas).

    Estos artículos pueden ser interesantes para ti:

    “How to perform monitoring and measurement in ISO 27001” : https://advisera.com/27001academy/blog/2015/06/08/how-to-perform-monitoring-and-measurement-in-iso-27001/

    “ISO 27001 control objectives - Why are they important?” : https://advisera.com/27001academy/blog/2012/04/10/iso-27001-control-objectives-why-are-they-important/

    Y este webinar también te puede resultar interesante "ISO 27001 and ISO 27004: How to measure the effectiveness of information security?" : https://advisera.com/27001academy/webinar/iso-27001-iso-27004-measure-effectiveness-information-security-free-webinar/ 004-measure-effectiveness-information-security-free-webinar/

    También te puede interesar nuestro curso online, donde proporcionamos más información sobre cómo medir un SGSI basado en ISO 27001, aunque este curso de momento sólo está disponible en inglés "ISO 27001:2013 Foundations Course" : https://advisera.com/training/iso-27001-foundations-course/
Page 995-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +