Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11268 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Implementation and certification support
Answer:
If your question is about companies that provide support for the implementation and certification of the ISO 27001, there is no specific certification accreditation needed. For example, we are a company that can help your company to achieve the certification, and we do not have a specific certification/accreditation although all our experts are qualified in ISO 27001, and furthermore we have many experience and knowledge about ISO 27001. Remember that we work with companies of all the world, and many companies have been certified in ISO 27001 with our support.
This article can be interesting for you “When to use tools for ISO 27001/ISO 22301 and when to avoid them” : https://advisera.com/conformio/blog/2021/06/24/toolkit-vs-conformio-which-is-more-applicable-for-my-company/
Finally, our online course can be also inte resting for you if you are interested to learn more about ISO 27001 “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/ -
Frequency of the internal audit
Answer:
I suppose that your question is related to the internal audit, if so, the standard does not establish a specific timing for this, although normally companies perform the internal audit annually (before the certification audit), but you can define other frequency. Anyway, from my point of view quarterly can generate excessive work.
By the way, our online course can be interesting for you, because we give interesting information about the internal audit “ISO 27001:2013 Internal Auditor Course” : https://advisera.com/training/iso-27001-internal-auditor-course/ -
Transition to the new version of ISO 9001
Answer:
Basically, every process and every requirement of the 2008 revision is slightly modified, some of the changes are bigger such as introduction of the requirements regarding context of the organization and addressing risks and opportunities. Since you already have implemented the TS 16949, you are familiar with risks assessment methodologies and you can use this experience in addressing new requirements of ISO 9001:2018.
The biggest change regarding the documentation is that you don't need Quality manual and six mandatory procedures any more. This doesn't mean that you have to exclude them from your documentation, but now you have a chance to decide what is really useful and what can be left out. For more information about documents requirements, see: List of mandatory documents required by ISO 9001:2015 https://ad visera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/
This free material can also be of great help: Twelve-step transition process from ISO 9001 2008 to 2015 revision https://advisera.com/9001academy/free-downloads// -
Setting up EMS in construction company
Answer:
The first step in implementation of environmental management system according to ISO 14001 is to conduct the GAP analysis to determine to what extent your organization is already compliant with the standard and to define activities to achieve the full compliance. You can find the free GAP analysis tool here https://advisera.com/14001academy/iso-14001-gap-analysis-tool/
Once you determine the gaps, you need to establish project plan where you will define all activities, resources, responsibilities and deadlines for the implementation. Here you can find free Project Plan for ISO 14001 implementation https://advisera.com/14001academy/free-downloads/ -
Implementing OHSAS 18001 in pharmaceutical industry
Answer:
The process of OHSAS 18001 implementation is the same for every industry. First you need to conduct GAP analysis to determine to what level your organization is already compliant with the standard and to identify gaps between existing occupational health and safety system in the company and OHSAS 18001.
Once you determine the gaps, you need to create a project plan that will help you during the implementation. This is not a mandatory step but it can be very helpful in avoiding missing something out. In the project plan you need to determine the activities, resources, responsibilities and deadlines and you can start with the implementation. Here you can find the free sample of Project Plan for OHSAS 18001 implementation https://advisera.com/18001academy/free-downloads/
The full list of the steps in the implementation process, you can find here OHSAS 18001 Implementation diagram h ttp://advisera.com/18001academy/free-downloads/
As far as the mandatory documents are concerned, here is the article that can be helpful: Which criteria to apply when deciding about OHSAS 18001 documentation https://advisera.com/18001academy/blog/2015/06/03/which-criteria-to-apply-when-deciding-about-ohsas-18001-documentation/ -
Risks and opportunities and context of the prganization
Answer:
Context of the organization and the risks and opportunities are closely related. Without proper definition of context of the organization there can be proper identification of risks and opportunities. The best way to start is to determine context of the organization and all its elements. For more information, see: How to identify the context of the organization in ISO 9001:2015 https://advisera.com/9001academy/knowledgebase/how-to-identify-the-context-of-the-organization-in-iso-90012015/
Next step is to determine methodology for identification and evaluation of risks and opportunities. At this moment, there is lot of discussion regarding the methodology and the most frequently mentioned methodology is FMEA. However, I thing that FMEA can not cover the entire scope of the clause 6.1 since the requirement is to address risks and opportunities emerging form the context and FMEA and other methodologies are focusing mostly on processes. So, I suggest to use more simple methodologies such as SWOT analysis and involve as many relevant people in the company as possible. In this way you will ensure that all elements of the context are considered during identification and evaluation of risks and opportunities. For more information, see Methodology for ISO 9001 Risk Analysis https://advisera.com/9001academy/blog/2015/09/01/methodology-for-iso-9001-risk-analysis/
Than you need to make plans to address risks and opportunities and this includes dedicating resources, assigning responsibilities and defining deadlines for the plans realization. The final step is to evaluate effectiveness of the actions taken and this is usually done during the management review. -
SLA violation
Answer:
I assume you would like to know how to calculate SLA time and, consequently, know whether the SLA is breached or not.
SLA clock starts counting as soon as incident is opened. It stops once the incident comes to status - resolved. User still should get an opportunity to confirm the resolution (if tool allow that).
But be careful with that - define, in SLA, maximum time allowed when user should confirm incident resolution (e.g. 48 hours or 72 hours). Otherwise, some incidents will never be closed (users just don't send any feedback).
Read the article "ITIL Incident Management – How does it influence customer satisfaction?" https://advisera.com/20000academy/blog/2016/03/22/itil-incident-management-how-does-it-influence-customer-satisfaction/ to learn more. -
The transition is not that easy
I am working now on interested parties and trying to get to the context of the organization but need some guidance. Since our audits have been so good, everyone in the company feels that the transition is simple and we don't need much guidance, as a result we have done pretty much nothing. I am afraid that the time is passing and we have not much accomplished.
Answer:
Since you have a good system in your company the transition can go smoothly but it doesn't mean that it wont require effort, especially because you are doing in by yourself. Identification of interested parties is a good way to start defining context of the organization, however it will require other aspects of the context to be defined and this can't be done without engagement of the top management. Defining context of the organization in now one of the most important steps because it will influence the way you identify the risks and opportunities and also other parts of your system so it is crucial to engage all relevant roles in the company to define the context correctly and with sufficient level of details. For more information, see How to identify the context of the organization in ISO 9001:2015 https://advisera.com/9001academy/knowledgebase/how-to-identify-the-context-of-the-organization-in-iso-90012015/
Also, this article might be helpful to you during planing of the transition How to make the transition from ISO 9001:2008 revision to the 2015 revision https://advisera.com/9001academy/blog/2015/10/06/how-to-make-the-transition-from-iso-90012008-revision-to-the-2015-revision/ -
Improvement and continual improvement
Thank you M. Strahinja for your answer :) -
A.7.2.3 Disciplinary process
Answer: Disciplinary process can take many forms - from verbal warning or written warning, decrease in salary, all the way to cancelling the employment contract. The appropriate option should be chosen based on the severity of the incident an employee has made.
We do not have a template that is focused on disciplinary actions, but they are briefly mentioned in these documents:
- Incident management procedure: https://advisera.com/27001academy/documentation/incident-management-procedure/
- Statement of acceptance of ISMS documents: https://advisera.com/27001academy/documentation/statement-of-acceptance-of-isms-documents/