Djordje Ilic
March 11, 2014
Implementation, maintenance, training, and knowledge products for Information Security Management Systems (ISMS) according to the ISO 27001 standard.
Automate your ISMS implementation and maintenance with the Risk Register, Statement of Applicability, and wizards for all required documents.
All required policies, procedures, and forms to implement an ISMS according to ISO 27001.
Company-wide cybersecurity awareness program for all employees, to decrease incidents and support a successful ISMS.
Accredited courses for individuals and security professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 27001 and the ISMS using Advisera’s proprietary AI-powered knowledge base.
Compliance and training products for critical infrastructure organizations for the European Union’s Network and Information Systems cybersecurity directive.
All required policies, procedures, and forms to comply with the NIS 2 cybersecurity directive.
Company-wide training program for employees and senior management to comply with Article 20 of the NIS 2 cybersecurity directive.
Compliance and training products for personal data protection according to the European Union’s General Data Protection Regulation.
All required policies, procedures, and forms to comply with the EU GDPR privacy regulation.
Accredited courses for individuals and privacy professionals who want the highest-quality training and certification.
Implementation, training, and knowledge products for Quality Management Systems (QMS) according to the ISO 9001 standard.
All required policies, procedures, and forms to implement a QMS according to ISO 9001.
Accredited courses for individuals and quality professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 9001 and the QMS using Advisera’s proprietary AI-powered knowledge base.
Implementation, training, and knowledge products for Environmental Management Systems (EMS) according to the ISO 14001 standard.
All required policies, procedures, and forms to implement an EMS according to ISO 14001.
Accredited courses for individuals and environmental professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 14001 and the EMS using Advisera’s proprietary AI-powered knowledge base.
Implementation and training products for Occupational Health & Safety Management Systems (OHSMS) according to the ISO 45001 standard.
All required policies, procedures, and forms to implement an OHSMS according to ISO 45001.
Accredited courses for individuals and health & safety professionals who want the highest-quality training and certification.
Implementation and training products for medical device Quality Management Systems (QMS) according to the ISO 13485 standard.
All required policies, procedures, and forms to implement a medical device QMS according to ISO 13485.
Accredited courses for individuals and medical device professionals who want the highest-quality training and certification.
Compliance products for the European Union’s Medical Device Regulation.
All required policies, procedures, and forms to comply with the EU MDR.
Implementation products for Information Technology Service Management Systems (ITSMS) according to the ISO 20000 standard.
All required policies, procedures, and forms to implement an ITSMS according to ISO 20000.
Implementation products for Business Continuity Management Systems (BCMS) according to the ISO 22301 standard.
All required policies, procedures, and forms to implement a BCMS according to ISO 22301.
Implementation products for testing and calibration laboratories according to the ISO 17025 standard.
All required policies, procedures, and forms to implement ISO 17025 in a laboratory.
Implementation products for automotive Quality Management Systems (QMS) according to the IATF 16949 standard.
All required policies, procedures, and forms to implement an automotive QMS according to IATF 16949.
Implementation products for aerospace Quality Management Systems (QMS) according to the AS9100 standard.
All required policies, procedures, and forms to implement an aerospace QMS according to AS9100.
Implementation, maintenance, training, and knowledge products for consultancies.
Handle multiple ISO 27001 projects by automating repetitive tasks during ISMS implementation.
All required policies, procedures, and forms to implement various standards and regulations for your clients.
Organize company-wide cybersecurity awareness program for your client’s employees and support a successful cybersecurity program.
Accredited ISO 27001, 9001, 14001, 45001, and 13485 courses for professionals who want the highest-quality training and recognized certification.
Get instant answers to any questions related to ISO 27001 (ISMS), ISO 9001 (QMS), and ISO 14001 (EMS) using Advisera’s proprietary AI-powered knowledge base.
Find new clients, potential partners, and collaborators and meet a community of like-minded professionals locally and globally.
Implementation, maintenance, training, and knowledge products for the IT industry.
Automate your ISMS implementation and maintenance with the Risk Register, Statement of Applicability, and wizards for all required documents.
Documentation to comply with ISO 27001 (cybersecurity), ISO 22301 (business continuity), ISO 20000 (IT service management), GDPR (privacy), and NIS 2 (cybersecurity).
Company-wide cybersecurity awareness program for all employees, to decrease incidents and support a successful cybersecurity program.
Accredited courses for individuals and security professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 27001 and the ISMS using Advisera’s proprietary AI-powered knowledge base.
Compliance, training, and knowledge products for essential and important organizations.
Documentation to comply with NIS 2 (cybersecurity), GDPR (privacy), ISO 27001 (cybersecurity), and ISO 22301 (business continuity).
Company-wide training program for employees and senior management to comply with Article 20 of the NIS 2 cybersecurity directive.
Accredited courses for individuals and security professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 27001 and the ISMS using Advisera’s proprietary AI-powered knowledge base.
Implementation, training, and knowledge products for manufacturing companies.
Documentation to comply with ISO 9001 (quality), ISO 14001 (environmental), and ISO 45001 (health & safety).
Accredited courses for individuals and professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 9001 (QMS) and ISO 14001 (EMS) using Advisera’s proprietary AI-powered knowledge base.
Implementation, training, and knowledge products for transportation & distribution companies.
Documentation to comply with ISO 9001 (quality), ISO 14001 (environmental), and ISO 45001 (health & safety).
Accredited courses for individuals and professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 9001 (QMS) and ISO 14001 (EMS) using Advisera’s proprietary AI-powered knowledge base.
Implementation, training, and knowledge products for schools, universities, and other educational organizations.
Documentation to comply with ISO 27001 (cybersecurity), ISO 9001 (quality), and GDPR (privacy).
Company-wide cybersecurity awareness program for all employees, to decrease incidents and support a successful cybersecurity program.
Accredited courses for individuals and professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 27001 (ISMS) and ISO 9001 (QMS) using Advisera’s proprietary AI-powered knowledge base.
Implementation, maintenance, training, and knowledge products for telecoms.
Automate your ISMS implementation and maintenance with the Risk Register, Statement of Applicability, and wizards for all required documents.
Documentation to comply with ISO 27001 (cybersecurity), ISO 22301 (business continuity), ISO 20000 (IT service management), GDPR (privacy), and NIS 2 (cybersecurity).
Company-wide cybersecurity awareness program for all employees, to decrease incidents and support a successful cybersecurity program.
Accredited courses for individuals and security professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 27001 and the ISMS using Advisera’s proprietary AI-powered knowledge base.
Implementation, maintenance, training, and knowledge products for banks, insurance companies, and other financial organizations.
Automate your ISMS implementation and maintenance with the Risk Register, Statement of Applicability, and wizards for all required documents.
Documentation to comply with ISO 27001 (cybersecurity), ISO 22301 (business continuity), GDPR (privacy), and NIS 2 (cybersecurity).
Company-wide cybersecurity awareness program for all employees, to decrease incidents and support a successful cybersecurity program.
Accredited courses for individuals and security professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 27001 and the ISMS using Advisera’s proprietary AI-powered knowledge base.
Implementation, training, and knowledge products for local, regional, and national government entities.
Documentation to comply with ISO 27001 (cybersecurity), ISO 9001 (quality), GDPR (privacy), and NIS 2 (cybersecurity).
Company-wide cybersecurity awareness program for all employees, to decrease incidents and support a successful cybersecurity program.
Accredited courses for individuals and professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 27001 (ISMS) and ISO 9001 (QMS) using Advisera’s proprietary AI-powered knowledge base.
Implementation, training, and knowledge products for hospitals and other health organizations.
Documentation to comply with ISO 27001 (cybersecurity), ISO 9001 (quality), ISO 14001 (environmental), ISO 45001 (health & safety), and GDPR (privacy).
Accredited courses for individuals and professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 27001 (ISMS), ISO 9001 (QMS), and ISO 14001 (EMS) using Advisera’s proprietary AI-powered knowledge base.
Implementation, training, and knowledge products for the medical device industry.
Documentation to comply with MDR and ISO 13485 (medical device), ISO 27001 (cybersecurity), ISO 9001 (quality), ISO 14001 (environmental), ISO 45001 (health & safety), and GDPR (privacy).
Accredited courses for individuals and professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 27001 (ISMS), ISO 9001 (QMS), and ISO 14001 (EMS) using Advisera’s proprietary AI-powered knowledge base.
Implementation, training, and knowledge products for the aerospace industry.
Documentation to comply with AS9100 (aerospace), ISO 9001 (quality), ISO 14001 (environmental), and ISO 45001 (health & safety).
Accredited courses for individuals and professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 9001 (QMS) and ISO 14001 (EMS) using Advisera’s proprietary AI-powered knowledge base.
Implementation, training, and knowledge products for the automotive industry.
Documentation to comply with IATF 16949 (automotive), ISO 9001 (quality), ISO 14001 (environmental), and ISO 45001 (health & safety).
Accredited courses for individuals and professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 9001 (QMS) and ISO 14001 (EMS) using Advisera’s proprietary AI-powered knowledge base.
Implementation, training, and knowledge products for laboratories.
Documentation to comply with ISO 17025 (testing and calibration laboratories) and ISO 9001 (quality).
Accredited courses for individuals and quality professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 9001 and the QMS using Advisera’s proprietary AI-powered knowledge base.
Very often, companies worldwide consider whether or not to take consulting services, as well as external certification services against ISO 9001.
Both of those may be a cost or investment. However, neither of these is obligatory for the company by any regulation or standard. So, in the majority of cases it’s up to the company to take or not to take consulting services and/or audit services. Having in mind limited resources, this article shows some strong and weak points of consulting and audit, and may help you to reduce risk in your decision-making process.
There are two main motives regarding implementation of ISO 9001. One is to implement it as a management tool for better organization and control over organization, and another is to achieve compliance with ISO 9001 because customers require/expect it.
Usually, when companies try to implement ISO 9001 without consultants, there are three major problems. They are not sure: what exactly is needed, how “deep” they should go in order to achieve compliance, and when they are ready for the audit. This results in lengthy implementation followed by low motivation of employees, increase of bureaucracy and an even worse organization than before.
If companies decide to take a consultant and find a competent one, than those hazards mentioned above are at least significantly reduced. These are certainly strong points of consulting services, but the word “competent” is a key issue.
Who defines consulting competencies? Is it according to the number of organizations a consultant has helped in ISO 9001 implementation, the number of references from your industry, or something else?
Competencies basically depend on your needs, and you are the person who evaluates consultant competencies, so it is important to speak with a person who actually will provide consulting services. It is always good to look at consultant experience from “both sides of the standard.” One is consultancy and another is his audit competencies (how many audits, where, what kind of organizations, against which standards, etc.). This is important since it assures you that he will lead and control the project in needed depth and within defined time frames, saving your resources.
On the other hand, if you choose an incompetent consultant, you may achieve compliance, but definitely will not have a tool for improving your organization.
Usual signs of those kind of consultants are: he more or less insists on already defined models of his documentation, he’s not willing to develop tailor-made documentation, he’s unable to answer many of your questions or explain where something is needed (he simply says that the standard requires it), he’s not willing to talk to or interview the employees and speaks only with a project manager, he’s not willing to include your documents and records that are useful but not required by the standard, and his documents don’t reflect functions specific to your organization, but rather some generic functions. Usually, those types of consultants say that you don’t have a system even if you already have many of documents already like proposals, contracts, dispatch orders, invoices, etc.
In this case, this may pass certification, but it will result in “parallel” processes. For example, the sales department will work the same as before implementation of the system, and then before the audit, they will review a procedure(s) again and prepare documents and records requested by the procedure. Many of those documents are already done but in another format or type, or you will wind up making new, additional documents and records that you obviously don’t need in everyday sales operations.
The result is even lower motivation, inefficiency, increase of bureaucracy and even a worse organization overall than before system implementation.
Your customers, suppliers and other interested parties very often ask whether you have implemented some of management systems. Usually, they ask for ISO 9001, ISO 14001, OHSAS 18001 and some specific schemes related to business continuity, information security and social accountability. However, it all starts with ISO 9001.
Audit benefits depend again on the competencies of the auditor(s) and the audit methodology. In beneficial audits, processes are checked based on samples of already delivered product or service. Audits go through all processes from the end to the beginning following their interconnections, based on specific product/service all the way up to customer inquiry.
This audit approach is very rarely used in certification audits, but very frequent in SPA audits (Second Party Audits). In this manner, a competent auditor can very often check overall efficiency and effectiveness of your system much better than a huge audit team.
As you may see, this is not connected to any certification body or certificate.
If you do the audit with a certification body, you cannot choose the auditor; you choose the certification body and they decide, based on many parameters, which of their auditors will be used.
One definition defines a system as a “set of interacting and interdependent elements (processes) forming an integrated whole (organization).” Auditors usually check separately the processes stated in the audit plan, but do not check these interactions between processes, so you don’t know how connections between processes work even though this is the most important issue when you read the definition.
As a result, after the audit, you get the certificate but you don’t know how your organization works better, or even if your organization actually conforms.
Your customers are not interested in how good your processes are, or even in your certificate, but only their output – quality of product and/or service, which heavily depends on the quality of interaction and interdependency.
Having in mind the organization’s needs and everything stated above, a good approach is first to have an audit (by a competent consultant) based on SPA methodology, and then based on audit results, make specific requirements for a consultant and implement the system. Depth and details of the system (number and structure of documents/records, scheme of processes, competencies, etc.) will depend on your strong and weak points and not on standard requirements and/or consultant needs. The system will be used as a management tool in order to achieve desired results.
Click here to download free List of questions to ask ISO 9001 Certification Body.
You may unsubscribe at any time. For more information, please see our privacy notice.