Important Terms and Concepts

00:02

less than 1.4.

00:04

During this lesson, we're going to cover some important terms and concepts specific to the ISO 27,000. Siri's

00:15

in this lesson. We're going to cover some important terms and concepts that you will come across

00:20

specifically in the are so 27,000 and one standard.

00:23

It is important to be familiar with these terms and concepts and understand what is meant by them in the context of an icy mess and becoming I. So. 27,001 compliant

00:41

thes terms have come from the ice 0 27,000 Siri's,

00:46

which is a standard that provides information around

00:52

what the 27,001 standard contains as well as's, provides a glossary of important terms and concepts. For the entire 27,000 Siri's.

01:04

We'll start with ordered scope.

01:07

This is defined in the standard

01:10

as the extent and boundaries of an audit.

01:14

Why is it important to understand this concept?

01:17

If you're going for certification, your order scope means

01:21

what will be covered as part of your orders.

01:27

This would be similar to your isom s scope

01:30

in that you would want your SMS scope to be covered by the orders

01:36

here, you would define what

01:38

is going to be covered by the audit on what's going to be covered by the audit.

01:44

Conformity is defined as the fulfillment of a requirement

01:49

each of the eye. So 27,000 and one closes have one or multiple requirements that need to be fulfilled

01:57

in order for your ice. A mist to be deemed compliant with the standard

02:04

when you feel fuller requirement.

02:06

This is noted as a conformity.

02:09

It is important to understand the term conformity

02:13

as its opposite. Nonconformity is used a lot in the standard

02:20

continual improvement

02:22

we have already seen this

02:24

term used previously.

02:28

This is a recurring activity to enhance performance

02:42

control.

02:43

A measure that is modifying risk

02:46

can include processes, policies, devices, practice

02:50

or other action which modifies risk.

02:53

We should all be familiar with what our control is.

02:58

A control is basically something you put in place to mitigate risk.

03:02

A control objective is a statement that describes what needs to be achieved as a result of implements in controls

03:12

direction.

03:13

This is an action to eliminate a detected nonconformity.

03:17

Previously, we had mentioned implementing corrective actions.

03:22

This pertains to close 10

03:23

in your eyes miss

03:25

when areas off non compliance or non conformity or requirements not being fulfilled are identified.

03:32

Corrective actions need to be put in place.

03:39

Documented information

03:44

This is defined as information required to be controlled and maintained by an organization can be in any format and media and from any source

03:54

you'll see later on. In this course, we go into documented information quite a lot.

04:00

Information being documented on being able thio be presented or demonstrated toe auditors

04:08

and stakeholders in your eye. Smith is really important for your ice mess.

04:13

You need to be able to show people

04:15

that is operating,

04:16

and having things documented will enable you to

04:20

track performance. Better know, does nonconformity ease more easily and obviously communicate to people more easily?

04:30

Documented information doesn't have to mean piles and piles of paperwork or files.

04:35

It can be made quite simple and easy to manage with

04:42

document management systems,

04:44

using things like Google Cloud and cleverly

04:48

broken down file structures and accessing methods so that you can keep certain documentation separate from others and only certain people accessing what they should end

05:00

have access to and not what they should not have access to

05:04

external context. This is the finest external environment in which the organization seeks to achieve its objectives.

05:14

We've already touched on this term. Previously.

05:16

External context would cover all of the external factors that could influence your organization.

05:23

Things like

05:24

politics,

05:26

terrorism, natural disasters.

05:29

Whatever the case may be,

05:30

the most prevalent external context example of 2020 definitely has to be peak over 19. Virus

05:40

indicator is defined as a measure that provides an estimate or evaluation.

05:46

We all have heard the term

05:47

k p I will key performance indicator.

05:50

This is what that pertains to

06:00

interested party.

06:01

This is a defined as a personal organization that can affect, be affected by

06:06

he perceived itself to be affected by a decision

06:11

or activity.

06:14

Earlier on, we touched on two concepts. Internal interested parties and external interested parties.

06:21

These are stakeholders that have some sort of interest or benefit

06:27

decision making ability related to your ice Amis.

06:32

One example of an interested party would be a customer that wants to procure services from your organization,

06:40

but only on the condition that you have a profit ice miss implemented

06:45

and then it is certified within a certain period of time.

06:49

The internal context

06:51

is to find this internal environment in which the organization seeks to achieve its objectives.

07:00

This is basically everything within the control of the organization.

07:04

Organizational policies,

07:06

employees, technology, processes, procedures.

07:11

All of the existing context

07:14

internal to the organization must be considered

07:16

at all times during the operation

07:19

and maintenance off your ice miss

07:24

level of risk

07:25

is defined as magnitude of a risk expressed in terms of the combination, off consequences

07:31

and their likelihood.

07:34

If you've ever done a risk assessment before, you would know that at

07:40

at the end of it, once you've gone through all of your risks and determined their levels of impact and likelihood,

07:46

you would provide the risk and overall rating off

07:49

low, medium or high. As a basic example,

07:59

monitoring is defined as determining the state of a system process or an activity

08:07

a non conformity is to find as a non fulfillment of a requirement.

08:13

We'll touch on this later in the course.

08:15

But a nonconformity, especially when you are being audited for your certification ordered,

08:20

can be a game changer

08:22

or a shark stopper

08:24

for your ice. Um, s certification results.

08:28

A major nonconformity

08:30

would basically mean that you would not be certified,

08:35

so it is important to monitor for nonconformity, ease

08:37

and make sure that they're addressed in a timely manner.

08:41

Performance

08:43

is defined as a measurable results

08:46

can relate to either quantitative or qualitative. Findings

08:50

can also relate to management of activities, processes, products and so forth.

08:58

A requirement. This is defined as need or an expectation that is stated

09:03

generally implied or public obligatory

09:07

residual risk.

09:09

This is a risk that remains after risks have been treated.

09:16

This can contain an unidentified risk.

09:18

This is also known as a retained risk

09:22

review is defined as an activity undertaken to determine the suitability, adequacy and effectiveness off the subject matter to achieve established objectives.

09:39

To summarize

09:41

in this lesson

09:43

this in 1.4, we went over 18 terms and concepts that are important to understand while working with

09:50

a nice miss.

09:50

We examine the definition as per I so 27,000.

09:56

We also talked about these concept in a practical sense,