During this lesson, we're going to cover some important terms and concepts specific to the ISO 27,000. Siri's
in this lesson. We're going to cover some important terms and concepts that you will come across
specifically in the are so 27,000 and one standard.
It is important to be familiar with these terms and concepts and understand what is meant by them in the context of an icy mess and becoming I. So. 27,001 compliant
thes terms have come from the ice 0 27,000 Siri's,
which is a standard that provides information around
what the 27,001 standard contains as well as's, provides a glossary of important terms and concepts. For the entire 27,000 Siri's.
We'll start with ordered scope.
This is defined in the standard
as the extent and boundaries of an audit.
Why is it important to understand this concept?
If you're going for certification, your order scope means
what will be covered as part of your orders.
This would be similar to your isom s scope
in that you would want your SMS scope to be covered by the orders
here, you would define what
is going to be covered by the audit on what's going to be covered by the audit.
Conformity is defined as the fulfillment of a requirement
each of the eye. So 27,000 and one closes have one or multiple requirements that need to be fulfilled
in order for your ice. A mist to be deemed compliant with the standard
when you feel fuller requirement.
This is noted as a conformity.
It is important to understand the term conformity
as its opposite. Nonconformity is used a lot in the standard
we have already seen this
term used previously.
This is a recurring activity to enhance performance
A measure that is modifying risk
can include processes, policies, devices, practice
or other action which modifies risk.
We should all be familiar with what our control is.
A control is basically something you put in place to mitigate risk.
A control objective is a statement that describes what needs to be achieved as a result of implements in controls
This is an action to eliminate a detected nonconformity.
Previously, we had mentioned implementing corrective actions.
This pertains to close 10
when areas off non compliance or non conformity or requirements not being fulfilled are identified.
Corrective actions need to be put in place.
This is defined as information required to be controlled and maintained by an organization can be in any format and media and from any source
you'll see later on. In this course, we go into documented information quite a lot.
Information being documented on being able thio be presented or demonstrated toe auditors
and stakeholders in your eye. Smith is really important for your ice mess.
You need to be able to show people
and having things documented will enable you to
track performance. Better know, does nonconformity ease more easily and obviously communicate to people more easily?
Documented information doesn't have to mean piles and piles of paperwork or files.
It can be made quite simple and easy to manage with
document management systems,
using things like Google Cloud and cleverly
broken down file structures and accessing methods so that you can keep certain documentation separate from others and only certain people accessing what they should end
have access to and not what they should not have access to
external context. This is the finest external environment in which the organization seeks to achieve its objectives.
We've already touched on this term. Previously.
External context would cover all of the external factors that could influence your organization.
terrorism, natural disasters.
Whatever the case may be,
the most prevalent external context example of 2020 definitely has to be peak over 19. Virus
indicator is defined as a measure that provides an estimate or evaluation.
We all have heard the term
k p I will key performance indicator.
This is what that pertains to
This is a defined as a personal organization that can affect, be affected by
he perceived itself to be affected by a decision
Earlier on, we touched on two concepts. Internal interested parties and external interested parties.
These are stakeholders that have some sort of interest or benefit
decision making ability related to your ice Amis.
One example of an interested party would be a customer that wants to procure services from your organization,
but only on the condition that you have a profit ice miss implemented
and then it is certified within a certain period of time.
The internal context
is to find this internal environment in which the organization seeks to achieve its objectives.
This is basically everything within the control of the organization.
employees, technology, processes, procedures.
All of the existing context
internal to the organization must be considered
at all times during the operation
and maintenance off your ice miss
is defined as magnitude of a risk expressed in terms of the combination, off consequences
and their likelihood.
If you've ever done a risk assessment before, you would know that at
at the end of it, once you've gone through all of your risks and determined their levels of impact and likelihood,
you would provide the risk and overall rating off
low, medium or high. As a basic example,
monitoring is defined as determining the state of a system process or an activity
a non conformity is to find as a non fulfillment of a requirement.
We'll touch on this later in the course.
But a nonconformity, especially when you are being audited for your certification ordered,
can be a game changer
for your ice. Um, s certification results.
A major nonconformity
would basically mean that you would not be certified,
so it is important to monitor for nonconformity, ease
and make sure that they're addressed in a timely manner.
is defined as a measurable results
can relate to either quantitative or qualitative. Findings
can also relate to management of activities, processes, products and so forth.
A requirement. This is defined as need or an expectation that is stated
generally implied or public obligatory
This is a risk that remains after risks have been treated.
This can contain an unidentified risk.
This is also known as a retained risk
review is defined as an activity undertaken to determine the suitability, adequacy and effectiveness off the subject matter to achieve established objectives.
this in 1.4, we went over 18 terms and concepts that are important to understand while working with
We examine the definition as per I so 27,000.
We also talked about these concept in a practical sense,
on what is meant by each of the terms