Search results

Extended Manufacturing Site

Extended üretim sahası kuralları için IATF Rules revizyon 5, Annex 4’ü gözden geçirmenizi tavsiye ederim. 

Özellikle extended manufacturing site için; ‘’ özerk karar vermeme yetkisine sahip olmamak’’ önemlidir ve ana üretim sahasına bağlı olmalıdır. 

Bir çok ana aktivite; üst yöntim, kalite yönetim, vb gibi konular; ana saha tarafından yürütülmelidir.  

Hatta, extended manufacturing site’da; sadece üretim, kalite gibi operatörlerin olmasıda isteniyor olabilir. 

Bunun haricinde belgelendirme şirketiniz ile de görüşmenizi tavsiye ederim. 

Requirement of compulsory annual health check-up of employees

No, there is no such a requirement from ISO 13485:2016. 

Validation and accreditation questions

You asked

1)    must the process of sample size reduction for analysis be included in the validation process for accreditation?

I understand it the sample size reduction is part of sample preparation, not sampling (from source), so yes that step must be included in your method validation. The sample preparation variability must be evaluated. 

You also asked

2)    can you validate this as one method, even though different size reduction requirements and dilutions are used prior to analysis?"

You can validate as one method if the same in-house or standard testing method is followed, and the dissolution and analytical part of the validation is common,

As an example. an accredited would be stated as Procedure for the dissolution of crushed ore, waste ore and concentrate (final product) with analysis by ICP-OES. For accreditation you must specify the Material or product tested, the Standard Specifications, Techniques / Equipment used, the Type of Tests / Properties Measured, and Range of Measurement (if applicable, for example your limit of detection is a restriction).

organization have no work order since 2 years

I am afraid that for a full answer to this question you will need to talk to your certification body, because AS9100 gives you the requirements on how to create an aerospace QMS, but it does not tell you how to audit it. Even ISO 19011, the guidelines for management system auditing, does not go into this sort of detail. The standard gives you the information on how to create the processes, which processes are needed, and some of the requirements they need to meet; but not how to assess these processes when a company has not had aerospace customers for a while. It also does not talk about if you do or do not have customers.

That being said, documented records are not the only information used to audit the processes of the QMS. You may be able to assess the processes through interview where records do not exist because there have been no customers. It can be enough to know that the processes are in palce, understood, and ready for when a customer returns.

You can learn a bit more on how the certification audit works in the article: What to expect at the ISO certification audit: What the auditor can and cannot do, https://info.advisera.com/free-download/what-to-expect-at-the-iso-certification-audit

Auditor Questions Allowed

When preparing for an audit of the OHSMS it is important to realize that the management system can not simply meet the requirements of ISO 45001, it also needs to incorporate legal and other requirements of interested parties which is why the standard asks that you identify these as part of clause 4.2. What this means is that during an audit you are not asking questions about the standard, since people in the organization may not know what the standard says, but rather questions about the process this is implemented which will include all requirements including ISO 45001.

This means what you need to do is to review the process in place to see what questions you need to ask to assess if the process is implemented as planned. If people are doing the process as planned, and the process meets the requirements of ISO 45001 and the needs and expectations of interested parties, then you are assessing if the requirements of the process are met in your audit.

You can learn more on how auditing works in the article: How to perform an internal audit using ISO 19011, https://info.advisera.com/free-download/how-to-perform-an-internal-audit-using-iso-19011

UK -GDPR

If you are working in the company, this would be considered as a transfer of personal data (Transfers of personal data to third countries or international organizations) falling under Chapter V in UK GDPR. So there should be a legal basis to be used. In your case, it depends on where your employment contract is. If your employment contract is in the UK but you reside outside the UK, that is not a problem. If your employment contract is outside the UK, but not in EEA, then there should be a transfer mechanism in place, like standard contractual clauses or binding corporate rules that should be signed between the UK company and your employer.

Please find more links here (references are for EU GDPR, but the text is the same):

• Chapter V GDPR - Transfers of personal data to third countries or international organisations: https://advisera.com/eugdpracademy/gdpr-text/transfers-of-personal-data-to-third-countries-or-international-organisations/
• Article 46 GDPR - Transfers subject to appropriate safeguards: https://advisera.com/gdpr/transfers-subject-to-appropriate-safeguards/
• Article 47 GDPR - Binding corporate rules: https://advisera.com/gdpr/binding-corporate-rules/

Data transfers to 3rd countries

If the headquarter of the organization is in the United Kingdom, then UK GDPR would apply mainly. According to article 3 – Territorial scope – from EU GDPR, the Regulation would apply only if the company would offer goods or services to people in EEA, or if it monitors the behavior of people in EEA. If the data is stored in Serbia, then a transfer takes place from the UK to Serbia. According to UK GDPR, which is almost the same as EU GDPR (with EU references removed), a suitable transfer mechanism should be used for compliant personal data transfer. In this case, the best transfer mechanism would be UK Standard Contractual Clauses. ICO, UK’s Data Protection Authority issued some new SCCs, called IDTAs (International Data Transfer Agreement) that can be used starting March 21, 2022.

You could explore developing Binding Corporate Rules (BCRs) for intra-group personal data international transfers, but they need to be approved by the supervisory authority (ICO in this case).

Please consult these links to find more details:

• Article 3 EU GDPR: https://advisera.com/eugdpracademy/gdpr/territorial-scope/
• Chapter 5 GDPR: Transfers of personal data to third countries or international organisations: https://advisera.com/eugdpracademy/gdpr-text/transfers-of-personal-data-to-third-countries-or-international-organisations/
• 3 steps for data transfers according to GDPR: https://advisera.com/articles/3-steps-for-data-transfers-according-to-gdpr/
• ICO UK IDTAs (International Data Transfer Agreements): https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/international-data-transfer-agreement-and-guidance/
• ICO BCRs (Binding Corporate Rules): https://ico.org.uk/for-organisations/binding-corporate-rules/ 

Maintenance requirements of IATF

Items 8.5.1.5, 8.5.1.6, and 6.1.2.3 of the IATF 16949:2016 standard are generally related to maintenance. 

I recommend that you review these requirements.

How to become an BIA expert

I have a question "an organization is AS9100 Rev D certified but organization has no production since one year from any customer then how can compliance of QMS can be interpreted? How internal audits be conducted? How KPI be translated ? What standard say that if an organization have no customer since long time then how QMS compliance be evaluated?