Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11268 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Implementing ISO 9001
Answer:
There are several options for implementation of ISO 9001, you can do it by yourself, you can hire a consultant or use documentation toolkit or some other tool that can assist you with implementation. Here you can find the comparison matrices for these options https://advisera.com/9001academy/comparison/
The steps in implementation of ISO 9001 are not so different regarding the option you have chosen, first you need to get top management buy in for the implementation, then to perform gap analysis to determine to what extent your company is already compliant with the standard and what needs to be done to achieve the full compliance. Here you can find free ISO 9001 GAP Analysis Tool https://advisera.com/9001academy/iso-9001-gap-analysis-tool/
For the next step, it is highly advisable to establish the implementation as a project, in this way you can share responsibilities for implementation with other employees of your company and achieve higher involvment of your employees in further maint enance of the standard, also it will help you avoid missing anything out. Here you can download a free ISO 9001 Implementation Project Plan https://advisera.com/9001academy/free-downloads/
If you want to find out more about further steps in the implementation, take a look at this free ISO 9001 Implementation Diagram https://advisera.com/9001academy/free-downloads/ -
Addressing context of the organization
Answer:
The first important thing to remember is that you don't have to document entire context of the organization, simply because ti would be very long document and there would always be a question if it is completed.
You need to determine external and internal issues regarding your company and how they affect your company ability to achieve its objectives.
Internal issues or internal context may includes organizational structure, organizational culture, communication process in the company, the sequences and interaction between the processes, competence of your employees, condition of the equipment, etc.
External issues or external context includes the environment in which your company operates, it usually includes political situation, economical situation, relevant legislation, culture of the market where you place your products or services, etc.
For more information, see:
- How to identify the context of the organization in ISO 9001:2015 https://advisera.com/9001academy/knowledgebase/how-to-identify-the-context-of-the-organization-in-iso-90012015/ -
Are confidentiality level and change history mandatory in all documents?
Answer:
The answer for those 2 elements is different:
1) If you have published the Classification policy, then you have to comply with your own policy - if in that policy you have defined that confidentiality level needs to be written in all of your documents, then you have to do so. If you didn't develop such policy, then there is no requirement in the standard to write the confidentiality level in all documents.
2) Regarding change history, ISO 27001 requires you to have this (or something similar) in your ISMS documentation. However, if you find this useful, then you can apply it to all the other documents as well. -
Quality Objectives
In the column "Process" you need to enter the processes that are related to the achievement of the objective, for example if the objective is to increase sales, this can be related to the sales and marketing process -
Risks assessment in ISO 9001:2015
Answer:
First it is important to mention that ISO 9001:2015 does not require risk assessment methodology or full scale risk management. It IS simply enough to identify the risks and opportunities and plan actions to address them. However, if you decide to execute full risk assessment you have to be careful on what methodology to apply because they all have pros and cons. The easiest way is to go with SWOT analysis, and also FMEA is very popular tool for risk assessment.
Our documentation toolkit includes Procedure for Addressing Risks and Opportunities that has simple yet effective risk assessment methodology that can fit most companies, here you can find a free preview of the procedure https://advisera.com/9001academy/documentation/procedure-for-addressing-risks-and-opportunities/
Also we have a Procedure for FMEA Risk Assessment with lot of istructions throug h comments, you can find a free preview of the procedure here https://advisera.com/9001academy/documentation/fmea-risk-assessment-record/ -
Defining context of the organization
Answer:
There is no single answer to this question, but it is important to keep in mind the scope of the context consideration and that is quality management system. You need to consider all internal and external issues that may affect your QMS and your ability to achieve the objectives and increase customer satisfaction.
Internal issues or internal context includes organizational structure, organizational culture, condition of your equipment, competence of employees, etc. The external issues include relevant legislation, conditions on the market, actions of your competitors, and even the culture of the market where you place your products and services.
For more information, see:
- How to identify the context of the organization in ISO 9001:2015 https://advisera.com/9001academy/knowledgebase/how-to-identify-the-context-of-the-organization-in-iso-90012015/ -
Control of outsourcing partners and suppliers
i.e. As a distributor are we required to ask our suppliers/manufacturers to be compliant with a particular standard? If they are not compliant, should all the products they supply be classified as a non-conforming product?
We had a process in place previously where we would ask all suppliers to complete a compliance form and ask for their most up to date certificates. Products supplied by suppliers with non-existent or out dated certificates would be classified and non-conforming and would be dealt with accordingly, however we were told this is no longer necessary.
Answer:
Yes, the standard requires control of outsourced processes, but it does not define to what extent. Basically, you will need to determine what extent of control is necessary. In some cases the contract will be enough or clearly defined requirements regarding the o utsourcing partner and in some cases you might need to require that the service or product provided to you by outsourcing partner to be produced and delivered under certain conditions sou you might have to provide them documented procedures or instructions and to conduct on site inspections.
Of course, the level of control of the outsourcing partners may vary from situation to situation. For example if your outsourcing partner is a small company then you might impose higher level of control, but if your supplier or outsourcing partner is some big company oversees that you won't be able to enforce much control on them.
You might require form your supplier to have certificate but that is completely up to you, the standard only requires you to establish controls but it doesn't prescribe what control you should establish. If having certificate is enough for you to determine whether the suppliers can or can not deliver what you expect from them, than it is OK.
For more information, see:
- How to control outsourced processes using ISO 9001 https://advisera.com/9001academy/blog/2015/05/05/how-to-control-outsourced-processes-using-iso-9001/ -
Managing documents
Answer:
Not all emails are considered as documents, some of them are just communication and there is no point in making records of all emails received in the company, but of course some of them should be considered as documents, especially if they have some documents in attachment, such documents can be recorded into some email register.
Vehicle registration slips are issued by the external organization and should be treated as external documents.
For more information, see:
- New approach to document and record control in ISO 9001:2015 https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/ -
How to start complying with ISO 9001
Answer:
The first step is to get to know with the standard requirements and performing a gap analysis to determine to what extent the organization is already compliant with the standard and what needs to be done to achieve the full compliance. Here is the link to our free GAP Analysis Tool https://advisera.com/9001academy/iso-9001-gap-analysis-tool/
Once you determine what needs to be done, yo need to establish the implementation of the standard as a project, determine the deadlines for activities, assign resources and responsibilities. Here you can find a free Project Plan for ISO 9001:2015 implementation https://advisera.com/9001academy/free-downloads// also you can find the ISO 9001 Implementation diagram on the same link.
When you finish with implementation of the standard, meaning to develop all documents and establish all the process, you need to conduct internal audit and management review to ensure that you are compliant with all requirements of the standard. Then you can hire certification body to conduct certification audit and to issue you the certificate. -
Stage 1 and stage 2 for the internal audit?
Answer:
The stage 1 (and stage 2), typically is only for the certification audit (third party audit), and before it you only need to perform the internal audit. You can do the review during the internal audit, and assess that documented information is completed and managed in a compliant way, so you do not need to perform the internal audit dividing it into 2 parts, I mean, you only need to perform an stage to review all documents and to review the compliance with the standard.
This article can help you to make an internal audit checklist (and to know all steps of the internal audit) “How to make an Internal Audit checklist for ISO 27001/ISO 22301” : https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso -22301/
And our online course can help you to become an internal auditor and perform internal audits “ISO 27001:2013 Internal Auditor Course” : https://advisera.com/training/iso-27001-internal-auditor-course/