Search results

NPI project for IATF

In the new product introduction process (NPI), you should comply with the requirements of clause 8.3 of the IATF 16949:2016 standard. All requests on this subject are specified in sub-items 8.3 and 8.3.

I have listed a few conditions that should be followed on this subject below, but I recommend that you review these relevant articles in detail.

• If you are designing products, design FMEA
• Process FMEA
• Control Plan
• Project Plan
• Feasibility analysis
• Design validity test plan and tests
• Prototype control plan
• Product and process validation records
• MSA and SPC studies
• All PPAP requests
• Customer-specific requirements about it, etc.

• Handling termination and change of employment

  The handling of termination and change of employment can be found in the Statement of Applicability Module, in the Implementation method for control A.6.5 (in case this control is marked as applicable).

  The implementation method in the SoA describes how the company will handle termination and change of employment (a text is suggested, but you can edit it according to you needs).

  In general, conditions that remain valid after the termination or change of employment are defined in the agreements with suppliers and partners, and in the confidentiality statements signed with employees. The clauses for this purpose can be found in the template Security Clauses for Suppliers and Partners. You can find this template in Conformio by clicking the link Documents in the left panel, then clickling in "Templates for Manual Editing".

  For further information, see:

  • What to consider in security terms and conditions for employees according to ISO 27001 https://advisera.com/27001academy/blog/2018/05/23/what-to-consider-in-security-terms-and-conditions-for-employees-according-to-iso-27001/

  • Risk/ Supplier - what happens if a supplier ceases trading.

    Yes, you are right. If the manufacturer goes bankrupt and you do not have support for the product, you have to see the risk that something with the medical device went wrong, how can you answer to your client. This means that if you have some simple product that you do not have so far complaints, maybe you can sell this kind of medical device until the certificate expires. However, if your medical device is complex, needs service or installation, or has some complaints where you have to ask for a spare device from the manufacturer, it will be very hard for you to sell that product further on.  

  • ISO 14001 How to define environmental aspects

    “Finding: the normal, abnormal, and foreseeable emergency situations related to the aspect defined within the Environmental Aspect and risk register has not been defined.”

    When implementing an Environmental Management System, we must determine the environmental aspects associated with activities, products, and services, taking into account, to the extent reasonable, the life cycle perspective..

    Environmental aspects should be determined considering situations of normal operation, abnormal operation, and emergencies.

    I will consider a brick manufacturer for construction as an example.

    Examples of Normal Environmental Aspects:

  • Raw Material Consumption: The extraction and use of raw materials such as clay, sand, and water in brick production can impact local ecosystems and deplete natural resources.
  • Energy Consumption: The energy used for firing and drying bricks can contribute to greenhouse gas emissions and air pollution.
  • Air Emissions: Dust, particulate matter, and gases released during the firing process can affect air quality in the vicinity of the manufacturing facility.
  • Water Consumption and Discharge: The consumption of water in brick production and the discharge of wastewater can impact local water resources and aquatic ecosystems.
  • Waste Generation: The production process generates waste materials such as broken or defective bricks, which need proper management to minimize environmental impact. 

  Examples of Abnormal Environmental Aspects:

  • Equipment Malfunctions: Malfunctions of machinery or kilns could lead to increased emissions, energy waste, and potential safety hazards.
  • Spillage or Leakage: Accidental spillage of raw materials, such as clay or chemicals, can contaminate soil and water sources
  • Workplace Incidents: Accidental releases of dust, particulates, or other pollutants due to equipment failures or human errors could occur.
  • Noise Generation: Increased noise levels due to malfunctioning equipment can impact the surrounding community and wildlife. 

  Examples of Emergency Environmental Aspects:

  • Fires: Fires in kilns, storage areas, or other parts of the facility could lead to air emissions, release of hazardous substances, and potential danger to employees and nearby communities.
  • Chemical Spills: Accidental spills of chemicals or fuels used in the manufacturing process can lead to soil and water contamination.
  • Power Outages: Power outages could disrupt operations and result in issues such as incomplete brick firing or increased emissions upon restarting.
  • Natural Disasters: Natural events like earthquakes, floods, or hurricanes could damage facilities, disrupt operations, and lead to potential environmental contamination.
  • Structural Failures: Failures in storage structures, kilns, or other equipment could result in spills, emissions, and other environmental impacts.

  It's important for the manufacturer to identify and assess these environmental aspects and develop appropriate measures to mitigate potential negative impacts. This includes implementing pollution prevention strategies, disaster preparedness plans, and emergency response procedures to ensure the protection of the environment and the safety of employees and the surrounding community.

  You can find more information on the following links:

  • Catalogue of environmental aspects - https://advisera.com/14001academy/knowledgebase/catalogue-of-environmental-aspects/
  • Environmental aspect identification and classification - https://advisera.com/14001academy/knowledgebase/environmental-aspect-identification-and-classification/
  • How does product life cycle influence environmental aspects according to ISO 14001:2015? - https://advisera.com/14001academy/blog/2016/03/21/how-does-product-life-cycle-influence-environmental-aspects-according-to-iso-140012015/

  • Calibration and Testing

    ISO 17025 is applicable to all testing and calibration laboratories.

    For flow meter calibration, this will include specifying the specific type of fluids and range in the scope – e.g. Water, Air, Liquid Carbon Dioxide (CO2).
    For storage tank calibration, you would include the service and type of tanks that are being measured (volume or dimensions), plus calibration technique and procedure must be specified – e.g. volume and density of Industrial volumetric equipment and bulk storage tanks using Scanning length measurement.

    Depending on the country and industrial sector, there may be additional requirements. For example, the American Petroleum Institute. 

    For more information on ISO 17025 refer to  Advisera ISO 17025 – Where to Start? at https://advisera.com/iso-17025/

  • Process map according to ISO standard

    There is no generic model based on the process approach that is valid for all companies. The best models are those designed specifically for each company and using language that people in the company understand. I recommend watching the free on-demand webinar called The Process Approach - What It Is, Why It Is Important, and How to Do It - where I try to explain how to design a model.

    Another possibility is to participate in this Live Virtual Training.

  • Risk assessment Guidance

    1 - is there a tool to help with risk assessment coverage from ISO 27k to 9k/20k?

    Need to update Risk assessment and wanted to know if there is set Guidance and or tool to assist

    Please note that risk assessment for each standard has different purposes and different assessment criteria, so it is not common to find a single tool to cover these at the same time.

    2 - is there set policy or regulations for doing a risk assessment to include these additional ISO's?

    On these links, you will find demos for risk assessment documents for each standard, so you can evaluate if they can help you:

    • ISO 9001:2015 Risk Management Toolkit https://advisera.com/9001academy/iso-90012015-risk-management-toolkit/
    • Risk Management Policy (ISO 20000) https://advisera.com/20000academy/documentation/risk-management-policy/
    • ISO 27001/ISO 22301 Risk Assessment Toolkit https://advisera.com/27001academy/iso-27001-22301-risk-assessment-toolkit/

  • Validity and document management

    This is an acceptable approach compliant with the standard to evidence document review.

    Please note that a document review not necessarily needs to lead to changes in it, so you can update the change history of the document to include the information about when the document was last reviewed and that no need to change was identified.

  • ISO 27001 Toolkit for consultants questions

    1 - Printed documents
    The documents are stored in electronic format in most organisations, but nowhere on the document does the statement ‘uncontrolled when printed’ or similar appear in the header of footer 

    We have always inserted this statement into all documents within our work as otherwise a printed document could be picked up and used without checking that it is the latest version.

    We also note that a lot of certification bodies would pick up a non-conformance in these instances. Can I ask why this statement is not included on all electronic documents please?

    Answer: An ‘uncontrolled when printed’ statement is not included in the templates because the Procedure for Document and Record Control, section 3.3 - Publishing and distributing documents; withdrawal from use, does not make a distinction between handling electronic and printed versions of documents, i.e., the documents in all formats need to be controlled.

    This is so because the purpose of ISO 27001 is to protect the information, and printed documents, in current or obsolete versions, may still contain classified information that needs to be protected, so they need to be controlled until the information becomes unclassified.

    On top of this, ISO 27001 clause 7.5.3 requires all ISMS documents to be controlled.

    2 - Improvement / non-conformance log
    I cannot find a register for non-conformance or what I would call an improvement log / register. The toolkit has a corrective action procedure and a corrective action form template only.

    We would always include an improvement log where all non-conformalities and improvement suggestions (complaints, Issues, Improvement ideas and changes to documented information, processes or context) are recorded according to their source. In other words a spreadsheet register that matches the con-conformance form fields but allows one to view all non-conformities / issues in one place without having to sift through a pile of forms to find out which ones are overdue or still open.

    Answer: Please note that nonconformities and opportunities for improvement are recorded in the Internal Audit Report template, located in the folder Internal Audit.

    The approach you are suggesting is a good idea for a better management of improvements, but we found that our customers prefer to have the least amount of documents - since such Register of nonconformities is not a mandatory document, we decided not to create this extra document. Of course, if a customer wants to create such an additional register, we support them in such an effort.

    3 - Document control
    I don’t understand the document control procedure as it does not state how a change request is raised for consideration (document change request for instance)

    Again, we would not call this a non-conformity, but it would be raised in the improvement log prior to any change of document being authorized. What is this ‘Track changes’ referring to please?

    The procedure states:
    All changes to the document must be made using "Track changes," making visible only the revisions to the previous version, and must be briefly described in the "Change History" table; if Track changes option is unavailable, or if the changes are too numerous, then the Track changes option is not used.
    Each document should preferably have a "Change History" table used to record every change made

    Answer: ISO 27001 does not prescribe how to start the process of changing a document, only that changes need to be reviewed and approved. 

    Again, we are aiming at having the least amount of documents because this is what customers prefer.

    You can summarize the need for change in the section ‘Change history’ included in each template.

    About the ‘track change’, it is a feature of text processor software, like MS Word, which allows the identification of excluded and included texts in a document. 

    4 - The toolkit does not contain a document register?

    This is going to make it difficult to show the version of all latest documents – most cert bodies in my experience are looking for a master document register. 

    Hope that makes sense and apologies if I am missing something

    Answer: ISO 27001 does not require a master document register to be maintained (this would only add another document to be maintained). As an alternative, we suggest that customers keep the documents in the same folder structure as of the toolkit, only including a sub-folder “obsolete” in each folder, so each folder will have the current version of each document, and the sub-folder will store the obsolete versions.

    Showing the document version can be resolved very easily by adding the version number to the file name - e.g., 'Information Security Policy EN ver 1_2.docx'.