Search results

ISO 9001 monitoring and measurement equipment

Clause 7.1.5 of ISO 9001:2015 is about:

• Determining the required monitoring and measurement equipment
• Providing the required monitoring and measurement equipment
• Keeping records that evidence that the monitoring and measurement equipment is adequate
• Calibrate or verify the monitoring and measurement equipment
• Validate the calibration or verification results
• Identify the calibration or verification state of the monitoring and measurement equipment 

Unfortunately, I have no experience with mask manufacturing.

You can find more information below:

• Monitoring and Measurement Equipment Control - https://advisera.com/9001academy/blog/2014/05/06/monitoring-measurement-equipment-control/
• Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

GDPR Applicability in Canada

Yes, the GDPR applies if your company offers goods or services in the EEA or processes personal data of EU individuals, even if it is located outside the EEA. Being in Canada, your organization can enjoy the adequacy decision of the EU Commission that simplifies the transfer between EEA and Canada.

Here you can find more information about the extraterritorial effect of GDPR

• What is the EU GDPR and why is it applicable to the whole world? https://advisera.com/eugdpracademy/knowledgebase/what-is-the-eu-gdpr-and-why-is-it-applicable-to-the-whole-world/
• Is the GDPR applicable to our company? https://advisera.com/eugdpracademy/knowledgebase/who-needs-to-be-gdpr-compliant-an-easy-explanation/

If you want to learn how personal data are processed under the EU GDPR you may consider enrolling in our free training EU GDPR Foundations course: https://advisera.com/training/eu-gdpr-foundations-course//

ISO 9001 KPIs

First, let us answer considering each process in isolation.

It is possible to consider 3 types of indicators:

• Effectiveness indicators;
• Efficiency indicators;
• Quantity indicators. 

For me, the most important is the effectiveness indicators, they measure if the purpose of the process is being met.

For example, for a company that has a strategic direction around innovation and has a process called “Develop new products” one can ask:

• What is the purpose of such a process?
• Quickly develop new products that are market hits.

Effectiveness indicators will measure “Quickly” and “hits”. For example:

• Average time to market
• Revenue from new products
• Average price of new products

Efficiency indicators are the classic QCD indicators:

• Quality
• Cost
• Delivery

For example, for a company that installs wireless networks for telecom companies, with a process called “Install network”, efficiency indicators can be:

• Number of daily nonconformities raised by the customer
• Actual network installation costs versus budgeted costs
• On-time delivery rate 

Quantity indicators give information about the need to manage resources accordingly. For example, a number of incoming calls at a call center is a way of evaluating the need to contract more people to handle more calls without raising waiting time.

Should effectiveness indicators be always the indicators to follow? An organization is made of a set of processes but not all processes contribute in the same way to execute a strategy. Some processes are critical for strategy execution and for those processes’ effectiveness is of paramount importance. Some processes must exist but are not critical for strategy execution. If an organization is excellent at those processes it will spend more resources and customers will not value the difference. However, if an organization fails to comply with the minimum, customers will be upset and will be dissatisfied. So, for these processes’ efficiency is the best.

In this free webinar on demand I develop the challenge of working with relevant indicators - Measurement, analysis, and improvement according to ISO 9001:2015 - https://advisera.com/9001academy/webinar/measurement-analysis-and-improvement-according-to-iso-9001-2015-free-webinar/

The following material will provide you more information:

• How to define Key performance indicators for a QMS based ISO 9001: https://advisera.com/9001academy/24/define-key-performance-indicators-qms-based-iso-9001/-iso-9001/
• How to Write Good Quality Objectives - https://advisera.com/9001academy/knowledgebase/how-to-write-good-quality-objectives/
• Please check this free webinar on demand - The Process Approach - What it is, why it is important, and how to do it - https://advisera.com/9001academy/webinar/iso-9001-process-approach-free-webinar-on-demand/  - how to relate processes and objectives
• Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
• Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
   

Gaps in complying with GDPR

From January 2021 the UK is no more part of the EU so you should comply with the UK GDPR instead of the EU GDPR if you are planning to offer services in the UK. Luckily, the UK GDPR is mirror legislation of the EU GDPR so regulation is pretty identical.One gap is encryption which is considered a common technical security measure, then you should inform the data subject and keep a register of processing activities, just to mention essential activities.

Here you can find more information on how to start implementing GDPR in your business:

• 9 steps for implementing GDPR https://advisera.com/articles/9-steps-for-implementing-gdpr/

If you want to learn how personal data are processed under the EU GDPR you may consider enrolling in our free training EU GDPR Foundations course: https://advisera.com/training/eu-gdpr-foundations-course//

Is the Technical File still a requirement?

In MDR there is a requirement for Technical documentation. It is covered in Annex 2 - Technical documentation and Annex 3 - Technical documentation on post-market surveillance.

For more details, please see:

• EU MDR Annex 2 – Technical documentation - https://advisera.com/13485academy/mdr/technical-documentation/
• EU MDR Annex 3 – Technical  documentation on post-market surveillance - https://advisera.com/13485academy/mdr/technical-documentation-on-post-market-surveillance/

• Technical file procedure https://advisera.com/13485academy/documentation/technical-file-procedure/
• Technical documentation checklist https://advisera.com/13485academy/documentation/technical-documentation-checklist/

Additionally, we have prepared the following procedures and associated templates, required by MDR:

• Procedure for clinical evaluation - https://advisera.com/13485academy/documentation/procedure-for-clinical-evaluation/
• Procedure for Post-Market Surveillance System - https://advisera.com/13485academy/documentation/procedure-for-post-market-surveilance/

• ISO 9001 requirements for laboratories

  Yes, ISO 9001 requirements are similar. Of course, each laboratory has different interested parties and clients (clauses 4.2 and 5.1.2) and have to comply with different standards and regulation (clause 7.5 about external documents). So, although the requirements are the same, the specific way of complying with them may vary from laboratory to laboratory.

  You can find more information below:

  • Six Key Benefits of ISO 9001 Implementation - https://advisera.com/9001academy/knowledgebase/six-key-benefits-of-iso-9001-implementation/
  • What are the benefits of ISO 9001 for your employees? - https://advisera.com/9001academy/blog/2016/06/14/what-are-the-benefits-of-iso-9001-for-your-employees/
  • Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
  • Book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
     

   

• Starting with SOA

  Please note that before you start SoA you have some work to do (e.g., definition of the ISMS scope, Information security policy, risk assessment, and treatment methodology, etc.).

  Considering that, we suggest you follow the order of folders and templates provided in the toolkit, so you minimize the complexity of your implementation and risks of rework.

  Once you have completed the templates needed to support the SoA, you will have a better understanding of how to be filing it. In short, to start documenting the Statement of Applicability you need to perform a risk assessment and risk treatment, to identify the relevant risks and controls (from ISO 27001 Annex A or other sources) you will implement to treat them. Additionally, you need to identify legal requirements (e.g., laws, regulations, and contracts) which require the implementation of specific controls.

  For further information, see:

  • ISO 27001/ISO 27005 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
  • The basics of risk assessment and treatment according to ISO 27001 [free webinar on demand] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/
  • Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/

  Additionally, included in the toolkit you will buy you will have access to a video tutorial that will help you to fill in the Statement of Applicability.

• Modification planning

  Thank's for your response.

• Naming audits after upgrading to ISO 45001

  If you are transitioning from OHSAS 18001 to ISO 45001 during this year’s audit, then this is an ISO 45001 certification audit even if you were partially through your 3-year cycle on OHSAS 18001. This audit will confirm all of ISO 45001 implementation, and is therefore not the reduced audit you will see in a surveillance audit.

  You can read a bit more on the certification process in the whitepaper: What to expect at the ISO certification audit: What the auditor can and cannot do, https://info.advisera.com/free-download/what-to-expect-at-the-iso-certification-audit

• ISO 9001 and financial problems during the pandemic

  No, implementing a QMS according to ISO 9001:2015 is no bullet-proof vest against financial problems during pandemic Covid 19. However, I believe that having a QMS according to ISO 9001:2015 can help organizations in answer to the situation. In extreme situations, if your organization cannot operate due to mandatory shutdown from authorities, it is irrelevant being or not being ISO 9001 certified.

  You can find more information below:

  • Article - How to use ISO standards to address a pandemic - https://advisera.com/articles/how-to-use-iso-standards-to-address-a-pandemic/
  • Free webinar on-demand - How to use ISO 9001 to control operations during the pandemic - https://advisera.com/9001academy/webinar/how-to-use-iso-9001-to-control-operations-during-the-pandemic-free-webinar-on-demand/
  • Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
  • Book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/