Search results

Mandatory status of a ISO 9001 representative

With ISO 9001:2015 there is no longer a mandatory requirement for a quality management representative (QMR). ISO 9001:2015 makes no mention of a QMR.

You can find more information below:

• What will be the destiny of the management representative in the new ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/what-will-be-the-destiny-of-the-management-representative-in-the-new-iso-90012015/
• Choosing the best person for the job quality management representative: https://advisera.com/9001academy/blog/2014/06/03/choosing-best-person-job-quality-management-representative/
• Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

ISO 9001 customer satisfaction questions

"1.If the assessment of customer satisfaction (according to ISO 9001:2015) by the auditee is still mandatory, even if the related procedure and records are not more mandatory?

Answer:

It is mandatory that an organization determines how to get, monitor and review information about what is commonly called “customer satisfaction”. 

2.Are auditors and certification bodies simply allowed to decide to not take into account as NEEDED the customers' satisfaction assessment by the auditees?"

Answer:

If clause 9.1.2 is included in the scope the audit, auditors should audit the customers' satisfaction assessment by the auditees. They can ask: how do you get and monitor customers’ satisfaction feedback? Did you receive that feedback? Did you analyze that feedback? What were your conclusions and decisions?

You can find more information below:

• Handling customer satisfaction with code of conduct and complaints procedure - https://advisera.com/9001academy/blog/2014/07/15/handling-customer-satisfaction-code-conduct-complaints-procedure/
• How the ISO 9001:2015 standard can help improve relationships with your customers - https://advisera.com/9001academy/blog/2016/02/23/how-the-iso-90012015-standard-can-help-improve-relationships-with-your-customers/
• Main elements of handling customer satisfaction in ISO 9001 - https://advisera.com/9001academy/blog/2014/07/01/main-elements-handling-customer-satisfaction-iso-9001/
• Free online training ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
   

Internal audit duration

First, consider the scope of the audit. Will you audit one or more processes? Will you audit one or more departments or teams?

Then, study the audit criteria (ISO 9001:2015 clauses applicable within the scope, procedures, instructions, …). While studying the audit criteria start listing the questions that you want to make to whom, start listing what you want to see and where to think about the sample size that you should consider to later support your audit conclusions.

After this, you should have an idea about the time needed for each stage in your audit, considering the number of questions to ask and to whom, what you want to observe, the sample size, the number of records you want to check. Normally, 20 minutes is the minimum I take for each stage, and 1 hour the maximum.

You can find more information below:

• Article - ISO 9001 internal auditor training: Is it for me? - https://advisera.com/9001academy/blog/2015/06/02/iso-9001-internal-auditor-training-is-it-for-me/
• Webinar - Free webinar on-demand - How to perform an ISO 9001:2015 internal audit - https://advisera.com/9001academy/webinar/how-to-perform-an-iso-9001-2015-internal-audit-free-webinar-on-demand/
• Free online training ISO 9001:2015 Internal Auditor Course: https://advisera.com/training/iso-9001-internal-auditor-course/
• Book - ISO internal audit: A plain English guide: https://advisera.com/books/iso-internal-audit-plain-english-guide/

Document ID

ISO 9001:2015, clause 7.5.2 a), invites each organization to determine a document identification methodology, it gives some examples but does mandate a particular solution.

Without seeing the different types of documents and where are they located in document structure as presented in this article - How to structure quality management system documentation - https://advisera.com/9001academy/knowledgebase/how-to-structure-quality-management-system-documentation/ - it is not very easy. The point is, your organization can design its own way for each kind of documents: a name, a code, a number. Isolated or linked to processes, to departments, to lines of business.

You can find more information about documentation below:

• New approach to document and record control in ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/
• Some tips to make Document Control more useful for your QMS - https://advisera.com/9001academy/blog/2014/05/20/tips-make-document-control-useful-qms/
• Free online training ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
• Book - Managing ISO Documentation: A Plain English Guide - https://advisera.com/books/managing-iso-documentation-plain-english-guide/

Record management procedures

Records are the memory of an organization. Organizations without records, or missing records, or not knowing where to find them, are organizations with learning problems.

This is mainly treated in ISO 9001:2015 clause 7.5.3:

In the following diagram, I organize a set of questions to ensure records management.

You can find more information about records below:

• How to structure quality management system documentation - https://advisera.com/9001academy/knowledgebase/how-to-structure-quality-management-system-documentation/
• New approach to document and record control in ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/
• Some tips to make Document Control more useful for your QMS - https://advisera.com/9001academy/blog/2014/05/20/tips-make-document-control-useful-qms/
• Free online training ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
• Book - Managing ISO Documentation: A Plain English Guide - https://advisera.com/books/managing-iso-documentation-plain-english-guide/

ISO 9001 Implementation and scope

what department to start the implementation?

Answer:

There is no technical answer to this question.

Normally, I like to start with a process (includes more than one department) that rapidly brings performance improvements. For example, for a manufacturing company, starting with a process like “Supply materials” (evaluate and qualify suppliers, order materials, receive and control materials, store materials, supply materials), may bring more confidence, more control, and show measurable gains.

Sometimes I have the opportunity to start with top management clauses and processes. Normally, when top management is really committed to the management system.

what the scope should cover?

Answer:

There is no technical answer to this question.

Deciding on the scope of a quality management system (QMS) is a management decision. For example, a hotel:

A hotel may develop a QMS just for the hospitality part, and just for travel agencies, not for treating individual guests.

You can find more information below:

• Free webinar on demand - Overview of ISO 9001 implementation steps - https://advisera.com/9001academy/webinar/overview-of-iso-9001-implementation-steps-free-webinar-on-demand/
• How to define the scope of the QMS according to ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/how-to-define-the-scope-of-the-qms-according-to-iso-90012015/
• Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
   

Signing electronic documents

In the TITLE 21--FOOD AND DRUGS CHAPTER I--FOOD AND DRUG ADMINISTRATION DEPARTMENT OF HEALTH AND HUMAN SERVICES SUBCHAPTER A – GENERAL, Part 11 Electronic records, electronic signatures is stated that c) Where electronic signatures and their associated electronic records meet the requirements of this part, the agency will consider the electronic signatures to be equivalent to full handwritten signatures, initials, and other general signings as required by agency regulations, unless specifically excepted by regulation(s) effective on or after August 20, 1997.

For more information, see:

• CFR - Code of Federal Regulations Title 21 https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfcfr/CFRSearch.cfm?CFRPart=11&showFR=1
• Part 11, Electronic Records; Electronic Signatures - Scope and Application https://www.fda.gov/regulatory-information/search-fda-guidance-documents/part-11-electronic-records-electronic-signatures-scope-and-application#iiic

• IATF 16949 People engagement

  As you know, the involvement of top management is important for the IATF 16949: 2016 standard, and there are many requests in clause 5 specifically on this issue. 

   

  I can suggest a few methods to get senior management involved.

  • First of all, you can plan IATF standard training for top management.
  • By meeting with senior management from time to time, you can give feedback on the company's quality status, weak points, and improvement suggestions. You can even ask for help in assigning tasks to him at these meetings.
  • If you hold monthly meetings with the senior management and management team to review the main goals of my company, it will be important in terms of participation.
  • You should include senior management in the program in internal audits.
  • In external audits, you can ask him to help him present the company's strategic plan, main risk analysis, management review result.
  • It is useful to periodically share the improvement studies and their gains with the senior management and team.
  • From time to time, the participation of senior management can be increased with external consulting support.
     

   

• Classification of digital information

  ISO 27001 does not prescribe a way to classify information, so organizations can adopt the scheme which best fits their needs. The adopted scheme only needs to be aligned to perceived risks and applicable legal requirements.

  Considering that, first you need to identify which legal requirements (e.g., laws, regulations, and contracts) and relevant risks, related to information confidentiality, integrity, and availability, are applicable to your context.

  In general, information is classified in terms of its confidentiality, and an example of classification would be:

  • Confidential (only specific people can access information)
  • Restricted (only people who work in the town hall may have access to information)
  • Public (information can be accessed by anyone)

  Note that, if integrity or availability are relevant aspects to be taken into account, the classification scheme will be changed.

  Please note that in case confidentiality or integrity are relevant aspects to be taken into account, the classification scheme will change.

  So, you need to understand the needs of the prefectures to define the best classification scheme for them.

  This article will provide you a further explanation about information classification:

  • Information classification according to ISO 27001 https://advisera.com/27001academy/blog/2014/05/12/information-classification-according-to-iso-27001/

• Classificação da informação digital

  A ISO 27001 não prescreve uma maneira de classificar as informações, assim as organizações podem adotar o esquema que melhor atenda às suas necessidades. O esquema adotado só precisa estar alinhado aos riscos percebidos e aos requisitos legais aplicáveis.

  Considerando isso, primeiro você precisa identificar quais requisitos legais (por exemplo, leis, regulamentos e contratos) e riscos relevantes, relacionados à confidencialidade, integridade e disponibilidade das informações, são aplicáveis ao seu contexto.

  Em geral informações são classificadas em termos de sua confidencialidade, e um exemplo de classificação seria:

  • Confidencial (apenas pessoas específicas podem ter acesso a informação)
  • Restrita (apenas pessoas que trabalham na prefeitura podem ter acesso a informação)
  • Pública (informação pode ser acessada por qualquer pessoa)

  Observe que, caso a integridade ou disponibilidade sejam aspectos relevantes a serem levados em consideração, o esquema de classificação será alterado.

  Portanto, você precisa entender as necessidades das prefeituras para definir o melhor esquema de classificação para elas.

  Este artigo fornecerá mais explicações sobre a classificação das informações:

  • Classificação da Informação de acordo com a ISO 27001 https://advisera.com/27001academy/pt-br/blog/2014/05/14/classificacao-da-informacao-de-acordo-com-a-iso-27001/