Search results

Documentation numbering

About the 'ISO document numbering system,' there is no particular prescription from ISO 9001:2015. The only requirement is that your organization has a method that allows for the unique identification of each document. Different organizations use different methods. Use a method to identify the document and the version, by a number or a date.

Normally, I number processes and all documents related to a particular process start with that number. For example, in process “3.Win order”, we have P3.1 (for a procedure) and WI3.1 and WI3.2 (for a work instruction). For forms, I just use a counting system 1, 2, 3, 4 …

You can find more information about records below:

• How to structure quality management system documentation - https://advisera.com/9001academy/knowledgebase/how-to-structure-quality-management-system-documentation/
• New approach to document and record control in ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/
• Some tips to make Document Control more useful for your QMS - https://advisera.com/9001academy/blog/2014/05/20/tips-make-document-control-useful-qms/
• Free online training ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
• Book - Managing ISO Documentation: A Plain English Guide - https://advisera.com/books/managing-iso-documentation-plain-english-guide/

ISO 9001 Manufacturing devices delivery guidelines

Unfortunately, I cannot provide you with an example, but I can try to guide you in writing one. Gather a group of people that work on deliveries and that are internal suppliers and internal customers of deliveries.

First, think about the flow of activities

Then, ask: what can go wrong?
For each step in the flow add one or more control activities to minimize or eliminate what can go wrong. For example, before “Charge cargo” check if the container is clean. You can add a checklist, a visual control operation.

For each step in the flow identify who participates, who has responsibilities, who has authority.
Then you can write the procedure for each step: what needs to be done by whom, what documents are used, and what records are generated.

You can find some help in this free webinar on-demand - The Process Approach - What it is, why it is important, and how to do it - https://advisera.com/9001academy/webinar/iso-9001-process-approach-free-webinar-on-demand/ I show how to relate processes, risks, training, documentation, and control.

GDPR Data Retention

The GDPR does not require to maintain data for 10 years, the data minimization principle and the storage limitation principle (Article 5 GDPR) are some of the general principles regarding data processing, require that data are processed for the period necessary to reach the purpose of processing.

When subscribing and creating an account to a website, the purpose of processing is to provide you the service (access to your account) and the data retention period can be as long as the service is provided. The owner of the website can also keep personal data longer if you purchased some services or items on the website because tax laws require you to store invoices (which contains your personal data) for 10 years.

However, the data controller in the terms of service and the privacy notice should distinguish the data of users from the data of clients and allow the deletion of users' data if required by them.You can write to the website asking what is the legal basis under which they assume to keep your personal data, and highlight that since you did not purchase anything and you just created an account, you want that your personal data are canceled according to the right to be forgotten of GDPR, otherwise you will lodge a complaint to the Data Protection Authority of their country (you can send an email and attach your previous request and reply of the website). Ignoring the principle of data processing (art 5 GDPR) and the lawfulness of processing (art 6 GDPR ) and data subjects rights is one of the most serious GDPR infringements with fines up to 20 000 000 EUR (Art. 83 par. 5 GDPR). Maybe you can add this reference in your email to the website.

If you want to know more about data subjects rights, consent, and compliance to GDR here you can find more information:

• Data subject rights according to GDPR https://advisera.com/eugdpracademy/knowledgebase/8-data-subject-rights-according-to-gdpr//
• Is consent needed? Six legal bases to process data according to GDPR https://advisera.com/eugdpracademy/knowledgebase/is-consent-needed-six-legal-bases-to-process-data-according-to-gdpr/
• Email marketing in the era of GDPR – How to ensure compliance? https://advisera.com/eugdpracademy/blog/2019/05/27/gdpr-and-email-marketing-rules-for-compliant-campaigns/

If you need to understand how to data subject rights need to be managed under GDPR, you can consider enrolling in our free online training EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

Information security career

First is important to note that you do not need an IT background to work with an Information Security Management System (certainly an IT background is helpful, but it is not mandatory).

Considering your ISO background, the first step is for you to decide which path you want to follow considering security management or security assurance (i.e., security audit), and for these areas, you have the following ISO 27001 career you can follow:
- ISO 27001 Lead Implementer – this certification recognizes people who have competency in the ISO 27001 implementation process.
- ISO 27001 Lead Auditor – this certification recognizes people who have competency in auditing an ISM S against ISO 27001 requirements and want to become certification auditors (and with this provides more confidence to an organization for being certified).

These articles will provide you a further explanation about ISO 27001 personnel certifications:
- What does ISO 27001 Lead Implementer training look like? https://advisera.com/27001academy/blog/2016/11/28/what-does-iso-27001-lead-implementer-training-look-like/
- What does ISO 27001 Lead Auditor training look like? https://advisera.com/27001academy/blog/2016/08/29/what-does-iso-27001-lead-auditor-training-look-like/
- Lead Auditor Course vs. Lead Implementer Course – Which one to go for? https://advisera.com/27001academy/blog/2014/06/16/lead-auditor-course-vs-lead-implementer-course-which-one-to-go-for/

For courses related to these certifications, please see:
- ISO 27001:2013 Lead Auditor Course https://advisera.com/training/iso-27001-lead-auditor-course/
- ISO 27001:2013 Lead Implementer Course https://advisera.com/training/iso-27001-lead-implementer-course/

Duration of surveillance audit

The duration of audits by certification bodies depends mainly on the size of the organizations in terms of the number of employees, and to a lesser extent on the complexity of the products or services. The duration of surveillance audits is shorter than that of certification audits.

The following material will provide you information about surveillance audits:

• ISO 9001 – What is an ISO 9001 surveillance audit? - https://advisera.com/9001academy/blog/2016/10/18/what-is-an-iso-9001-surveillance-audit/
• Surveillance visits vs. certification audits - https://advisera.com/27001academy/knowledgebase/surveillance-visits-vs-certification-audits/
• Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

Delivery department documentation

There is no mandatory documentation required by ISO 9001:2015 concerning the delivery department. Please check this article - List of mandatory documents required by ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/

So, it is up to each organization decide what documentation is required.

Please check this article - How ISO 9001 improves shipping procedures - https://advisera.com/9001academy/blog/2019/07/09/how-iso-9001-improves-shipping-procedures/ - perhaps you could find some tips, although it is for shipping companies

You can find more information below:

• Discover ISO 9001:2015 - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
• ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/

E-waste management

I find in the internet some discrepancies in the information about e-waste. Some sources say that it is becoming more dense, less volume. Other sources, like the European Parliament, say something like “E-waste is the fastest growing waste stream in the EU and less than 40% is recycled.” Some sources see a great problem, others see a great opportunity for recycling rare metals.

Concerning ISO 14001, please consider this ISO 14001 document template: Guideline for Electronic Waste Management - https://advisera.com/14001academy/documentation/guideline-for-electronic-waste-management/ - Consider also this article - Using ISO 14001 to manage and reduce waste in the electronics industry - https://advisera.com/14001academy/blog/2017/02/13/using-iso-14001-to-manage-and-reduce-waste-in-the-electronics-industry/

ISO 45001 - identifying internal and external issues

If your organization uses the SWOT analysis already, then the strengths and weaknesses of the SWOT analysis are applicable tot eh internal and external issues in ISO 45001 clause 4.1. Likewise, the issues causing the threats and opportunities would also be external issues, and the threats and opportunities would be applicable in clause 6.1.

It is however important to note that a SWOT analysis is not a mandatory requirements of ISO 45001, and is only one way to identify this information.

You can learn a bit more of how SOWT works in the OHSMS in the article: Benefits of SWOT analysis in ISO 45001, https://advisera.com/45001academy/blog/2019/05/27/iso-45001-swot-analysis-what-are-the-benefits/

OHSAS 18001 vs ISO 45001

OHSAS18001 was the designation for the previous standard from BSI for creating an OHSMS, or Occupational Health & Safety Management System, which is the collection of all the rules, policies, procedures and processes you put in place to manage OH&S performance in your organization. ISO 45001 is the new OHSMS standard which is released by the International Organization for Standardization, making it a more internationally accepted and applicable document.

Both OHSAS 18001 and ISO 45001 are documents that provide requirements on how to create an OHSMS, with OHSAS 18001 becoming obsolete in the near future as ISO 45001 becomes the new international standard. Organizations have a certain time to transition before the OHSAS 1`8001 standard is made obsolete and certification to this older standard is stopped.

You can learn more on the changes from OHSAS 18001 to ISO 45001 in the recorded webinar: ISO 45001 vs OHSAS 18001 the main changes, https://advisera.com/45001academy/webinar/iso-45001-2017-vs-ohsas-18001-2007-the-main-changes-on-demand/

Process turtle for Customer Specific Requirements

Many companies use turtle diagrams when defining processes. This form of identification is not mandatory for IATF 16949 but is preferred because it is an easy identification method. If you want to define a process such as reviewing customer-specific requirements in your QMS structure, you can use this type of process definition map.

For more information, see this article: 

• How to satisfy customer-specific requirements when implementing IATF 16949 https://advisera.com/16949academy/blog/2019/07/02/iatf-16949-customer-specific-requirements-how-to-meet-them/