Search results

The calibration validity by tracing the calibration record

I do not use the word “observation” since there is no ISO 9000 or ISO 19011 definition for it. I use major and minor nonconformity.

In your audit you verified a non-conformity according to clause 7.1.5.2 b). According to your description, I would raise a minor nonconformity.

You can find more information in the following links:

• Major vs. minor nonconformities in the certification audit - https://advisera.com/27001academy/blog/2014/06/02/major-vs-minor-nonconformities-in-the-certification-audit/
• Free webinar on-demand - How to perform an ISO 9001:2015 internal audit - https://advisera.com/9001academy/webinar/how-to-perform-an-iso-9001-2015-internal-audit-free-webinar-on-demand/ (includes a slide about the follow-up)
• You can enroll for free in this course - ISO 9001:2015 Internal Auditor Course: https://advisera.com/training/iso-9001-internal-auditor-course/
• Book - ISO internal audit: A plain English guide: https://advisera.com/books/iso-internal-audit-plain-english-guide/
   

Conception and development in ISO 9001

I can say that I already worked with organizations in that situation and they decided to consider clause 8.3 as non-applicable. They decided and explained that their business is not developing or designing parts, their business is manufacturing parts according to customer requirements. The molds were approved by the customer indirectly when the customer approved the injected parts.
If your organization has already decided who is going to be your certification body, remember that you can explain to them the situation and ask for a statement.

Remote Access Policy and BYOD(Bring Your Own Device) Policy

I was asked to develop a (*Subject) for a small organisation with no more that 1500 words and it's not very specific as to have user profile A,B...etc.. and their designation, their rights and all. How do I start with it?

List of cybersecurity risks associated with 5G technology

I have a question "an organization is AS9100 Rev D certified but organization has no production since one year from any customer then how can compliance of QMS can be interpreted? How internal audits be conducted? How KPI be translated ? What standard say that if an organization have no customer since long time then how QMS compliance be evaluated?

Difference between ISO 27001 A.18.2.1 and 9.2 Internal audit

ISO 27001 clause 9.2 speaks specifically about internal audit, whereas control A.18.2.1 defines independent review of information security - besides internal audit, such independent review can also be certification audit, 2nd party audit, etc. 

To learn more about internal audit, sign up for this free online training ISO 27001 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/ 

The most relevant tools supporting PPAP processes

PPAP requirements should be determined according to customer-specific requirements. If you do not have a special customer requirement then you can use the PPAP rev 4 blue books written by AIAG as a reference manual. There are generally 19 main topics in PPAP. Some of those are given below. 

• Process Flow Chart
• FMEA
• Control Plan
• Part Drawing
• Tool Drawing
• Tool Approval 
• Part Measurement Report
• Part Test Reports
• Part History Document 
• Capability Studies
• MSA Studies
• Sample Part
• Supplier Part Approval Reports 
• Appearance Approval Report
• Engineering Change Approval
• IMDS Approval
• PSW Document 
• Etc...
   

Lab activities

In ISO 17025; "laboratory activities" are one of three types of work taking place in a laboratory, i.e. either testing, calibration or sampling, (when the sample is going to be tested or calibrated). That means that the range of lab activities is the testing, calibration or sampling that is to be, or is accredited. Laboratories must define and document (i.e. decide and put in writing) a list of what testing, calibration or sampling activities conform to ISO 17025, as this will be listed on the accreditation certificate; and is what can be claimed as accredited.

I will give you two testing laboratory examples:

• Heavy Metals (ICP-MS) in Water for Arsenic, Cadmium, Lead, Mercury
• Fat in Animal Feed, Cereal Foods, Cocoa products, Dairy products.

Laboratories must perform the work themselves on an ongoing basis, and not “contract out” such work unless under controlled temporary arrangements due to an emergency.

For more information on ISO 17025 see

• The whitepaper Clause-by-clause explanation of ISO 17025:2017 at https://info.advisera.com/17025academy/free-download/clause-by-clause-explanation-of-iso-17025/
• The ISO 17025 toolkit at https://advisera.com/17025academy/iso-17025-documentation-toolkit/ 

Lists of potential risks for a 100% digital market place

Every company has a different set of risks because of different products, technology, processes, people, etc. so it is is not possible to develop a generic list of risks. 

However, in the ISO 27001/27017/27018 Toolkit you purchased, in the folder 05 you have a document called Risk Assessment Table where you will find catalogs of assets, threats and vulnerabilities you can take into account - these will speed up significantly the identification of risks in your company. 

Further, you have also received access to video tutorial which show a couple of examples of how to identify risks using this document. 

To learn more about the risk management, sign up for this free online training: ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/ 

OLA vs Technical Service Catalog

OLA is an internal agreement (two different parts, e.g. departments, of the same organization) where you define activities in scope with related parameters, e.g. response time). More about OLA in this document "SLAs, OLAs and UCs in ITIL and ISO 20000“ https://advisera.com/20000academy/knowledgebase/slas-olas-ucs-itil-iso-20000/
OLA can be a formal document but can be also e.g. ticket forwarded to another department.
The technical service catalogue is part of the Service catalogue and describes the service in technical parameters. More about Service catalogue in the article "Service Catalogue – a window to the world“ https://advisera.com/20000academy/blog/2013/03/19/service-catalogue-window-world/ and "Service Catalogue – Defining the service“ https://advisera.com/20000academy/blog/2014/03/11/service-catalogue-defining-service/ or in this free webinar " ITIL Service Catalogue from scratch“ https://advisera.com/20000academy/webinar/itil-service-catalogue-from-scratch-free-webinar-on-demand/