Search results

Home / Search

Category:
Select
Select

11275 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • ISO Quality management for service giving public institutions

    Yes, you can. ISO 9001:2015 is a standard that can be used to design and implement a quality management system in all kinds of organizations. In a service giving public institution, you may not use the word customer, but you will certainly use the words interested party.

    The following material will provide you more information:

  • How to implement QMS?

    When I started implementing quality systems, I started with the standard and then took pieces of the company and associated them with each clause in the standard. Later, I realized that this approach made it difficult for other people to understand QMS in addition to sounding very artificial. The process approach helped me to overcome this difficulty. Instead of starting with the standard, start with the company: How does the company work? How does the workflow circulate from a customer in need to the customer served?

    So, think about your organization as a set of daily activities and at the same time a whole in search of meeting a purpose, a strategic intent.

    For the first part, the daily activities, use the process-approach, you can see this free webinar on demand – The Process Approach – What it is, why it is important, and how to do it – https://advisera.com/9001academy/webinar/iso-9001-process-approach-free-webinar-on-demand/ - then you can ask people in your organization to describe how they do their activities, what kind of documents they use as guidance or to record, and who participates. After this, you can use ISO 9001:2015 clauses to check if anything is missing. For example, clause 8.2 can be used to check a commercial process, clause 8.3 can be used to check how to develop a new service and clause 8.4 can be used to check a purchasing process.

    Mistakes, nonconformities may happen in each process, you can see this free webinar on demand - How to implement risk management in ISO 9001:2015 - https://advisera.com/9001academy/webinar/how-to-implement-risk-management-in-iso-90012015-free-webinar/ - with the risk-based approach you can determine what needs to be done to improve or control performance in each process.

    For the second part, you need to see your organization as an entity immersed in a context, working for and with interested parties following a strategic orientation to meet desired objectives. For this part let us apply ISO 9001:2015 clauses 4.2, 4.1 and 6.1.

    4.2 - What is the organization’s purpose? Why does it exist in the first place? Whom does it serve? What are their needs and expectations? An organization, like any other organization has to serve its “customers” (even if they are not the ones who pay). These groups also have need and expectations. And the service may have to be provided under a set of regulations that act as constraints. So, list the more relevant needs and expectations. You see, after all the noise and bells and whittles, the organization exists to provide, to answer, to deliver on those needs and expectations.

    From here you can define and characterize the set of services that are provided by the organization, and their outcomes, their service specifications.

    4.1 – Is it easy to deliver on those needs and expectations? While answering this question reality sets in. The organization is placed in a certain context with internal and external issues. Perhaps there is not enough money, perhaps there is lack of staff, perhaps “customers” don’t collaborate, perhaps there are voluntaries that can be called to help, …

    6.1 – when you confront the relevant needs and expectations of the relevant interested parties with the internal and external issues from the context you can determine risks and opportunities. What can help you or hinder you in meeting the desired outcomes according to specifications? You can use the most relevant risks to develop a Quality Plan – what needs to be controlled, what needs to have work instructions, what needs to be recorded, what kind of training is needed, … this way you are starting to design your quality management system not based on mambo jambo, but in what really matters to the purpose of the organization and its interested parties.

    You can find more information below:

     

  • Risks posed by third party’s or suppliers

    Different types of suppliers will have very different risks - e.g. with providers of telecom equipment you will have the risks of equipment breakdown, eavesdropping, etc.; with providers of specialized security services you will have the risk of unauthorized access to sensitive data, unauthorized change of sensitive data, industrial espionage, etc. 

    To learn more about handling third parties and related risks, see these materials: 

    This online course will also teach you about handling third-party risks: ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/ 

  • ISO 9001:2015 kurulumu

    Merhaba,

    bir işletmeye KYS ISO 9001:2015 kurulumu yapılacak veya var olan dokümanlar kontrol edilecek. 

    Danışmanlık almadan izlenecek metodlar belirli midir ?
    Yani bir iş akışı var mıdır yapılacak işlerin listesi gibi ?

    ISO standart maddeleri belirli ve anlaşılmıştır ancak istenilen "net doküman adı ve içeriği" nedir diye bakılacak bir metod var mıdır ?

     

    Yani kurumun verilerinin izlenmesini takibini ister yerine "Yıllık Veri Tablosu" ister içerik olarak ay ay hurdalar, üretimler vs bilgileri girmeniz gerekir örneğinde olduğu gibi. 

     

    Teşekkürler

  • Documents for biofertilizer NAB lab

    The generic ISO 17025 mandatory requirements are covered in the documents of the ISO 17025 Toolkit, applicable to any testing and calibration laboratory applying for ISO 17025 accreditation with their national accreditation body. To meet the specific requirements for your sector, namely biofertilizers; as for any other sector or program, you would need to determine what the requirements are and either expand on the toolkit documents or add additional procedures and records. Contact your accreditation or regulatory body or look at their website and establish what you need to implement; in addition to the mandatory ISO 17025 documents. These should be easily added to the toolkit documents.

    For further information see the following:

  • Procedures for suppliers to cover the control of External Providers

    1. In addition to my 27th of December question, 8.6 paragraph demands evaluations of the business continuity capabilities of relevant partners and suppliers;
    Where in the package can I find a format for conducting evaluation for partners and suppliers according to ISO 22301:2019

    You can use the same procedure and checklist used for your internal audit. Both procedure and checklist can be found in folder 10 from your ISO 22301 Toolkit.

    For additional information, see (the same concept applies to ISO 22301):

    2. And another question please. Where can i find a format to record business continuity objectives and actions and evaluation of them as 6.2.1 and 6.2.2 states
    Thank you once again.

    You can use your own document usually used for planning for documenting business continuity objectives and methods to measure them, and if you do not have such, then you can use the blank template provided in the root folder of your toolkit.

    For further information, see:

    And another question, please.
    Where in the package can i find a document to describe external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended outcome such as Pandemic in the territory, Earthquakes, and risk appetite in general and according the site territory;

    The information required by ISO 22301 clause 4.1 is addressed by the following templates:

    • Organization's activities (from clause 4.1 a)) and potential impact from disruptive incidents are addressed by template Business Impact Analysis Questionnaire (located at folder 04 Business Impact Analysis Methodology)
    • The organization's functions (from clause 4.1 a)) are addressed in all templates when an activity to be performed is required (by means of the field [job title]). Functions related specifically to the BCMS are defined in the template Business Continuity Policy, section 3.5, (located at folder 03 Business Continuity Policy)
    • Organization's product and services (from clause 4.1 a)) are addressed by template Business Continuity Policy, section 3.5, (located at folder 03 Business Continuity Policy)
    • Relations with suppliers, partners, and interested parties (from clause 4.1 a)) are addressed by template Business Continuity Strategy (located at folder 05 Business Continuity Strategy)
    • Relationships between the Business Continuity Policy and other organization's policies, objectives, and general risk management strategy (from clause 4.1 b)) are addressed by template Business Continuity Policy, section 2, (located at folder 03 Business Continuity Policy)
    • Organization's risk appetite (from clause 4.1 c)) is addressed by template Business Impact Analysis Questionnaire, section 6 (maximum acceptable outage) (located at folder 04 Business Impact Analysis Methodology)  

    This article will provide you a further explanation (the same concept applies to ISO 22301):

    This material will also help you regarding ISO 22301:

  • ISO 13485 implementation

    No, it is not mandatory for the company to go for the ISO 9001 as well. ISO 13485:2016 is a standard that is specific for Manufacturers of medical devices (Medical devices — Quality management systems — Requirements for regulatory purposes). Besides that, on the web pages of the European Commission are stated which standards are applicable for all types of medical devices:  https://ec.europa.eu/growth/single-market/european-standards/harmonised-standards/medical-devices On that list, which has around 300 standards, only ISO 13485:2015 is the standard for the quality management system.

    For more information, please see the following links:

    • Similarities and differences between ISO 9001:2015 and ISO 13485:2016 https://advisera.com/9001academy/blog/2015/01/21/iso-9001-vs-iso-13485/
    • What is ISO 13485? - https://advisera.com/13485academy/what-is-iso-13485/
    • Checklist of ISO 13485 implementation and certification steps - https://advisera.com/13485academy/knowledgebase/checklist-of-iso-13485-implementation-and-certification-steps/
      •

    • IATF16949 VE ISO 9001

      1. IATF16949 dokumanlarını biliyorum ancak ISO9001:2015 ten farkını çıkaramadım. ISO 9001 de olmayıp IATF16949 olan neler var nereden ulaşabilirim bu bilgiye.

      ISO 9001’de olup IATF 16949 standardında olmayanlar diye hazırlanmış bir döküman olduğunu sanmıyorum ama örnek olarak şunu söyleyebilirim;’’Kalite El Kitabı’’ ISO 9001’de zorunlu değil iken IATF 16949 standardında zorunludur.

      IATF 16949:2016 standardı içinde bakınız ISO 9001 diye referans gösterdiği herşey ISO 9001 standardında mevcuttur. Yani  öncelikle ISO 9001 standart gereklilikleri ve paralelinde IATF 16949 standart gereklilikleri uygulanmalıdır. En iyi yöntem; 2 standardı beraber gözden geçirmek olabilir.

      2. Ve ISO 9001:2015 de tasarım iatf16949 gibi hariç tutulabiliyor mu acaba şimdiden teşekkürler ?

      Eğer organizasyon ürün tasarımı  yapmıyor ise; IATF 16949:2016 standardında ürün tasarım maddeleri hariç bırakılabilinir.  Proses tasarımı IATF 16949:2016 için herzaman geçerlidir ve kapsam dışı bırakılamaz.

      Eğer ISO 9001 ve IATF 16949 firma için beraber yönetiliyor ise ve ürün tasarımı IATF de var ama ISO 9001’de yok ise; o zaman IATF gerekliliği olarak otomotiv ürünleri için kapsamda ürün tasarımı alınabilinir ve ISO 9001’de ise tasarım kapsam dışı olduğu için, komple ISO 9001 kapsamından tasarım çıkartılabilinir. 

       

    • Charitable organisations, non for profits, refugees.

      "Thank you for your reply.I have read it.2 more questions1 if organisation is not in EU but gathering data with consent from EU residents (not citizens). Do this organisation should comply with EU GDPR.?

      Yes, if the organization offers services or goods or processes data of EU individuals it must comply with GDPR.

      2 what kind of status (refugee, person who has working visa, tourist visa, visitor visa) are to be considered as EU resident that data from him can be collected or stored.

      It is considered with a broad meaning. Recital 14 states: “The protection afforded by this Regulation should apply to natural persons, whatever their nationality or place of residence, in relation to the processing of their personal data.” Therefore, if the GDPR applies because it offers services (even without a price) to EU residents, you should intend the residence broadly.

    • Corrective action plan for audit observation for clause 8.1 of ISO 22301

      It is not clear to which processes this nonconformity refers to - if this refers to e.g. business impact analysis, then you need to have a methodology document for performing business impact analysis; if this is about risk assessment, then you need to have a risk assessment methodology, etc. 

      Here you can see the templates for the mentioned documents: 

      You can get all the required documents for ISO 22301 implementation in this ISO 22301 Documentation Toolkit: https://advisera.com/27001academy/iso22301-documentation-toolkit/ 
Page 235-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +