Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Warranty and Lifetime

    The company where I work is not very big and activity is related with the assembly of wire harnesses for automotive.

    Recently I was requested to give info for the Lifetime of the product and Warranty management to our OEM potential customer I have read of course IATF points related to this but it's still not very clear.What are obligations related to warranty management from the supplier side?

    As you know, the quality responsibility of the product belongs to the manufacturer and designer throughout the product lifetime. The solution to problems related to product design belongs to the product design responsibility. The production factory is responsible for the problems related to the production quality of the product.

    Complaints about the products produced by the supplier can come in 2 ways.

    • Directly from the factory where it sells the product
    • From vehicle service
    If the supplier receives complaints directly from services or from the factory; these issues must be addressed according to the complaint management clauses 10.2.3,10.2.4,10.2.5 and 10.2.6 of IATF 16949: 2016 standard.

    What info I have to collect to answer about a lifetime?

    Product lifetime information such as life, durability, replacement time, etc should come from the product design responsible. This information should come from the product technical drawings and/or technical specifications 

  • Adequacy under GDPR

    Yes, you can process data to a third country that is not considered adequate under GDPR. Article 46 GDPR allows Parties to transfer data with a legal and binding agreement adopting the Standard Contractual Clauses (SCC) as implemented by the EU Commission.These SCCs are requirements that Parties agree to implement voluntarly in order to provide adequate safeguards to the transfer of data. It concerns the protection of data subjects' rights, the security of transfers, and the processing of data accordingly with the EU GDPR provisions.

    Here you can find the template of Standard Contractual Clauses Annexes  (MS Word) as implemented by the EU Commission: https://info.advisera.com/eugdpracademy/free-download/standard-contractual-clauses-annexes

    Here you can find more information about data transfers.

    To have a deeper idea of the list of requirements of GDPR you can consider enrolling in our free online training EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

  • Data Protection Officer

    Yes, you can appoint an internal Data Protection Officer (DPO) who should have knowledge in GDPR and data protection legislation. 

    Article 38 GDPR does not prescribe the position as internal or external, the choice is left up to the controller. It is important the person appointed has the independence from the board and the professional skills to perform tasks listed in Article 39 GDPR.Our course and the final exam can demonstrate that the appointed DPO has sufficient knowledge to perform the tasks.

    Here you can find more information on the role of DPO:

    To have a deeper idea of the list of requirements of GDPR and the role of DPO you can consider enrolling in our free online courses:

  • Management reviews (Option A)

    Morning Tracy, thank you very much.

  • Risk assessment

    General steps for risk assessment and treatment are:

    • Risk identification (i.e., identification of elements that compose the risk, and already implemented controls)
    • Risk analysis (i.e., the definition of risk value, considering any already implemented controls
    • Risk evaluation (i.e., comparing the risk value to risk acceptance criteria to decide if additional treatment is required)
    • Risk treatment (i.e., defining which treatment is to be applied, and its effect on the risk)

    Here is an example considering a scenario where a power generator is no longer needed, and possible power failures will be covered by UPS, and the use of the asset-threat-vulnerability approach:

    • Risk identification: assets would be any power dependable equipment (e.g., servers, desktops, routers, etc.), threat (power failure), vulnerability (lack of power generator), and implemented control (UPS)
    • Risk analysis: without any emergency power supply, your operations will run as long as the charges of your UPSs before the normal power supply is recovered, so the risk of operational disruption will increase with time (i.e., you have to consider how long your UPSs will last and how long it will be necessary to the normal power supply to be reestablished to value the risk).
    • Risk evaluation: considering your risk evaluation criteria you can decide how to treat (e.g., mitigate, transfer, accept, or avoid)
    • Risk treatment: for mitigation: you may decide to keep the power supply, for transfer you can decide to operate in a facility physically maintained by a third party, or you can do nothing and absorb the impact if the risk occurs.
      Please note that this analysis is valid only for this scenario. For example, if the asset to be removed is a notebook, you must take other considerations to take into account, like the information stored in the notebook.

    To see how documents for performing risk assessment and treatment compliant with ISO 27001 look like, please access the demo templates in this link: https://advisera.com/27001academy/iso-27001-22301-risk-assessment-toolkit/

    These materials will provide you afurther explanation about risk assessment and treatment:
    - The basics of risk assessment and treatment according to ISO 27001 [free webinar] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/
    - ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/

    These materials will also help you regarding risk assessment and treatment:
    - Diagram of ISO 27001:2013 Risk Assessment and Treatment process https://info.advisera.com/27001academy/free-download/diagram-of-iso-270012013-risk-assessment-and-treatment-process
    - Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

  • Risk assessment

    When you assess the impact and the likelihood of a set of asset-threat-vulnerability for which you already have implemented controls, you have to take into account the existing controls (because they decrease the probability of your risk). In such cases, you need to include in your assessment the information about the "existing controls" (e.g., you can use a plain description of the control, without referring to ISO 27001 or ISO 27002).

    For further information, see:
    - Why is residual risk so important? https://advisera.com/27001academy/knowledgebase/why-is-residual-risk-so-important/
    - Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

  • Setting up a Microbiology Lab and getting cannabis GMP certification

    You asked

    "Is it possible to get GMP certification on cannabis testing within a laboratory without having GMP certification in the Microbiology dept.

    GMP is Good Manufacturing Practice (GMP) and relates to the production and control of products (and facilities) through quality standards. Typically in larger companies, the company / production facility will be GMP certified, not the quality control / testing Laboratory. This does, of course, depend  on the company structure (the company and laboratory may be the same entity).  As the company must maintain reliable testing laboratories, this means all quality aspects, including the quality control microbiology laboratory; must be GMP compliant. The laboratory  functions as an inhouse testing facility so must comply with the requirements of GMP, as relates to what it does.

    You also asked

    If not, then if the laboratory is ISO 17025 accredited, then presumably we will have to get GMP accreditation first for the Microlab and then for cannabis testing, or can we combine the two?

    Regulations vary greatly with Cannabis products – some countries / States require testing laboratories to be ISO 17025 accredited. GMP is more commonly a compliance requirement.  Yes, you can certainly combine the GMP and ISO 17025 implementation. I would suggest you start by developing a ISO 17025 implementation / GMP compliance plan and incorporate accreditation for the laboratories as part of that plan. Identify and address all the laboratory requirements and expand and documentation and requirements to meet GMP as well.

    It will depend on your customer and regulatory needs whether you apply for ISO 17025 accreditation or GMP certification first. Have a look at the following articles for further overview of ISO 17025 The Toolkit may be a suitable start .

  • Relationship between ISO 22301 And ISO 9001

    The two standards have a common structure. Many clauses have the same number and name, what is different is the scope. In a certain way, and I’m not an expert in ISO 22301, ISO 22301 handles with detail a particular risk that can be determined while preparing a quality management system according to ISO 9001:2015. If your organization already has implemented a ISO 22301 at least you already know what most of the topics are about, as I wrote before, the difference is in the scope and detail for normal operation.

    The following material will provide you more information:

  • Environmental aspect and impact procedure

    Please check this article - List of mandatory documents required by ISO 14001:2015 - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/list-of-mandatory-documents-required-by-iso-140012015/

    As you can see a procedure for identification and evaluation of environmental aspects is not mandatory. I think it can be useful, particularly when organizations have complex evaluation schemes or when people change with some frequency, or when you want the exercise done by several people without necessarily the presence a central Environmental Manager.

    Please check this information below with more detailed answers:

  • ISO 20000 benefits in building companies

    Most probably you are supporting your business with IT services, like:

    ·        Supporting daily activities in your offices (desktop, network infrastructure, WLAN/LAN access, printing, file storage, email, etc.)

    ·        You have other services in your company which use IT services (e.g. finance – ERP, sales – CRM, HR, marketing – web presence, digital marketing, etc.)

    ·        If you have a project office where they deal with CAD tools – they also need your support

    ·        On-site (on construction site) – IT services are also used

    ·        Mobility of the workforce

    ·        Etc.


    These are examples of how IT services support the business, so there are many benefits where efficient IT Service Management (ISO 20000 will help you achieve that) can support the business.

    More about the benefits in the article „5 key benefits of ISO 20000 implementation“ https://advisera.com/20000academy/blog/2016/02/09/5-key-benefits-of-iso-20000-implementation/
Page 240-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +