Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11272 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Format of procedure preparation
You can write the procedures in either world, excel, or another format.
The procedure writing method for IATF 16949:2016 standard is not different from ISO 9001:2015 standard.
As you know a procedure states how the process needs to be done.
A procedure offers a general description of how a company meets a process requirement and the procedure consists of more specifics.
This includes scope, objective, responsibilities, references, application, specific tools, methods, measurements, and historical change of procedure.
There are 7 steps in writing quality management system procedures for ISO 9001:2015 and IATF 16949:2016 standards.
These 7 procedure writing steps are listed below, respectively:
- Decide on the process limits.
- Gather the information
- Align with other documents and processes.
- Define your document structure.
- Write your document.
- Get approval for your document.
- Train the relevant employees.
- 7 steps in writing QMS policies and procedures for ISO 9001 https://advisera.com/9001academy/blog/2015/03/10/7-steps-in-writing-qms-policies-and-procedures-for-iso-9001/
For more information please read the following article:
You can also see our IATF 16949:2016 Documentation Toolkit here: https://advisera.com/16949academy/iatf-16949-2016-documentation-toolkit/
Purchase persuasion
I’m assuming you are referring to convince leadership to support an ISO 27001 implementation.
Considering that, to improve your chances to get support for an ISO 27001 initiative in your organization you should provide real examples of benefits related to:
- compliance with regulations regarding data protection, privacy, and IT governance applicable to the organization
- competitive differential that can be achieved by being capable to demonstrate your organization can protect customer information
- decrease in costs incurred by information related incidents
- improving internal organization
Another important point to be considered is the presentation. For top management, you should avoid using technical jargon (concentrate on business benefits).
These articles will provide you a further explanation about ISO 27001 benefits and top management:
- Four key benefits of ISO 27001 implementation https://advisera.com/27001academy/knowledgebase/four-key-benefits-of-iso-27001-implementation/
- 4 crucial techniques for convincing your top management about ISO 27001 implementation https://advisera.com/27001academy/blog/2016/09/12/4-crucial-techniques-for-convincing-your-top-management-about-iso27001-implementation/
- Top management perspective of information security implementation https://advisera.com/27001academy/blog/2012/12/04/top-management-perspective-of-information-security-implementation/
These materials will also help you regarding ISO 27001 benefits and top management:
- ISO 27001 benefits: How to obtain management support [free webinar on demand] https://advisera.com/27001academy/webinar/iso-27001-benefits-how-to-get-management-buy-in-free-webinar-on-demand/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
ISO 22301 Compliance Matrix
You can download an explanation of ISO 22301 standard here: Clause-by-clause explanation of ISO 22301 https://info.advisera.com/27001academy/free-download/clause-by-clause-explanation-of-iso-223012008
In the ISO 27001 & ISO 22301 toolkit you purchased, you will find the document called "List of documents" - it defines which documents are needed for ISO 22301 implementation.
To simplify this, if you want to implement only ISO 22301 without ISO 27001, you would need to implement documents from these folders, in this very sequence:
00 Document management
01 Preparations for the project
02 Identification of requirements
05 Risk assessment and treatment
08 Annex A controls - A.17 Business continuity
09 Training and awareness
10 Internal audit
11 Management review
12 Corrective actions
Writing quality SOP for work infrastructure
In SOP for infrastructure you need to consider the following:
- Description of the buildings, workspace, and associated utilities
- What kind of the process equipment you have (both hardware and software)
- What kind of supporting service you have
More information on this topic you can find in the following article:
- Managing medical device infrastructure requirements according to ISO 13485:2016 https://advisera.com/13485academy/blog/2017/06/28/managing-medical-device-infrastructure-requirements-according-to-iso-13485/
You can also see how the procedures for infrastructure and records of the infrastructure maintenance in our ISO 13485:2016 documentation toolkit look like:
- Procedure for Infrastructure and Work Environment https://advisera.com/13485academy/documentation/procedure-for-infrastructure-and-work-environment-iso-13485-2016/
- Record of Infrastructure Maintenance https://advisera.com/13485academy/documentation/record-of-infrastructure-maintenance-iso-13485-2016/
-
EU GDPR membership and countries outside of the membership
Concerning the EU GDPR membership and countries outside of the membership;The EU GDPR will be mirrored by the UK-GDPR version - would this be subject to regular reviews?
The UK chose to mirror the EU GDPR in order to have an adequate decision by the EU Commission and not lose the free flow of data among EU and UK. It is difficult to forecast regular reviews, either on the EU GDPR or the UK GDPR side.We can imagine a coherent evolution for both regulations in order to provide a standard to controllers and processors, but most will depend on how the relationship between the UK and the EU will continue.
Hypothetically, if the EU were to break up - would the GDPR be able to continue under a unified, but individual country membership?I live in the UK (Scotland) and hope this does not become a reality.
The EU GDPR is a regulation of the EU and it produces effects in Member State on the basis of the EU Treaties. In the unlikely event of EU break up, the Treaties will not produce their effects anymore and the GDPR will have no effects in the former EU States unless the country mirrors it with internal legislation. The negotiation on the dissolving EU may also end with an international agreement adopting the GDPR as a separate treaty in order to benefit each State of the same regulation.
Here you can find more information on the territorial scope of the GDPR
- What is the EU GDPR and why is it applicable to the whole world? https://advisera.com/eugdpracademy/knowledgebase/what-is-the-eu-gdpr-and-why-is-it-applicable-to-the-whole-world/
To have a deeper idea of the list of requirements of GDPR you can consider enrolling in our free online training EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//
-
GDPR Certification
There is no certification process of compliance with GDPR. However, some ISO standards like ISO 27001 and 27701 may end up in conformity to GDPR requirements.
Here you can find more information about ISO 27001 and GDPR:
- Does ISO 27001 implementation satisfy EU GDPR requirements? https://advisera.com/27001academy/blog/2016/10/17/does-iso-27001-implementation-satisfy-eu-gdpr-requirements/
- Privacy, cybersecurity, and ISO 27001 – How are they related?: https://info.advisera.com/27001academy/free-download/privacy-cyber-security-and-iso-27001
There is also our Free webinar:
- How to integrate GDPR with ISO 27001 https://advisera.com/eugdpracademy/webinar/how-to-integrate-gdpr-with-iso-27001-free-webinar-on-demand/
To have a deeper idea of the list of requirements of GDPR you can consider enrolling in our free online training EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//
-
Discussion regarding CSR
If the organization's OEM automotive customer is Ford, Customer-specific requirements (CSR) are already available on the IATF web page and the FORD portal. Therefore, FORD does not give its specific requirements separately.
Your customer portal usage is opened by the customer and you enter it with your password. Portal usage is available for all automotive IATF OEM customers and CSR’s are also uploaded on the IATF website.
If your customer is not Ford, you should use your main customers' customer-specifics requirements (CSR). You should request CSR from your main customer.
The major finding is that CSRs are not reviewed, included in the quality management system, and not implemented
For more information, please see the following article:
- How to satisfy customer-specific requirements when implementing IATF 16949 https://advisera.com/16949academy/blog/2019/07/02/iatf-16949-customer-specific-requirements-how-to-meet-them/
-
Medical Device File
Yes, it is the same. In the ISO 13485:2016 requirement, 4.2.3 Medical device file is stated that an organization must establish the medical device file with the content not limited to the one that is described there. Also, requirement 4.1 states that the organization must be in compliance with all necessary regulatory requirements.
On the EU market, it is not possible to put a medical device without having a technical file under the MDD 93/42/Eec or, from May 2021. according to the MDR 2017/745.
For more information please see the following articles:
- How to determine regulatory requirements according to ISO 13485:2016 https://advisera.com/13485academy/knowledgebase/how-to-determine-regulatory-requirements-according-to-iso-13485/
- How can ISO 13485 help with MDR compliance? https://advisera.com/13485academy/blog/2020/03/09/how-can-iso-13485-help-with-mdr-compliance/
- How to use ISO 13485 to fulfill FDA regulatory classes for medical devices https://advisera.com/13485academy/blog/2017/09/14/how-to-use-iso-13485-to-fulfill-fda-regulatory-classes-for-medical-devices/
-
ISO Accreditation 17025
I assume you are asking how ISO 17025 accreditation would assist you improve the quality of testing ? Your laboratory would benefit from implementing ISO 17025 as the purpose is to guide laboratories to achieve competency and consistently valid results. What you mentioned would be the laboratory’s scope of testing. Method development, validation and measurement uncertainty will be an important focus to achieve your scope.
For further information see the following:
- The whitepaper Clause-by-clause explanation of ISO 17025:2017 at https://info.advisera.com/17025academy/free-download/clause-by-clause-explanation-of-iso-17025/
- The article What does ISO 17025:2017 require for laboratory measurement equipment and related procedures? at https://advisera.com/17025academy/blog/2019/07/25/iso-17025-measurement-requirements-of-the-standard/
- The ISO 17025 toolkit at https://advisera.com/17025academy/iso-17025-documentation-toolkit/ and the document template: Equipment and Calibration Procedure at https://advisera.com/17025academy/documentation/equipment-and-calibration-procedure//
-
Calibration
That would not be appropriate to calibrate an auto titrator. Note firstly that ”a grade glassware” is not a Certified Reference material. The glassware does not come with an individual calibration certificates.
Your equipment supplier or equipment manual should provide you with suitable information, Simply stated, you would need to use a suitable balance and determine the volume dispensed gravimetrically; or use a primary standard for titration to determine the linearity and correlation coefficient of the auto titrator. Depending on the methods you use, you would select a suitable primary standard and titrate a range of five quantities as per your method to provide data for the calculations.
The following toolkit document, with associated records may be of interest Equipment and Calibration Procedure at https://advisera.com/17025academy/documentation/equipment-and-calibration-procedure//