Search results

Classification of company assets

Along with greeting you, I would like to please if you could help me with a question I have. I am classifying the assets of the company and in the case of computers and laptops, for example, do I have to enter into the classification all those that exist in the organization or only one?

I remain attentive to your response, greetings and thanks

By your question, I'm assuming you are talking about filling in the asset register.
 
Considering that, you need to include in the asset register all assets that are related to the ISMS scope (in case the scope covers all organizations, then you need to consider all computers and laptops). But you do not need to include every single asset. You can create a single asset named "laptop" or, in case you need to use different classification levels, you can identify assets like "common laptop" and "development laptop", and define a different classification for each one.
 
This article will provide you a further explanation about the asset register:  

• How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/

ISO 14001 certification cost and duration

I believe you’re enquiring about the cost of getting a company ISO 14001 certified.
The cost and time of getting ISO 14001 certification depend on two important variables: the dimension of the organization and its environmental status.
For example, concerning time. When there are no problems with compliance obligations according to Advisera’s experience, organizations using our Documentation Toolkit, from start to certification, need:

• Companies of up to 10 employees - up to 3 months
• Up to 50 employees - 3 to 6 months
• Up to 200 employees - 6 to 10 months
• More than 200 employees - 10 to 20 months

Without our Documentation Toolkit, they need more time.
As someone implementing management systems as a consultant for almost 30 years, I have plenty of experience where organizations promise resources and commitment before starting the project and then they fail.

For example, concerning costs you have to consider two factors:
· What is the present situation concerning compliance obligations? For example, I have worked with some organizations that had to spend a lot of money to correct their air emissions.
· Certification costs will depend on certification body to certification body but the main factor is the number of workers in the organization.

Please check this information below with more detailed answer:

• Free webinar on-demand - How to use a Documentation Toolkit for the implementation of ISO 14001 - https://advisera.com/14001academy/webinar/how-to-use-a-documentation-toolkit-for-the-implementation-of-iso-14001-free-webinar-on-demand/
• List of ISO 14001 implementation steps - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/list-of-iso-14001-implementation-steps/
• ISO 14001:2015 Implementation diagram - https://info.advisera.com/14001academy/free-download/iso-14001-2015-implementation-diagram
• Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
• Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/

SOP for Control of Nonconforming Product/Proces

According to the ISO 13485:2016, there is a requirement for the SOP for the Control of nonconforming product (requirement 8.3.1 General).

Return merchandise authorization is covered in the requirement 8.3.3 Actions in the response to non-conforming product detected after delivery. Usually, this requirement is covered in the same SOP for the Control of non-conforming products. Organizations must take actions appropriate to the effect that non-conforming products can be issued.

For more details, please see the following article:

• ISO 13485:2016 nonconforming product – How to approach the post-delivery actions https://advisera.com/13485academy/blog/2017/04/11/iso-134852016-nonconforming-product-how-to-approach-the-post-delivery-actions/
• Understanding dispositions for ISO 9001 nonconforming product https://advisera.com/9001academy/blog/2014/11/18/understanding-dispositions-iso-9001-nonconforming-product/

On the following link you can see how our procedure and template for the non-conforming product look like in ISO 13485:2016 Documentation toolkit:

• Procedure for Control of Non-Conforming Products https://advisera.com/13485academy/documentation/procedure-for-control-of-non-conforming-products-iso-13485-2016/
• Non-Conforming Product Record https://advisera.com/13485academy/documentation/non-conforming-product-record-iso-13485-2016/

• Excluding clauses of ISO 9001 for a law firm

  Excluding clauses is not a technical decision, it is a management decision based on the scope of the quality management system. For example, are Law firms not innovative and do not develop new services? Is clause 8.3 automatically not applicable?

  Only after looking into the scope of the quality management system, one can say if a clause is applicable or not.

  The following material will provide you more information about exclusions:

  What clauses can be excluded in ISO 9001:2015? - https://advisera.com/9001academy/blog/2015/07/07/what-clauses-can-be-excluded-in-iso-90012015/2015/
  Free webinar on-demand - ISO 9001:2015 clause 4 - Context of the organization, interested parties, and scope -
  Enroll for the free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
  Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

• Environmental risk assessment in a garments factory

  You can start looking at your environmental aspects and impacts and determine what can go wrong and provide undesirable consequences like emergency situations or breakdowns.

  Then look for interested parties and determine possible changes for the future and their potential impact in your organization. For example, customer requirements may demand more chemicals, environmental legislation may be more demanding.

  PESTLE analysis may be useful to frame thinking about risks related with policy, technology, economy and social movements. Although about ISO 9001, perhaps the technique that I use and present in this free webinar on demand - Context of the organization, interested parties, and scope - - may be useful for you to work with context and interested parties to determine risks.

  Please check this information below with more detailed answers:

  • ISO 14001 risks and opportunities vs. environmental aspects - https://advisera.com/14001academy/blog/2016/03/21/how-does-product-life-cycle-influence-environmental-aspects-according-to-iso-140012015/
  • ISO 14001 document template: Procedure for Identification and Evaluation of Environmental Aspects and Risks - https://advisera.com/14001academy/documentation/procedure-for-identification-and-evaluation-of-environmental-aspects/
  • Enroll for free in this course – ISO 14001:2015 Lead Auditor Course - https://advisera.com/training/iso-14001-lead-auditor-course/
  • Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/

   

• ISO 9001 and supply chain control

  ISO 9001 is a generic standard applicable to all kinds of organizations. If an organization uses ISO 9001 to improve the business and to do more than just getting a certificate, we can look into clauses 4.2 and 6.1 of ISO 9001:2015 as a way of answering your concerns. For example, in this free webinar on-demand - Context of the organization, interested parties, and scope - - I show how a set of participants in a business ecosystem can be included. When working with organizations on this topic I recommend thinking in more than just the needs and expectations of the interested party – that means:
  

  About the fake/fraudulent components, it is a matter of thinking about risks and acting on those more significant. For example, I’m currently working with a manufacturing company on the implementation of a quality management system. One of the risks determined was about using raw materials during production with specifications changed by the supplier without warning. So, we determined a set of laboratory tests to be performed every x months. 

  You can find more information below about mitigating risks.

  • How to determine interested parties and their requirements according to ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/11/10/how-to-determine-interested-parties-and-their-requirements-according-to-iso-90012015/
  • How to address risks and opportunities in ISO 9001: https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
  • In this free webinar on-demand - How to implement risk management in ISO 9001:2015 - https://advisera.com/9001academy/webinar/how-to-implement-risk-management-in-iso-90012015-free-webinar/
  • Enroll for the free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
  • Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ (I use a lot of examples based on the risk-based approach)

• Controlled vs Non-Controlled copy

  Who are these students?

  Are they future users of the SOP’s? If they are future users of the SOP’s, will they have access to them in the future through paper or through another medium, like digital? If they will have future access to SOP’s through paper perhaps the copies should be controlled.

  If they are not future users, or are future users with future access through digital, distributing non-controlled copies seems to be the best solution.

  Controlled copies are used to ensure that those that need to use them are on the loop to be informed of any change

  You can find more information about documentation below:

  • Some tips to make Document Control more useful for your QMS - https://advisera.com/9001academy/blog/2014/05/20/tips-make-document-control-useful-qms/
  • Free online training ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
  • Book - Managing ISO Documentation: A Plain English Guide - https://advisera.com/books/managing-iso-documentation-plain-english-guide/

• Seperation of the ISO13485/MDR toolkit.

  Templates for the ISO 13485 can and are recommended to be in one folder. Considering MDR, my recommendation is that MDR folders should be organized for one medical device or group (family) of medical devices – it means that each medical device or family of medical devices will have one folder.

  A medical device family is a collection of medical devices that have the same or similar intended purpose, have the same risk classification, and have the same design and manufacturing process. Members of the medical device family can differ in the following (for example):

  • in the sizes (e.g. gauzes different sizes, syringes with different volumes, gowns different sizes)
  • strength (e.g. needle force)