Search results

ISO 9001

ISO 9001 is defined as the international standard that specifies requirements for a quality management system (QMS). Organizations use the standard to demonstrate the ability to consistently provide products and services that meet customer and regulatory requirements.

ISO 27001 budgeting

Broadly speaking, I can suggest these main topics to consider:

OPEX:

• Training and literature
• External assistance
• The certification process

CAPEX:

• Technologies to be updated/implemented

Regarding ISMS maintenance costs, the above-mentioned costs also have to be considered, but at different levels, and you have to add the surveillance audit costs for certification maintenance.

These articles can provide you more information:

• How much does ISO 27001 implementation cost? https://advisera.com/27001academy/blog/2011/02/08/how-much-does-iso-27001-implementation-cost/
• 5 ways to avoid overhead with ISO 27001 (and keep the costs down) https://advisera.com/27001academy/blog/2012/06/19/5-ways-to-avoid-overhead-with-iso-27001-and-keep-the-costs-down/
• How to Budget an ISO 27001 Implementation Project https://info.advisera.com/27001academy/free-download/how-to-budget-an-iso-27001-implementation-project

Question about assets for threats

For additional examples of the combination of assets, threats, and vulnerabilities, please see these materials:

• ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
• Checklist of cyber threats & safeguards when working from home (PDF) https://info.advisera.com/27001academy/free-download/checklist-of-cyber-threats-and-safeguards-when-working-from-home

ISO 27001 certification validity change according to address change

In case of an address change, you need to communicate that to your certification body, so you both can evaluate the degree of impact this will bring to your ISMS and the certification validity, to identify if any immediate change is required, or if related changes can be assessed during the next scheduled audit.

ISO and six sigma improvement of the service quality of logistics

With ISO 9001 an organization implements a set of practices, written or not, they represent a standard way of doing things internally. The same ISO 9001 requires determining indicators to monitor and measure performance.

So, your organization must have some indicators about logistics performance. When your organization decides to improve performance, it may use six sigma as a methodology for improvement.

You can find more information below:

• ISO 9001 vs Six Sigma: How they compare and how they are different - https://advisera.com/9001academy/knowledgebase/iso-9001-vs-six-sigma-how-they-compare-and-how-they-are-different/
• ISO 9001:2015 vs. Six Sigma: A comparison - Download a free white paper - https://info.advisera.com/9001academy/free-download/iso-9001-vs-six-sigma-comparison
• How ISO 9001 improves shipping procedures - https://advisera.com/9001academy/blog/2019/07/09/how-iso-9001-improves-shipping-procedures/
• ISO 9001 document template: - Procedure for Transportation Services - https://advisera.com/9001academy/documentation/procedure-for-transportation-services/
• Free on-line course - ISO 9001:2015 Foundations Course: https://advisera.com/training/iso-9001-foundations-course/
• Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
   

Equipment qualification

Yes, it is a different approach for the same purpose. Typically the Design and Installation Qualification (DO and IQ) activities are performed by the supplier on commissioning, with some input by the laboratory to run certain samples and develop a method. In a 17025 those first steps need to cover clause 6.4 for equipment, as well as 6.5, Metrological traceability of results. That means making sure the equipment is selected and can perform as expected and there is a way through calibrations, to provide an unbroken link for measurements, to SI units (international references).

You are correct,

Yes, it is a different approach for the same purpose. Typically the Design and Installation Qualification (DO and IQ) activities are performed by the supplier on commissioning, with some input by the laboratory to run certain samples and develop a method. In a 17025 those first steps need to cover clause 6.4 for equipment, as well as 6.5, Metrological traceability of results. That means making sure the equipment is selected and can perform as expected and there is a way through calibrations, to provide an unbroken link for measurements, to SI units (international reference).

You are correct, in an average 17025 laboratory, the Operational Qualification and Performance Qualification is the same as method validation and measurement uncertainty evaluation (clause 7.2 and 7.6) and ongoing assurance, i.e. ensuring the validity of results through the use of controls and reference standards (clause 7.7).

Certain equipment must be calibrated, and the measurement uncertainty calculated, i.e. when it is used to establish the metrological traceability and if the validity of the reported results would be affected by the measurement accuracy and uncertainty of the equipment. Remember this does not only apply to apparatus, but also to standard reference materials or objects. This is where a laboratory will use an accredited calibration laboratory or a reputable supplier of certified reference materials. Once you have such material and a certificate of analysis, and you have evaluated the performance of your method, you can perform intermediate checks using your inhouse reference material, as long as it is well characterised (have lots of data) against the certified material (CRM) traceable to an International standards. For certain sectors, e.g pharmaceutical, a CRM has to be analysed for each analysis batch to verify, for example the performance of an HPLC or GC. The risk must be managed by the laboratory, based on the type of test and the regulatory nature of the sector.

For more information, have a look at

• The response to the question Is it necessary having third party come to certify accuracy of my equipment periodically at https://community.advisera.com/topic/is-it-necessary-having-third-party-come-to-certify-accuracy-of-my-equipment-periodically/
• The article: What does ISO 17025:2017 require for laboratory measurement equipment and related procedures? at https://advisera.com/17025academy/blog/2019/07/25/iso-17025-measurement-requirements-of-the-standard/
• The ISO 17025 toolkit document template: Equipment and Calibration Procedure at https://advisera.com/17025academy/documentation/equipment-and-calibration-procedure/

Also refer to  ILAC P10:07/2020 ILAC Policy on Metrological Traceability of Measurement Results and ILAC G24:2007 Guidelines for the determination of calibration intervals of measuring instruments, available from https://ilac.org/publications-and-resources/

A.6.1.5 Information security in project management

The need to consider Information security in project management separately will depend on the results of risk assessment and applicable legal requirements (e.g., laws, regulations, and contracts).
 
For example, some projects may require the implementation of technologies not used in your organization at large, so it would not make sense to write a corporate policy. Other projects, by force of contracts, may require that all information security is under project context. In case these situations do not occur, then you can make projects refer to the corporate documents  

For additional information, see:

• How to manage security in project management according to ISO 27001 A.6.1.5 https://advisera.com/27001academy/what-is-iso-27001/

Applying and monitoring quality management regulations

You must start by determining what are the relevant regulations. Access them to translate them into requirements.

You must set a frequency to monitor if any new regulations appear and if the older ones become outdated.

You can find more information below:

• What does “external documents control” mean in ISO 9001? - https://advisera.com/9001academy/blog/2019/02/04/what-does-external-documents-control-mean-in-iso-9001/
• How to include statutory and regulatory requirements in your QMS - https://advisera.com/9001academy/blog/2017/02/14/how-to-include-statutory-and-regulatory-requirements-in-your-qms/
• Free on-line course - ISO 9001:2015 Foundations Course: https://advisera.com/training/iso-9001-foundations-course/
• Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

Excluding clause 8.3

You cannot exclude a clause. You can only consider a clause as non-applicable.

Sometimes, for an organization, a clause may be applicable or not just because of the scope of the quality management system.

So, the answer will depend on the scope. However, it seems odd to exclude the development of the software.

The following material will provide you more information about non-applicability of a clause:

• What clauses can be excluded in ISO 9001:2015? - https://advisera.com/9001academy/blog/2015/07/07/what-clauses-can-be-excluded-in-iso-90012015/2015/
• Free webinar on demand - ISO 9001:2015 clause 4 - Context of the organization, interested parties, and scope -
• Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/