Search results

Evaluation criteria for environmental aspects

First, why do we use evaluation criteria? To segment significant aspects from the non-significant aspects. Why? Because resources are scarce, we should focus our attention and resources on those aspects where we can get the most improvement leverage. There is no other reason for developing evaluation criteria. So, any criteria that help your organization doing that is acceptable. Some organizations start with simple criteria like gravity, frequency/probability and ability to control or influence and then, with time, evolve to include other criteria like economic outcomes.
So, if you are starting, I recommend a simple approach.

Please check this information below with more detailed answers:

• Environmental aspect identification and classification - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/environmental-aspect-identification-and-classification/
• Catalogue of environmental aspects - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/catalogue-of-environmental-aspects/
• ISO 14001 risks and opportunities vs. environmental aspects - https://advisera.com/14001academy/blog/2016/03/21/how-does-product-life-cycle-influence-environmental-aspects-according-to-iso-140012015/
• Free webinar - ISO 14001: Identification and evaluation of environmental aspects - https://advisera.com/14001academy/webinar/iso-14001-identification-and-evaluation-of-environmental-aspects-free-webinar-on-demand/
• ISO 14001 document template: Procedure for Identification and Evaluation of Environmental Aspects and Risks - https://advisera.com/14001academy/documentation/procedure-for-identification-and-evaluation-of-environmental-aspects/
• Enroll for free in this course – ISO 14001:2015 Lead Auditor Course - https://advisera.com/training/iso-14001-lead-auditor-course/
• Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/

Monitoring integrity issues in QMS

As far as I understand your question, integrity issues can be integrated into a QMS through the risk-based approach:

• Determining risks
• Evaluate risks
• Develop action plans to deal with the most critical (prevention, response and simulation)

You can find more information below:

• Similarities and differences in risk management in ISO 9001, ISO 31000, and ISO 27001 - https://advisera.com/9001academy/blog/2016/10/25/similarities-and-differences-in-risk-management-in-iso-9001-iso-31000-and-iso-27001/
• How to address risks and opportunities in ISO 9001: https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
• How to identify risk significance in ISO 9001:2015 - https://advisera.com/9001academy/blog/2019/01/14/how-to-identify-risk-significance-in-iso-90012015/
• For a free preview of an example of the Registry of Key Risks and Opportunities - https://advisera.com/9001academy/documentation/registry-of-key-risks-and-opportunities/
• Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
   

Privacy Policy

"Dear Sir/MadamI need your advice regarding the belowAs a data processor , is it required to create a privacy policy

From your question, I understand that you are asking me if the processor has to inform data subjects about data processing through the privacy notice under Article 13 GDPR. 

The purpose of a Privacy notice is to provide to data subject all the information about data processing. In fact, Article 13 GDPR requires that the controller inform the data subjects about what kind of data is processed, the purposes of the processing, if there are any data transfer, and all the information that needs to be provided by the controller to the data subjects. Privacy notice is mandatory.

The privacy policy, instead, is an internal document from the management that shows how the organization processes personal data and sets rules on processing, access data, data retention period, and so on. The privacy policy is considered one of the organizational measures to be taken by both processors and controllers. It is mandatory under Article 24 (2) GDPR when proportionate in relation to processing activities.

What is data processor obligation regarding data subject right"

As a processor, you need to establish processes that allow the controller to fulfill its obligation towards data subjects. This means that if the controller receives a request to exercise the right of erasure (right to be forgotten) and request you to erase the data of the data subject, you need to comply with such request.

Here you can find more information:

• EU GDPR controller vs. processor – What are the differences? https://advisera.com/eugdpracademy/knowledgebase/eu-gdpr-controller-vs-processor-what-are-the-differences/
• Data subject rights according to GDPR https://advisera.com/eugdpracademy/knowledgebase/8-data-subject-rights-according-to-gdpr//
• Four main questions for obtaining and managing data subjects’ consent under GDPR: https://advisera.com/eugdpracademy/knowledgebase/four-main-questions-for-obtaining-and-managing-data-subjects-consent-under-gdpr/
• EU GDPR Data Subject Access Request Flowchart https://info.advisera.com/eugdpracademy/free-download/eu-gdpr-data-subject-access-request-flowchart

You can also consider enrolling in this free online training EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

Implementation of the ISO 27001

1 - For instance, would it be sufficient for us to adjust certain procedures we already have because of this? Besides creating new ones that are required of course.

ISO 27001 and ISO 13485 share some common requirements, and procedures related to them can be integrated into single documents with minor adjustments, like document control, internal audit, and management review.

2 - Is integrating ISO 27001 into our Quality Management System possible?

ISO 27001 and ISO 13485 share some common requirements, it is perfectly possible to integrate them.

For further information, see:

• How to implement integrated management systems https://advisera.com/articles/how-to-implement-integrated-management-systems/
• Using ISO 9001 for implementing ISO 27001 https://advisera.com/27001academy/blog/2010/03/08/using-iso-9001-for-implementing-iso-27001/ (the general concept applies to ISO 13485)

3 - Does a gap analysis exist between ISO 13485 and ISO 27001 and if so, has it already been made?

A direct gap analysis is not available, but you can use these references to have this information:

• Similarities and differences between ISO 9001:2015 and ISO 13485:2016 https://advisera.com/9001academy/blog/2015/01/21/iso-9001-vs-iso-13485/
• ISO 27001 vs. ISO 9001 matrix (PDF) https://info.advisera.com/9001academy/free-download/iso-9001-2015-vs-iso-27001-2013-matrix

4 - Is this kind of information also addressed extensively in your toolkit?

I'm assuming you are referring to information related to integration.

Considering that, common demand is for integration between ISO 27001 and ISO 22301, and this is the information provided in the toolkit.

However, by buying the toolkit you will have our support, through questions sent to our experts, or by means of online meetings, where you can solve your doubts related to this and other related issues.

Requirements for medical device implant

If you are asking what requirements are applicable for implantable medical device, here they are:

Most of the implantable devices need to be sterile, then requirements 7.5.5 Particular requirements for sterile medical devices and 7.5.7 Particular requirements for validation of processes for sterilization and sterile barrier systems are applicableImplantable medical devices do not need installation and service so requirements 7.5.3 Installation activities and 7.5.4 Servicing activities are not applicable

All other requirements are applicable.

For more information on what is ISO 13485, please see the following articles:

• What is ISO 13485? - https://advisera.com/13485academy/what-is-iso-13485/
• Six key benefits of ISO 13485 implementation - https://advisera.com/13485academy/knowledgebase/six-key-benefits-of-iso-13485-implementation/
• Checklist of ISO 13485 implementation and certification steps - https://advisera.com/13485academy/knowledgebase/checklist-of-iso-13485-implementation-and-certification-steps/

• Vendor Reviews

  I work for ***, which provides software and services to help companies do webinars. I'm trying to figure out if certain companies that we use their services need to be on our Vendor Log, and if we need to perform periodic vendor reviews for them, etc. It is clear to me that our Key Vendors and all vendors who interface with our software would need to be included. But what about companies like ***, who helps us manage our social accounts? It is not clear to me where the line is in cases like this. Thanks very much.

• Test methods and measuring equipment

  About measurement systems analysis; The IATF 16949: 2016 standard requires the following requirements.

  7.1.5.1.1 Measurement systems analysis 

  Statistical studies shall be conducted to analyze the variation present in the results of each type of inspection, measurement, and test equipment system identified in the control plan. The analytical methods and acceptance criteria used shall conform to those in reference manuals on measurement systems analysis. Other analytical methods and acceptance criteria may be used if approved by the customer. 

  Records of customer acceptance of alternative methods shall be retained along with results from alternative measurement systems analysis (see Section 9.1.1.1). 

  Note: Prioritization of MSA studies should focus on critical or special product or process characteristics

  So as you know, an MSA study must be carried out for each type of instrument specified in the control plan. 
  In other words, MSA is not required if measurement equipment is not defined in the control plan. If any automotive customer, in customer-specific requirements, is stated that there is an obligation to do MSA studies once a year; then MSA studies must be done once a year. 
  But if there is no such request; as long as the measurement device does not change, malfunction or the device is changed; MSA is not required every year.

  Briefly,

  • MSA should be for every type of measuring instrument included in the control plan. Better have an MSA plan prepared.
  • It is recommended to start with the critical product and process characteristics.
  • There are also many methods for MSA. There is no only Gauge RR study, there are bias, linearity, stability, short method, ANOVA, GRR, attribute methods, destructive methods, etc..  
  • The correct MSA method should be chosen according to the type of measurement system.

  For more information, please see the following article:

  How to Establish Measurement System Analysis According to IATF 16949 https://advisera.com/16949academy/blog/2017/11/08/how-to-establish-measurement-system-analysis-according-to-iatf-16949/
   

• ISO 9001 - where to start?

  Setup a project sponsor, a project manager, and a project team. Ensure top management support, get training about the standard. Designing and implementing a quality management system implies being knowledgeable about ISO 9001:2015.
  As a first step perform a Gap analysis, to determine the amount of work to be done - comparing what your organization already has in place versus ISO 9001:2015 requirements. From that GAP Analysis, you can develop your Project Plan, listing what needs to be done, by whom, until when.

  
  Then, an important step is to design a model of how your organization works as a set of interrelated processes. For example:
  
  Decide how to describe and monitor those processes.
  From there you start with the implementation in order to close the gaps found. Then, perform an internal audit and the management review. There you can decide if your organization is ready for a certification audit.
  This is a very short description of the journey but below you can find more detailed information:

  You can find more information below:

  • Free Gap Analysis Tool - https://advisera.com/9001academy/iso-9001-gap-analysis-tool/
  • Should you use a gap analysis in your ISO 9001 implementation? -https://advisera.com/9001academy/17/use-gap-analysis-iso-9001-implementation/
  • Checklist of ISO 9001 implementation & certification steps - https://advisera.com/9001academy/knowledgebase/checklist-of-iso-9001-implementation-certification-steps/
  • ISO 9001 Implementation diagram - https://info.advisera.com/9001academy/free-download/iso-9001-implementation-diagram
  • How to budget an ISO 9001 implementation project - https://info.advisera.com/9001academy/free-download/how-to-budget-an-iso-9001-implementation-project?utm_source=script-for-iso-9001-lead-implementer-course&utm_medium=downloaded-content&utm_content=lang-en&utm_campaign=free-downloads-9001
  • Free webinar on demand - Overview of ISO 9001 implementation steps - https://advisera.com/9001academy/webinar/overview-of-iso-9001-implementation-steps-free-webinar-on-demand/
  • Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
  • Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

• ISO 14001 Environmental performance evaluation

  I don’t know if I’m understanding your question. What I recommend doing is to:

  • determine significant environmental aspects and determine which need to be part of a monitoring and measuring plan
  • determine monitoring and measuring requirements based on compliance obligations

  Based on 1 and 2 develop a monitoring and measuring plan. Some indicators are explicit requirements from compliance obligations with specifications and frequency defined. Some indicators are determined by the organization and can be absolute or relative. For example, water or energy consumption per unit amount of output.

  Together with evaluation of environmental performance I recommend doing the evaluation of action plans progress.

  Please consider the following information:

  • Environmental performance evaluation - https://advisera.com/14001academy/blog/2015/07/06/environmental-performance-evaluation/
  • How to perform communication related to the EMS - https://advisera.com/14001academy/blog/2015/08/31/how-to-perform-communication-related-to-the-ems/
  • Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
  • Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/