Search results

Satisfaire a un audit ISO 9001

Un audit a un domaine d'application, des critères et un objectif. Ainsi, un audité, pour se préparer à un audit, doit vérifier si, dans le domaine d'application de l'audit, les critères sont remplis ou non: dans quelle mesure les procédures et instructions sont suivies, dans quelle mesure les enregistrements sont généré et archivé, dans quelle mesure les performances sont conformes aux specifications, la mesure dans laquelle les installations sont correctement entretenues.

Toute situation qui ne répond pas aux critères doit être corrigée afin qu'elle soit conforme lors de l'audit. Il sera également important de préparer les audités à l'audit en se rappelant le type de questions qui peuvent être posées et de la manière dont on peut y répondre.

Les ressources suivantes peuvent fournir plus d'informations:

• ISO 9001 internal auditor training: Is it for me? - https://advisera.com/9001academy/blog/2015/06/02/iso-9001-internal-auditor-training-is-it-for-me/
• Free webinar on demand - How to perform an ISO 9001:2015 internal audit - https://advisera.com/9001academy/webinar/how-to-perform-an-iso-9001-2015-internal-audit-free-webinar-on-demand/
• Free online training ISO 9001:2015 Internal Auditor Course: https://advisera.com/training/iso-9001-internal-auditor-course/
• Book - Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/
   

Estudios de riesgo

Los riesgos existen en cualquier tipo de negocio, independientemente del sector de la actividad o de su tamaño, por ello un análisis de los riesgos de una organización es crucial para su  funcionamiento. La correcta gestión del riesgo, implica que sus consecuencias sean mitigadas y  no sean tan adversas en caso de no haberse gestionado.

ISO 9001 2015 incorpora como requisito la gestión de riesgos a través de su enfoque o pensamiento basado en riesgos, donde dla organización necesita tener en cuenta todos los riesgos para poder alcanzar los objetivos de calidad establecidos.

Con la gestión de los riesgos obtenemos numerosos beneficios, entre ellos preveer de forma sistemática los posibles problemas que pueden existir en la organización. Una vez identtificamos los riesgos podremos determinar cómo hacer frente a sus impactos, ya sea mitigándolos o eliminándolos mediante diferentes acciones. 

Otros beneficios que encontramos a ráiz de la gestión del riesgo, son:  aumento de la probabilidad de conseguir los objetivos de calidad, comportamiento proactivo de la organización y su dirección, incremento de la satisfacción del cliente, aumento de la eficiencia y eficacia de las operaciones, cumplimiento de la legislación, fomento de la prevención y gestión de posibles accidentes, uso eficiente de los recursos, etc. 

Para más información sobre la importancia de los estudios de riesgo vea los siguientes materiales:

- How to identify risk controls in ISO 9001:2015: https://advisera.com/9001academy/blog/2019/01/21/how-to-identify-risk-controls-in-iso-90012015/

- How to address risks and opportunities in ISO 9001: https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/

- Libro – Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

- Formación gratuita en línea – Fundamentos de ISO 9001:2015 : https://advisera.com/es/formacion/curso-fundamentos-iso-9001/

La importancia de la norma ISO 9001

La importancia de implementar la norma ISO 9001:2015 reside en los beneficios que tendrá en la organziación. Algunos de estos beneficios incluyen:

- La mejora de su credibilidad e imagen

- El incremento de la satisfacción del cliente

- Una mejora en la integración de procesos a través del enfoque de procesos de ISO 9001, que implica mejoras en eficiencia y ahorro de costes. 

- Mejora en la toma de decisiones bassada en evidencias objetivas

- Creación de una cultura de mejora continua

- Empleados más involucrados en la mejora de los procesos

Así mismo, muchos concursos promovidos por los gobiernos de distintos países exigen el implantar la norma ISO 9001:2015 para acceder a contratos o fondos, o inclusive si su organziación se trata de un proveedor de empresas que ya cuentan con la norma, puede que se le exija un certificado en ISO 9001 para poder entrar a formar parte de los proveedores.

Para más información sobre la importancia de ISO 9001:2015, vea los siguientes materiales: 

- Seis beneficios clave de dla implementación de ISO 9001: https://advisera.com/9001academy/pt-br/kit-de-documentacao-da-iso-9001/nowledgebase/seis-beneficios-clave-de-la-implementacion-de-iso-9001/

- Libro – Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

- Formación gratuita en línea – Fundamentos de ISO 9001:2015 : https://advisera.com/es/formacion/curso-fundamentos-iso-9001/

Assets and Risks

Please note that the approach you are using is not common (the common practice is the asset-threat-vulnerability approach, not using only asset and threat combination). The problem with your approach is that by not considering potential vulnerabilities related to the asset you can have a misunderstanding about the risk. For example, if for a certain asset the vulnerabilities aren't easy to be exploited by threats the risk will be lower.
 
Considering that, during risk assessment, you do not need to use data classification type, only information assets (e.g., reports, databases, contracts, etc.)
 
Regarding the number of risks, a good approach is for each asset to identify 2 or 3 threats and for each threat 2 or 3 vulnerabilities. For 50 assets this will result in a number of risks between 200 and 450 risks.
 
This article will provide you a further explanation about risk assessment:  

• ISO 27001 risk assessment: How to match assets, threats, and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/

Defining quality objectives

Quality objectives are overall goals or targets stated by the organization in order to achieve improvement within the QMS. Quality objectives have a strategic role in carrying out the quality policy and its implementation through a quality management system and provide a means to assess whether the QMS achieves its goals.  Therefore, it is not necessary to define quality objectives each year, this really depends on the mission, a vision and strategy of your company.

However, please differentiate a quality objectives from regular business objectives. Business objectives you can define each year, they can be depatment-specific, anything that you need fulfill you business golas.

Standard quality objectives can be: meeting customer and regulatory requirements, achieving the improvement of the QMS and its products, and enhancing customer satisfaction. 

In these articles, you have more information about setting good quality objectives:

• Setting good quality objectives for ISO 13485 https://advisera.com/13485academy/knowledgebase/setting-good-quality-objectives-for-iso-13485/
• How to write good quality objectiveshttps://advisera.com/9001academy/knowledgebase/how-to-write-good-quality-objectives/

• ISO 14001 accreditation scheme for global financial services

  The answer to that question is not technical.

  Please check these articles - 6 Key Benefits of ISO 14001 - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/6-key-benefits-of-iso-14001/ and - ISO 14001: The benefits for customers - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/

  Without knowing your business priorities and strategic orientation I can speculate that your organization wants to meet potential customers, potential investors with environmental concerns. If that is the case, certification under ISO 14001 can help to reinforce a brand image in this regard.

  Please check also – What is ISO 14001? - https://advisera.com/14001academy/what-is-iso-14001/

  You can find more information below with more detailed answers:

  • Project checklist for ISO 14001 implementation - https://info.advisera.com/14001academy/free-download/project-checklist-for-iso-14001-implementation
  • ISO 14001:2015 Implementation diagram - https://info.advisera.com/14001academy/free-download/iso-14001-2015-implementation-diagram
  • Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
  • Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/

• Defining standard requirements in practical use for Rework and Repair

  a) IATF 16949: 2016 standard requires the following conditions for rework subject.

  8.7.1.4 Control of reworked product

  The organization shall utilize risk analysis (such as FMEA) methodology to assess risks in the rework process prior to a decision to rework the product. If required by the customer, the organization shall obtain approval from the customer prior to commencing the rework of the product.

  The organization shall have a documented process for rework confirmation in accordance with the control plan or other relevant documented information to verify compliance with original specifications.

  Instructions for disassembly or rework, including re-inspection and traceability requirements, shall be accessible to and utilized by the appropriate personnel. The organization shall retain documented information on the disposition of reworked product including quantity, disposition, disposition date, and applicable traceability information

  PS: However, changes are coming to the IATF 16949: 2016 standard over time. These are published on the IATF website as "SI". The SI-9 change came in October 2019. In its standard original state, it was asking for customer approval before starting the "rework" process. With this change, customer approval for rework was removed, but customer approval was required for the repair process.

  b) IATF 16949: 2016 standard requires the following conditions for repair subject

  8.7.1.5 Control of repaired product

  The organization shall utilize risk analysis (such as FMEA) methodology to assess risks in the repair process prior to a decision to repair the product. The organization shall obtain approval from the customer before commencing the repair of the product.

  The organization shall have a documented process for repair confirmation in accordance with the control plan or other relevant documented information. Instructions for disassembly or repair, including re-inspection and traceability requirements, shall be accessible to and utilized by the appropriate personnel.

  The organization shall obtain a documented customer authorization for a concession for the product to be repaired.

  The organization shall retain documented information on the disposition of repaired products including quantity, disposition, disposition date, and applicable traceability information.

  For more information please see:

  • What are the five core tools of IATF 16949 https://advisera.com/16949academy/blog/2017/08/23/what-are-the-five-core-tools-of-iatf-16949/

  • Relation between Directive IVDR 98/79, IEC 64304, 62366 and ISO13485

    The relation between Directive IVDR 98/79, IEC 64304, 62366 and ISO13485. Esepecially the documentation.

  • Auditing regulatory offices

    I have no experience of auditing a regulatory office, but I would do no different from other organizations. I would use the process approach and from there audit conformance with procedures and practices. I would use the quality policy and objectives and the management review to start auditing top management.

    The following material can provide more information:

    • ISO 9001 internal auditor training: Is it for me? - https://advisera.com/9001academy/blog/2015/06/02/iso-9001-internal-auditor-training-is-it-for-me/
    • Free webinar on demand - The Process Approach - What it is, why it is important, and how to do it - https://advisera.com/9001academy/webinar/iso-9001-process-approach-free-webinar-on-demand/ 
    • Free webinar on demand - How to perform an ISO 9001:2015 internal audit - https://advisera.com/9001academy/webinar/how-to-perform-an-iso-9001-2015-internal-audit-free-webinar-on-demand/
    • Free online training ISO 9001:2015 Internal Auditor Course: https://advisera.com/training/iso-9001-internal-auditor-course/
    • Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/