Search results

ISO 14001 Legal requirements

Previous versions of ISO 14001 used the words “legal requirements”. ISO 14001:2015 uses instead the words “compliance obligations”. Compliance obligations include legal requirements and other requirements like customer requirements.

Any organization operating in a certain region will have to comply with a set of laws and regulations – the legal requirements. For example, in my country any organization has to comply with legislation about:

• Quality of air emissions
• Quality of wastewater discharging
• Environmental noise levels
• Managing solid wastes 

You can find more information below:

• How to create an ISO 14001 list of legal and regulatory requirements - https://advisera.com/14001academy/blog/2019/11/04/iso-14001-legislation-checklist-how-to-create-it/
• Demystification of legal requirements in ISO 14001 - https://advisera.com/14001academy/blog/2014/10/01/demystification-legal-requirements-iso-14001/
• Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
• Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/
   

Quality Management System

First, that is a great example of what can become a quality management system owned by many people in an organization. Normally, there is great resistance to participate in this way.

What I would recommend is that before starting to create procedures people should have some basic training in ISO 9001 requirements associated with each department. Now, you cannot go back in time. So, I recommend performing departmental internal audits where internal auditors can check implementation and also conformance according to ISO 9001 requirements.

The following material can provide more information:

• ISO 9001 internal auditor training: Is it for me? - https://advisera.com/9001academy/blog/2015/06/02/iso-9001-internal-auditor-training-is-it-for-me/
• Free webinar on demand - How to perform an ISO 9001:2015 internal audit - https://advisera.com/9001academy/webinar/how-to-perform-an-iso-9001-2015-internal-audit-free-webinar-on-demand/
• Free online training ISO 9001:2015 Internal Auditor Course: https://advisera.com/training/iso-9001-internal-auditor-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
   

Document control - do we need that?

First is important to note that Document control and confidentiality levels (i.e., information classification) are different things.

Control of documents and records is a requirement of the standard (one that does not require to be documented), while information classification is one of the information security controls from ISO 27001 Annex A.

Considering that, the use of the information classification control to identify confidentiality levels is needed only if your organization has relevant risks, or legal requirements (e.g., laws, regulations, or contracts) demanding the implementation of this control. If no such situations occur, you do not need to implement information classification.

This article will provide you a further explanation about information classification:

• Information classification according to ISO 27001 https://advisera.com/27001academy/blog/2014/05/12/information-classification-according-to-iso-27001/

Configuration management

Configuration management in AS9100 (clause 8.1.2) is all about ensuring that the end product meets the requirements fully as per the design, with any design changes noted. For a company that is creating designs as their deliverable, the most important thing is traceability for the design to the design requirements to show they are met. This is very much like a design verification activity.

As for FOD, which is an example given in clause 8.5.4 on preservation, this would not really be applicable to a company delivering a design. You will not that the list in this clause is listed as “when applicable”

You can learn more on configuration management in AS9100 in the article: Understanding configuration management in AS9100 Rev D, https://advisera.com/9100academy/blog/2017/05/08/understanding-configuration-management-in-as9100-rev-d/ 

Organizational risk management

Operational risk management in AS9100 (clause 8.1.1) is all about identifying and tracking the risks that are in place during the creation and delivery of the product or service. In an organization that delivers designs you still have risks for completing and delivering the design (e.g. incomplete requirements, tight timeline for delivery, etc.). These risks need to be identified for the project, assessed and communicated, and mitigation actions assigned when necessary, with the understanding that some risks will have no action other than tracking until they are gone (e.g. time-critical delivery from a supplier)

You can learn more on operational risk management in AS9100 in the article: 5 key elements of risk management in AS9100 Rev D, https://advisera.com/9100academy/blog/2017/05/15/5-key-elements-of-risk-management-in-as9100-rev-d/

Sub-clause 6.4.2

Clause 6.4.2 states that When the laboratory uses equipment outside its permanent control, it shall ensure that the requirements for equipment of this document are met.

Firstly it is important to note that "Equipment" is considered as any item used to generate a result, so this also applies, for example,  to software, reference materials, chemicals and reagents.

This clause can cover a number of scenarios, for example
1) When equipment is shared within the laboratory facility or another department of the organisation,
2) When items are stored in a storeroom not managed directly by the laboratory,
3) When equipment is calibrated offsite by a service provider or another department and returned for use by the laboratory, and 4) If a service provider performs a service on an item, even if onsite.

In all these cases the activity must comply with ISO 17025 requirements for equipment. This includes facilities and environment, handling, storage, use, verification, performance checks, and appropriate records.

For more information see

• The Article What does ISO 17025:2017 require for laboratory measurement equipment and related procedures? at https://advisera.com/17025academy/blog/2019/07/25/iso-17025-measurement-requirements-of-the-standard/
• The ISO 17025 toolkit, specifically Facilities and Equipment procedures and records from  https://advisera.com/17025academy/iso-17025-documentation-toolkit/

ISO 14001 Practises for communicating environmental aspects

I cannot call these as best practices. They are some of the practices I follow.

Employees are not expected to know all significant environmental aspects), or objectives/targets, or monitoring/measuring requirements. What is expected is that they know which are relevant for their job, which ones they can contribute to or influence.

Normally, what I recommend doing is designing a homogeneous audience based on location, and customize a game where people are invited to determine significant environmental aspects from their job and learn about the best practices to handle each one.

Develop the environmental policy day. A day where the environmental policy is presented, with special attention to its commitments, and a link to the environmental objectives and targets.

Again, with a homogeneous audience based on location you can develop a kind of brainstorming about “How can I contribute, in my work, to meet the objectives and targets?”

For each relevant location periodically post the results of monitoring / measurement that people can influence during the performance of their work

Please consider the following information:

• Environmental performance evaluation - https://advisera.com/14001academy/blog/2015/07/06/environmental-performance-evaluation/
• How to perform communication related to the EMS - https://advisera.com/14001academy/blog/2015/08/31/how-to-perform-communication-related-to-the-ems/
• Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
• Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/
   

Is IATF 16949 needed for fuel systems manufacturing company?

First of all, the product you produce is mounted on the OEM vehicles such as cars, trucks, buses, etc. so you can apply for IATF 16949 certification. If you are designing products besides production activity, design and manufacturing must be clearly defined in your IATF 16949: 2016 scope. 

If your customer to whom you sell the product requires you to obtain an IATF 16949: 2016 certificate, then you should apply for certification, and your quality management system must be ready for assessment. 

If your customer does not have a request in this regard; you can apply for an IATF 16949:2016 certificate at your own request.

Quality Management Plan

As a laboratory, although a formal risk management program is not required, you need to address risks efficiently and rate them in a way so that actions can be justified and appropriate to the level of risk.

For more information regarding actions to address risks and opportunities, see the ISO 17025 toolkit document template: Addressing Risks and Opportunities Procedure at https://advisera.com/17025academy/documentation/addressing-risks-and-opportunities-procedure/

and for more information on the five steps to address risks, see the article Five-step laboratory risk management according to ISO 17025:2017 at https://advisera.com/17025academy/blog/2019/12/05/iso-17025-risk-management-in-five-steps/

For a more detailed explanation, you can watch the free webinar How to manage risks in laboratories according to ISO 17025 at https://advisera.com/17025academy/webinar/iso-17025-risk-management-how-to-manage-it-free-webinar-on-demand/

Also have a look at the following for more information - Expert Community Answers

• 8.5 Actions to address risks and opportunities (Option A) (new) at https://community.advisera.com/topic/8-5-actions-to-address-risks-and-opportunities-option-a-new/
• What is the efficient way and tricks to address, handle and treat the risk and opportunity? at https://community.advisera.com/topic/what-is-the-efficient-way-and-tricks-to-address-handle-and-treat-the-risk-and-opportunity/

ISO 9001 KPIs for the documentation department in the pharmaceutical industry

Start by the end!

What is the purpose of a documentation department in the pharmaceutical industry?

That department exists to meet what desirable results?

That department exists to avoid what undesirable results?

For example:

• The documentation department exists to provide approved documents required for introducing new products in the market
• The documentation department exists to ensure that updated documents are used where they are needed

As KPIs you can use for this example:

• Rate of new product introductions delayed because of missing approved documents
• Number of outdated documents found in use during audits 

The following material will provide you more information:

• How to define Key performance indicators for a QMS based ISO 9001: https://advisera.com/9001academy/24/define-key-performance-indicators-qms-based-iso-9001/-iso-9001/
• Free webinar on demand - Measurement, analysis, and improvement according to ISO 9001:2015 -
  https://advisera.com/9001academy/webinar/measurement-analysis-and-improvement-according-to-iso-9001-2015-free-webinar/
• Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/