Search results

ISO 9001 Implementation timeline and costs

If you want to evaluate cost efficiency for obtaining an ISO 9001 certification, you should consider several alternatives:

• Using an external consultant;
• Using an internal project team and a customizable documentation toolkit 

Time to implement and be certified, with our Toolkit Documentation, can take:

• Companies of up to 10 employees - up to 3 months
• Up to 50 employees – up to 3 to 6 months
• Up to 200 employees – up to 6 to 10 months
• More than 200 employees – up to 10 to 20 months

You can find detailed information about how to plan and implement a quality management system in the following links:

• Checklist of ISO 9001 implementation & certification steps - https://advisera.com/9001academy/knowledgebase/checklist-of-iso-9001-implementation-certification-steps/
• ISO 9001 Implementation diagram - https://info.advisera.com/9001academy/free-download/iso-9001-implementation-diagram
• Free webinar on demand - Overview of ISO 9001 implementation steps - https://advisera.com/9001academy/webinar/overview-of-iso-9001-implementation-steps-free-webinar-on-demand/
• Free webinar on demand - How to use a Documentation Toolkit for the implementation of ISO 9001 - https://advisera.com/9001academy/webinar/how-to-use-a-documentation-toolkit-for-the-implementation-of-iso-9001-free-webinar-on-demand/
• Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
   

EU GDPR in UK

Question 1. What about GDPR in the UK? Is it different from GDPR EU?

GDPR is a EU Regulation and applies across all Europe and all around the world if the data processing involves data of individuals living in the EU (Article 3 GDPR).The Brexit process made GDPR fully applicable until December 31st, 2020, then the UK will be able to implement its own privacy law.

2. How could I find the differences?

Currently, UK Privacy law is the GDPR until December 31st 2020. The Data Protection Act of 2018 implement the GDPR which is the core of the legislation and provide rules for enforcement, powers of the Information Commissioner and its role in enforcing GDPR.You can find any information about UK on the Information Commissioner’s Office (ICO) which is UK Data Protection Authority: https://ico.org.uk/ICO made a guide for data controller and processor on how to comply at the end of the transitional period: https://ico.org.uk/media/2617967/eot-five-steps-le-processing.pdf The first point is to continue to comply with GDPR and then UK controller will need to regulate the data transfers with EU partners applying Standard Contractual Clauses (SCC) or Binding Corporate Rules (BCR) (the latter for large companies).

Here some useful information:

• What is the EU GDPR and why is it applicable to the whole world? https://advisera.com/eugdpracademy/knowledgebase/what-is-the-eu-gdpr-and-why-is-it-applicable-to-the-whole-world/
• Useful resources for complying with EU GDPR https://advisera.com/eugdpracademy/knowledgebase/useful-links/
• Here you can find our free template with Standard Contractual clauses: https://info.advisera.com/eugdpracademy/free-download/standard-contractual-clauses-annexes
• 3 steps for data transfers according to GDPR: https://advisera.com/articles/3-steps-for-data-transfers-according-to-gdpr/
• A summary of 10 key GDPR requirements https://advisera.com/eugdpracademy/knowledgebase/a-summary-of-10-key-gdpr-requirements/
• List of mandatory documents required by EU GDPR https://advisera.com/articles/list-of-mandatory-documents-required-by-eu-gdpr/

You can also consider enrolling in this free EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

ISO 9001 Internal audit clauses

That will depend on the scope of the audit. If your organization performs an annual internal audit, all clauses have to be included. For example, if you are going to audit the production process, perhaps you must include the following ISO 9001:2015 clauses:

• 7.1.3 – about equipment maintenance
• 7.1.4 – about production environment
• 7.1.5 – about monitoring and measuring resources
• 7.2 – about people’s competence
• 7.3 – about people knowing the quality policy
• 7.5 – about documents and records control
• 8.5 – about specifications, process control plans, work instructions, traceability, preservation,
• 8.6 – quality control
• 8.7 – nonconforming product treatment
   

The following material can provide more information:

• ISO 9001 internal auditor training: Is it for me? - https://advisera.com/9001academy/blog/2015/06/02/iso-9001-internal-auditor-training-is-it-for-me/
• Free webinar on demand - How to perform an ISO 9001:2015 internal audit - https://advisera.com/9001academy/webinar/how-to-perform-an-iso-9001-2015-internal-audit-free-webinar-on-demand/
• Free online training ISO 9001:2015 Internal Auditor Course: https://advisera.com/training/iso-9001-internal-auditor-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
   

Remote audits recordings

Yes, they can, but you can say no!

Recording remote audits should be an issue analyzed before the audit. Recording remote audits is not common. What is common is asking permission to make “print screens” of relevant records asked. A good practice is to ask permission whenever an auditor wants to make a record of something, he/she is seeing on the screen.

The following material can provide more information:

• Please find in this free webinar on demand - How to perform an internal audit remotely - https://advisera.com/9001academy/webinar/remote-internal-audit-free-webinar-on-demand/ a detailed explanation about how to remotely audit operations using a tablet, a smartphone, CCTV or a drone.
• Free online training ISO 9001:2015 Internal Auditor Course: https://advisera.com/training/iso-9001-internal-auditor-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

Is personnel in ISO 17025 required to have training and certificate before starting auditing the lab?

As for any management system activity, personnel must have suitable skills, adequate training and evidence of competency to perform a task.

Furthermore for internal auditing the auditors must be impartial and independent, meaning they cannot audit their own work and it is typically ineffective and risky if they audit processes their colleagues are responsible for. Internal auditors need not be certified auditors, but formal training is recommended, whether in house or through a service provider on site or remotely. Either way, management need to deem auditors suitable and competent through observation and against criteria such as professional approach, interview techniques, and outcome of an audit they performed under supervision. They need to have a good understanding of ISO 17025, risk-based thinking, the purpose of the quality management system and quality assurance activities. A technical auditor must, in addition, have a good technical working knowledge to audit the particular activity, including how to assess equipment, method validation, measurement uncertainty, calibration and metrological traceability needs.

The following ISO 17025 document templates may be of interest

Competence, Training and Awareness Procedure at https://advisera.com/17025academy/documentation/competence-training-and-awareness-procedure/
Internal Audit Procedure at https://advisera.com/17025academy/documentation/internal-audit-procedure/
Competence Approval and Authorization Record at https://advisera.com/17025academy/documentation/competence-approval-and-authorization-record/

ISO 13485 vs EN ISO 13485

Prefix ISO means that it is an international standard published by the ISO organization. When an ISO is adopted by the European Union, for example, it becomes an EN-ISO.

There is no difference in the requirements between those two standards.

ISO 13485 implementation

1. As we are a low-risk class I one medical device manufacturer, if we want to declare our conformity according to MDR do we also need to comply with all the applicable harmonized standards like (ISO 13485, ISO 14971, IEC 60601-1-2) ? Or are these standards optional for class I?

2. Do we need ISO 13485 or other certification from an accredited body? 

Change of the quality manual's mandatory status

ISO 9001: 2015 did not prohibit the quality manual, what came was to remove its mandatory character.

Why did this happen?

Because of an effort to reduce the image of bureaucratization associated with ISO 9001: 2015 and, perhaps because many quality manuals have no value, they are limited to a template with blank spaces filled with the name of the organization. Personally, as an auditor, I am tired of seeing manuals that in a way summarize ISO 9001.

The following material will provide you information about the quality manual:

• The future of the Quality Manual in ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/the-future-of-the-quality-manual-in-iso-90012015/
• Free online training ISO 9001:2015 ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-14001-internal-auditor-course/ nal-auditor-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/