Search results

ISO 9001 controlled document list

Yes, all documents and records relevant for the QMS must be listed and controlled. With software programs you want to ensure that templates used to record information are correct and in the approved version.

The following material will provide you information about document control:

• How to set up document approval/withdrawal within your QMS based on ISO 9001:2015 - https://advisera.com/9001academy/blog/2016/04/12/how-to-set-up-document-approvalwithdrawal-within-your-qms-based-on-iso-90012015/
• What kind of Document Management System (DMS) do you need for handling ISO documents? - https://advisera.com/conformio/blog/2020/08/11/what-kind-of-dms-you-need-for-handling-iso-27001-documents//
• Should you keep your ISO documents in the cloud or on paper? - https://advisera.com/conformio/
• Book - Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/

Performing risk assesment

ISO 9001:2015 does not require a formal assessment supported in a specific standard. So, you can comply with ISO 9001:2015 without a risk assessment standard.

If you want to manage risks in a more professional way you can use ISO 31000:2009.

You can find more information below:

• Similarities and differences in risk management in ISO 9001, ISO 31000, and ISO 27001 - https://advisera.com/9001academy/blog/2016/10/25/similarities-and-differences-in-risk-management-in-iso-9001-iso-31000-and-iso-27001/
• How to address risks and opportunities in ISO 9001: https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
• How to identify risk significance in ISO 9001:2015 - https://advisera.com/9001academy/blog/2019/01/14/how-to-identify-risk-significance-in-iso-90012015/
• For a free preview of an example of the Registry of Key Risks and Opportunities - https://advisera.com/9001academy/documentation/registry-of-key-risks-and-opportunities/
• Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
   

Maintaining ISO 9001

To get simplicity in the post-certification phase you have to go through complexity in the implementation phase. By complexity I mean investing time:

• in developing or customizing documentation with the right amount of content,
• in setting monitoring and feedback circuits that feed continual improvement,
• in defining really relevant objectives and indicators,
• in performing frequent effective internal audits.

If you don’t go through that complexity phase you will always be plagued with the shortcomings of a defective management system.
You can find more information below:

• How to define Key performance indicators for a QMS based ISO 9001: https://advisera.com/9001academy/24/define-key-performance-indicators-qms-based-iso-9001/-iso-9001/
• How t write good quality objectives: https://advisera.com/9001academy/knowledgebase/how-to-write-good-quality-objectives/
• Please check this free webinar on-demand – Measurement, analysis, and improvement according to ISO 9001:2015 - https://advisera.com/9001academy/webinar/measurement-analysis-and-improvement-according-to-iso-9001-2015-free-webinar/
• Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

MDSAP audit

1. What stage of completion do we have to be in to be ready for an MDSAP audit?

You have to be completely ready for the audit from both sides: ISO 13485:2016 and Technical file according to the MDR.

2. Does our device need to be a finished device?

Yes, your device must be a finished device.

3. Does our DMR need to be completed and do we have to have all our verification and validation plans and reports completed?

Yes, your all verification and validation plans and reports must be completed.

Internal Audit Process Approach

A horizontal audit is when you audit one process across many departments in the organization. A vertical audit is when you audit all the processes used by a department. Process audits are another name for horizontal audits. Draw a process flowchart and prepare your audit around that, as I show in this free webinar on demand - How to perform an ISO 9001:2015 internal audit - https://advisera.com/9001academy/webinar/how-to-perform-an-iso-9001-2015-internal-audit-free-webinar-on-demand/

You can find more information below

• ISO 9001 Horizontal audit vs. vertical audit - https://advisera.com/9001academy/blog/2015/03/03/iso-9001-horizontal-audit-vs-vertical-audit/
• Free online training ISO 9001:2015 ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-14001-internal-auditor-course/ nal-auditor-course/
• Book - ISO internal audit: A plain English guide: https://advisera.com/books/iso-internal-audit-plain-english-guide/

Implementing ISO 9001 in a company with multiple contractors

I think your question is about how to start implementing ISO 9001. For your particular case I would start by designing a model about how your organization works based on the process approach.

The following material will provide you more information about the process approach:

• Free webinar on demand - The Process Approach - What it is, why it is important, and how to do it - https://advisera.com/9001academy/webinar/iso-9001-process-approach-free-webinar-on-demand/ - please check how training can be related with the process approach
• Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ - where I extensively use the process approach.

ISO 9001 Laboratory Audit

You can have two kinds of audits: conformance or performance audits.

With conformance audits you want to check if the standard and or internal procedures are followed.

With performance audits you want to check if the training and skills development investments are effective.

An audit, either with a focus on conformance or effectiveness, can:

• help verify if staff has the right training and if that training is effective, or if specific staff roles should be adjusted
• promote the need for change, through comparison of expected results with actual results

Audits are a way of performing hypothesis tests about how processes are operated or about how good are their performance.

The following material can provide more information:

• ISO 9001 internal auditor training: Is it for me? - https://advisera.com/9001academy/blog/2015/06/02/iso-9001-internal-auditor-training-is-it-for-me/
• Free webinar on demand - How to perform an ISO 9001:2015 internal audit - https://advisera.com/9001academy/webinar/how-to-perform-an-iso-9001-2015-internal-audit-free-webinar-on-demand/
• Please find in this free webinar on demand - How to perform an internal audit remotely - https://advisera.com/9001academy/webinar/remote-internal-audit-free-webinar-on-demand/ a detailed explanation about how to remotely audit operations using a tablet, a smartphone, CCTV or a drone.
• Free online training ISO 9001:2015 Internal Auditor Course: https://advisera.com/training/iso-9001-internal-auditor-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
   

Are resources from law required to implement GDPR?

1. Do we require any resources from law to implement GDPR?

The GDPR (as any European Regulation) has direct applicability in the Member States and does not require any adaptation from national laws. However, there are some topics where Member State law can implement GDPR requirements (i.e. legislation on video surveillance or health and safety in the workplace), so you may need to verify if your national law requires additional steps to comply with.

You can find information on how to implement GDPR and comply with your national law on your national Data Protection Authority (DPA) website where you can find suggestions and requirements.

We developed a toolkit to help the controller to implement GDPR.

• EU GDPR Documentation Toolkit https://advisera.com/eugdpracademy/eu-gdpr-documentation-toolkit/

2. In addition to that, I wanted to know what are the main things to consider when we implement this GDPR"

In order to implement correctly GDPR, first of all, you need to know your business and be aware of what kind of data processing your company carries out in its activity (clients, suppliers, employees are the most common categories of individuals a company deals with).Then, you need to evaluate what is the data processing: why you are collecting data? For which purposes? How long you need to keep data? Do you need all data you are collecting? Can you do your activity by collecting less data? Who processes data? Who has access to data? Are your data secured? What are the security measures taken against data breach (which means any accident which has an impact on integrity, availability, reliability, and confidentiality of data)?

You may find out that you need to establish policies for your employee on how to process data, establish access control, and also notice your data subject, which is one of the most important parts while implementing GDPR. You will need a privacy notice (better for each category of data subjects, because the data processing of your employees' data will be different from the processing of your clients) and establish procedures to assure the data subjects' rights.

These are the main things to consider when implementing GDPR, others may depend on the nature of your activity (does it involve monitoring on a large scale of data? Do you process special categories of data, like health, sexual orientation, political opinion, data referring to criminal conviction?) that may require a Data Protection Impact Assessment (DPIA) or to appoint a Data Protection Officer (DPO).

Here you can find some information:

• First steps to take to reach GDPR compliance https://advisera.com/eugdpracademy/blog/2018/10/08/first-steps-to-take-to-reach-gdpr-compliance/
• Useful resources for complying with EU GDPR https://advisera.com/eugdpracademy/knowledgebase/useful-links/
• A summary of 10 key GDPR requirements https://advisera.com/eugdpracademy/knowledgebase/a-summary-of-10-key-gdpr-requirements/
• List of mandatory documents required by EU GDPR https://advisera.com/articles/list-of-mandatory-documents-required-by-eu-gdpr/

You can also consider enrolling in this EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course// 

IS IEC 62304 included in toolkit Advisera offers?

Unfortunately, this standard IEC 62304:2006/AMD 1:2015 Medical device software — Software life cycle processes is not included in our toolkit. This standard is very specific and requires certain documentation completely described in the standard.  

Objectives and expected results

According to ISO the purpose of ISO 9001 is:

• to demonstrate the ability to consistently provide products and services that meet customer and regulatory requirements and enhance customer satisfaction

According to ISO the purpose of ISO 14001 is:

• to improve the environmental performance through more efficient use of resources and reduction of waste, gaining a competitive advantage and the trust of interested parties.

The following material will provide you more information:

• What is ISO 9001? - https://advisera.com/9001academy/what-is-iso-9001/
• The history and future of the ISO 9000 series of standards - https://advisera.com/9001academy/blog/2019/04/15/history-of-the-iso-9000-series-of-standards-and-what-to-expect-next/
• Evolution of ISO 14001: The history of the leading environmental management standard - https://advisera.com/14001academy/blog/2020/01/21/history-of-iso-14001-why-is-it-so-popular/
• Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
• Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
• Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/