Search results

Integrating ISO 9001 and ISO 14001

Some of the advantages can be:

• Reducing duplication of efforts and costs (one set of documentation and integrated audits, for example)
• Increasing consistency among roles and responsibilities
• Increasing focus of the actions and of the communication. 

You can find more information below:

• How to integrate ISO 14001 and ISO 9001 - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/how-to-integrate-iso-14001-and-iso-9001/
• ISO 14001:2015 integration with ISO 9001:2015 – What has changed? - https://advisera.com/14001academy/blog/2016/02/15/iso-140012015-integration-with-iso-90012015-what-has-changed/
• Free webinar - How to integrate ISO 9001:2015 and ISO 14001:2015 - https://advisera.com/14001academy/webinar/how-to-integrate-iso-90012015-and-iso-140012015-free-webinar-on-demand/
• Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
• Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/

ISO standard for Data Governance

Regarding data sharing, I suggest you take a look at these ISO standards:

• ISO 20614:2017 Information and documentation — Data exchange protocol for interoperability and preservation https://www.iso.org/standard/68562.html
• ISO/DIS 37156(en) Guidelines on data exchange and sharing for smart community infrastructures https://www.iso.org/obp/ui#iso:std:iso:37156:dis:ed-1:v1:en

Information Asset Register

An Information Asset Register is mandatory for ISO 27001 certification only if you have relevant risks or legal requirements (e.g., laws, contracts, regulations, etc.) demanding the implementation of control A.8.1.1 Inventory of assets.

In case such situations do not occur, then the Information Asset Register is not required for ISO 27001 certification.

This article will provide you a further explanation about the asset register:

• How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/

Internal audit requirements

If you check this article - List of mandatory documents required by ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/ - you can see that the only mandatory records required by ISO 9001:2015 are evidence that the audit program is being implemented along with the audit results. As audit results, you can have audit reports, evidence of corrections, or corrective actions taken.

You can find more information in the following links:

• Major vs. minor nonconformities in the certification audit - https://advisera.com/27001academy/blog/2014/06/02/major-vs-minor-nonconformities-in-the-certification-audit/
• Free webinar on-demand - How to perform an ISO 9001:2015 internal audit - https://advisera.com/9001academy/webinar/how-to-perform-an-iso-9001-2015-internal-audit-free-webinar-on-demand/ (includes a slide about the follow-up)
• You can enroll for free in this course - ISO 9001:2015 Internal Auditor Course: https://advisera.com/training/iso-9001-internal-auditor-course/
• Book - ISO internal audit: A plain English guide: https://advisera.com/books/iso-internal-audit-plain-english-guide/

Implications of EU GDPR data security and company data

About data security, GDPR requires to assure integrity, availability, reliability, and confidentiality of data taking into account the state of art, the purposes of the processing, the data involved, the scale of processing, and the cost. The controller must balance all these aspects in order to find the level of security which minimizes the risk for company data.

Company data require to be known to assure data subjects' rights and compliant data processing. All implementation processes start from knowing its own business and the kind of data processed, how data are processed, where data are stored, and who has access to them. We developed a toolkit to help organizations to make this process as easy as possible.

Here you can find some information:

• EU GDPR Documentation Toolkit https://advisera.com/eugdpracademy/eu-gdpr-documentation-toolkit/
• Useful resources for complying with EU GDPR https://advisera.com/eugdpracademy/knowledgebase/useful-links/
• A summary of 10 key GDPR requirements https://advisera.com/eugdpracademy/knowledgebase/a-summary-of-10-key-gdpr-requirements/
• List of mandatory documents required by EU GDPR https://advisera.com/articles/list-of-mandatory-documents-required-by-eu-gdpr/
• Article 32 GDPR: https://advisera.com/eugdpracademy/gdpr/security-of-processing/
• How cybersecurity solutions can help with GDPR compliance https://advisera.com/eugdpracademy/blog/2017/11/27/how-cybersecurity-solutions-can-help-with-gdpr-compliance/

You can also consider enrolling in this EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

ISO 9001 controlled document list

Yes, all documents and records relevant for the QMS must be listed and controlled. With software programs you want to ensure that templates used to record information are correct and in the approved version.

The following material will provide you information about document control:

• How to set up document approval/withdrawal within your QMS based on ISO 9001:2015 - https://advisera.com/9001academy/blog/2016/04/12/how-to-set-up-document-approvalwithdrawal-within-your-qms-based-on-iso-90012015/
• What kind of Document Management System (DMS) do you need for handling ISO documents? - https://advisera.com/conformio/blog/2020/08/11/what-kind-of-dms-you-need-for-handling-iso-27001-documents//
• Should you keep your ISO documents in the cloud or on paper? - https://advisera.com/conformio/
• Book - Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/

Performing risk assesment

ISO 9001:2015 does not require a formal assessment supported in a specific standard. So, you can comply with ISO 9001:2015 without a risk assessment standard.

If you want to manage risks in a more professional way you can use ISO 31000:2009.

You can find more information below:

• Similarities and differences in risk management in ISO 9001, ISO 31000, and ISO 27001 - https://advisera.com/9001academy/blog/2016/10/25/similarities-and-differences-in-risk-management-in-iso-9001-iso-31000-and-iso-27001/
• How to address risks and opportunities in ISO 9001: https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
• How to identify risk significance in ISO 9001:2015 - https://advisera.com/9001academy/blog/2019/01/14/how-to-identify-risk-significance-in-iso-90012015/
• For a free preview of an example of the Registry of Key Risks and Opportunities - https://advisera.com/9001academy/documentation/registry-of-key-risks-and-opportunities/
• Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
   

Maintaining ISO 9001

To get simplicity in the post-certification phase you have to go through complexity in the implementation phase. By complexity I mean investing time:

• in developing or customizing documentation with the right amount of content,
• in setting monitoring and feedback circuits that feed continual improvement,
• in defining really relevant objectives and indicators,
• in performing frequent effective internal audits.

If you don’t go through that complexity phase you will always be plagued with the shortcomings of a defective management system.
You can find more information below:

• How to define Key performance indicators for a QMS based ISO 9001: https://advisera.com/9001academy/24/define-key-performance-indicators-qms-based-iso-9001/-iso-9001/
• How t write good quality objectives: https://advisera.com/9001academy/knowledgebase/how-to-write-good-quality-objectives/
• Please check this free webinar on-demand – Measurement, analysis, and improvement according to ISO 9001:2015 - https://advisera.com/9001academy/webinar/measurement-analysis-and-improvement-according-to-iso-9001-2015-free-webinar/
• Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

MDSAP audit

1. What stage of completion do we have to be in to be ready for an MDSAP audit?

You have to be completely ready for the audit from both sides: ISO 13485:2016 and Technical file according to the MDR.

2. Does our device need to be a finished device?

Yes, your device must be a finished device.

3. Does our DMR need to be completed and do we have to have all our verification and validation plans and reports completed?

Yes, your all verification and validation plans and reports must be completed.

Internal Audit Process Approach

A horizontal audit is when you audit one process across many departments in the organization. A vertical audit is when you audit all the processes used by a department. Process audits are another name for horizontal audits. Draw a process flowchart and prepare your audit around that, as I show in this free webinar on demand - How to perform an ISO 9001:2015 internal audit - https://advisera.com/9001academy/webinar/how-to-perform-an-iso-9001-2015-internal-audit-free-webinar-on-demand/

You can find more information below

• ISO 9001 Horizontal audit vs. vertical audit - https://advisera.com/9001academy/blog/2015/03/03/iso-9001-horizontal-audit-vs-vertical-audit/
• Free online training ISO 9001:2015 ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-14001-internal-auditor-course/ nal-auditor-course/
• Book - ISO internal audit: A plain English guide: https://advisera.com/books/iso-internal-audit-plain-english-guide/