Search results

Addressing and closing nonconformity regarding clause 7.2

Clause 7.2 requirements relate to the selection, verification and validation of methods. I cannot tell from your question what the specific nonconformity (NC) is. 

For all tests that your laboratory is accredited for you should have access to and be using the most recent standard methods or latest reviewed in-house methods. Then you should know what the performance requirements are to meet the purpose (use)of the test. Validation or verification activities must prove  that the parameters are suitable.

The nonconformance must be addressed according to your laboratory procedure. The specific problem statement is the crucial starting point, i.e. what should be in place and is not in place 
(a gap) or deviating from requirements. Then you should perform root cause analysis and find the correctable causes, that if addressed will resolve the nonconformance and stop it from reoccurring. Then select the appropriate actions and implement. Closing the NC will follow once it is verified that the action taken was effective.

The following may be of interest:

The ISO 17025 toolkit procedure Test and Calibration Method Procedure, along with two supporting documents Test Method Development, Verification and Validation Register and Test Method Development, Verification and Validation Record. The techniques for method validation are listed as well as the required records.. The procedure is also available separately at https://advisera.com/17025academy/documentation/test-and-calibration-method-procedure/

A question and response in Advisera Expert Community regarding  Cause 7.2.1.3 at https://community.advisera.com/topic/clause-7-2-1-3/

Including WFH or teleworking in audit plan

1 - can external auditor still considered this compliant and an ISO/IEC 27001 certification be awarded to the company?

Even if WFH or teleworking is not included in the audit plan, if the auditor identifies this practice affects the stated ISMS scope, he can include it in the audit (because it may compromise the security of the information the ISMS is intended to protect), checking if relevant requirements were identified, risk assessment and treatment were performed, and, in case there are required controls if they are implemented and working properly.

In case such items are not properly fulfilled, this could mean a non-conformity that can prevent the certification to be awarded.

2 - is there such thing as partial certification?

What is possible is that you limit the scope of your ISMS, and therefore limit the scope of certification - see this article for more information:

• How to set the ISMS scope according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/

Monitoring and measuring environmental processes and activities

Speaking in general terms you can measure outputs like air emissions quality, water discharging quality, environmental noise levels. You can measure amounts and types of wastes generated, amount of reused, recycled or landfilled wastes. You can measure amount of hazardous wastes generated. You can measure efficiency in the use of resources like water, energy or main raw materials. Some of these may be prescribed by legislation with frequency attached, others may be voluntary.

Please consider the following information:

• Environmental performance evaluation - https://advisera.com/14001academy/blog/2015/07/06/environmental-performance-evaluation/
• How to perform communication related to the EMS - https://advisera.com/14001academy/blog/2015/08/31/how-to-perform-communication-related-to-the-ems/
• Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
• Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/

Questions to ask a lead auditor

You should focus on top management responsibilities and make questions to get a feeling about what level of commitment they have with the management system.

You can find more detailed information below:

• What are the responsibilities of top management in the EMS according to ISO 14001:2015? - https://advisera.com/14001academy/blog/2016/01/18/what-are-the-responsibilities-of-top-management-in-the-ems-according-to-iso-140012015/
• Questions to successfully perform ISO 14001 top management audit - https://advisera.com/14001academy/blog/2019/06/17/iso-14001-top-management-audit-what-questions-to-ask/
• Although this article it is about ISO 9001 it can be useful - How to perform an ISO 9001 audit of top management without fear - https://advisera.com/9001academy/blog/2019/05/15/iso-9001-top-management-audit-how-to-perform-it-successfully/
• Enroll for free in this course – ISO 14001:2015 Lead Auditor Course - https://advisera.com/training/iso-14001-lead-auditor-course/
• Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/

Rating opportunities and methods

There is no universal solution. Some organizations use the same rating and method to evaluate risks and opportunities. The difference stands in one being a positive risk and the other a negative risk.

Another possibility is to use a 2x2 matrix measuring the effort to exploit the opportunity and the consequences in terms of improvements within productivity, turnover or quality.

You can find more information below:

• How to address risks and opportunities in ISO 9001: https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
• How to identify risk significance in ISO 9001:2015 - https://advisera.com/9001academy/blog/2019/01/14/how-to-identify-risk-significance-in-iso-90012015/
• For a free preview of an example of the Registry of Key Risks and Opportunities - https://advisera.com/9001academy/documentation/registry-of-key-risks-and-opportunities/
• Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

ISO 9001 main characteristics

ISO 9001 is a generic universal standard to implement a quality management system to improve customer satisfaction and performance.

ISO 9001:2015 introduced the risk-based approach and is much less dependent of documentation requirements. Please check this infographic to give you a sense of the changes with ISO 9001:2015 - Infographic: ISO 9001:2015 vs. 2008 revision – What has changed? - https://advisera.com/9001academy/knowledgebase/infographic-iso-90012015-vs-2008-revision-what-has-changed/

The following material will provide you more information:

• What is ISO 9001? - https://advisera.com/9001academy/what-is-iso-9001/
• The history and future of the ISO 9000 series of standards - https://advisera.com/9001academy/blog/2019/04/15/history-of-the-iso-9000-series-of-standards-and-what-to-expect-next/
• Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/

Welfare of employees and the public

According to ISO 14001:2015 an organization must determine who are its interested parties and what are their relevant needs and expectations concerning the environment. Please check clause 0.5 of ISO 14001:2015. If an organization considers its employees and the public as interested parties the following question is: what needs and expectations concerning the environment are relevant for them? There is nothing in ISO 14001:2015 that makes welfare mandatory. To be correct here we should define welfare. If by welfare we mean the environmental conditions of the neighborhood, I can think that it is a way of avoiding environmental complaints and problems with local authorities.

The following material will provide you more information:

• How to determine interested parties according to ISO 14001:2015 - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/how-to-determine-interested-parties-according-to-iso-140012015/
• Understanding the needs & expectations of interested parties in ISO 14001 - https://advisera.com/14001academy/blog/2017/04/03/understanding-the-needs-expectations-of-interested-parties-in-iso-14001/
• White paper - Case study for ISO 14001:2015 transition in a construction company - https://info.advisera.com/14001academy/free-download/case-study-for-iso-14001-2015-transition-in-a-construction-company
• Enroll for free in the course - ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
• Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/
   

Change controls

Yes, you are right, we do not have a change control form. We considered that changes in the documentation would be initiated by the person listed as the document owner. All updates and reviews must be performed in line with the frequency defined in the List of Internal Documents.

All changes to the document must be made by using "Track changes," making visible only the revisions to the previous version, and must be briefly described in the "Change History" table; if the Track changes option is unavailable, or if the changes are too numerous, then the Track changes option is not used.

Furthermore, each document should preferably have a "Change History" table used to record every change made to the document.

For more information about common mistakes with ISO 13485:2016 documentation control and how to avoid them, please see the following article:

• Common mistakes with ISO 13485:2016 documentation control and how to avoid them https://advisera.com/13485academy/blog/2018/03/14/common-mistakes-with-iso-134852016-documentation-control-and-how-to-avoid-them/

• Dealing with employee records when retention requirements are 3 or 7 years

  You need to remember that Article 6 GDPR about the lawfulness of processing states that it is lawful to process data to fulfill a contractual obligation or a legal requirement. Therefore, if a contract or your national law requires you to keep records for 3 or 7 years, it will be considered perfectly compliant. You will write in your data processing registry (if you have one) or in your internal policy the data retention period for that category of personal data.

  Here you can find more information:

  • Article 6 GDPR: https://advisera.com/eugdpracademy/gdpr/lawfulness-of-processing/
  • Is consent needed? Six legal bases to process data according to GDPR: https://advisera.com/eugdpracademy/knowledgebase/is-consent-needed-six-legal-bases-to-process-data-according-to-gdpr/
  • How the GDPR could impact your HR department https://advisera.com/eugdpracademy/blog/2018/02/22/how-the-gdpr-could-impact-your-hr-department/

  If you want to know more about GDPR compliance you can consider enrolling in this EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//