Search results

Questions to ask a lead auditor

You should focus on top management responsibilities and make questions to get a feeling about what level of commitment they have with the management system.

You can find more detailed information below:

• What are the responsibilities of top management in the EMS according to ISO 14001:2015? - https://advisera.com/14001academy/blog/2016/01/18/what-are-the-responsibilities-of-top-management-in-the-ems-according-to-iso-140012015/
• Questions to successfully perform ISO 14001 top management audit - https://advisera.com/14001academy/blog/2019/06/17/iso-14001-top-management-audit-what-questions-to-ask/
• Although this article it is about ISO 9001 it can be useful - How to perform an ISO 9001 audit of top management without fear - https://advisera.com/9001academy/blog/2019/05/15/iso-9001-top-management-audit-how-to-perform-it-successfully/
• Enroll for free in this course – ISO 14001:2015 Lead Auditor Course - https://advisera.com/training/iso-14001-lead-auditor-course/
• Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/

Rating opportunities and methods

There is no universal solution. Some organizations use the same rating and method to evaluate risks and opportunities. The difference stands in one being a positive risk and the other a negative risk.

Another possibility is to use a 2x2 matrix measuring the effort to exploit the opportunity and the consequences in terms of improvements within productivity, turnover or quality.

You can find more information below:

• How to address risks and opportunities in ISO 9001: https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
• How to identify risk significance in ISO 9001:2015 - https://advisera.com/9001academy/blog/2019/01/14/how-to-identify-risk-significance-in-iso-90012015/
• For a free preview of an example of the Registry of Key Risks and Opportunities - https://advisera.com/9001academy/documentation/registry-of-key-risks-and-opportunities/
• Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

ISO 9001 main characteristics

ISO 9001 is a generic universal standard to implement a quality management system to improve customer satisfaction and performance.

ISO 9001:2015 introduced the risk-based approach and is much less dependent of documentation requirements. Please check this infographic to give you a sense of the changes with ISO 9001:2015 - Infographic: ISO 9001:2015 vs. 2008 revision – What has changed? - https://advisera.com/9001academy/knowledgebase/infographic-iso-90012015-vs-2008-revision-what-has-changed/

The following material will provide you more information:

• What is ISO 9001? - https://advisera.com/9001academy/what-is-iso-9001/
• The history and future of the ISO 9000 series of standards - https://advisera.com/9001academy/blog/2019/04/15/history-of-the-iso-9000-series-of-standards-and-what-to-expect-next/
• Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/

Welfare of employees and the public

According to ISO 14001:2015 an organization must determine who are its interested parties and what are their relevant needs and expectations concerning the environment. Please check clause 0.5 of ISO 14001:2015. If an organization considers its employees and the public as interested parties the following question is: what needs and expectations concerning the environment are relevant for them? There is nothing in ISO 14001:2015 that makes welfare mandatory. To be correct here we should define welfare. If by welfare we mean the environmental conditions of the neighborhood, I can think that it is a way of avoiding environmental complaints and problems with local authorities.

The following material will provide you more information:

• How to determine interested parties according to ISO 14001:2015 - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/how-to-determine-interested-parties-according-to-iso-140012015/
• Understanding the needs & expectations of interested parties in ISO 14001 - https://advisera.com/14001academy/blog/2017/04/03/understanding-the-needs-expectations-of-interested-parties-in-iso-14001/
• White paper - Case study for ISO 14001:2015 transition in a construction company - https://info.advisera.com/14001academy/free-download/case-study-for-iso-14001-2015-transition-in-a-construction-company
• Enroll for free in the course - ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
• Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/
   

Change controls

Yes, you are right, we do not have a change control form. We considered that changes in the documentation would be initiated by the person listed as the document owner. All updates and reviews must be performed in line with the frequency defined in the List of Internal Documents.

All changes to the document must be made by using "Track changes," making visible only the revisions to the previous version, and must be briefly described in the "Change History" table; if the Track changes option is unavailable, or if the changes are too numerous, then the Track changes option is not used.

Furthermore, each document should preferably have a "Change History" table used to record every change made to the document.

For more information about common mistakes with ISO 13485:2016 documentation control and how to avoid them, please see the following article:

• Common mistakes with ISO 13485:2016 documentation control and how to avoid them https://advisera.com/13485academy/blog/2018/03/14/common-mistakes-with-iso-134852016-documentation-control-and-how-to-avoid-them/

• Dealing with employee records when retention requirements are 3 or 7 years

  You need to remember that Article 6 GDPR about the lawfulness of processing states that it is lawful to process data to fulfill a contractual obligation or a legal requirement. Therefore, if a contract or your national law requires you to keep records for 3 or 7 years, it will be considered perfectly compliant. You will write in your data processing registry (if you have one) or in your internal policy the data retention period for that category of personal data.

  Here you can find more information:

  • Article 6 GDPR: https://advisera.com/eugdpracademy/gdpr/lawfulness-of-processing/
  • Is consent needed? Six legal bases to process data according to GDPR: https://advisera.com/eugdpracademy/knowledgebase/is-consent-needed-six-legal-bases-to-process-data-according-to-gdpr/
  • How the GDPR could impact your HR department https://advisera.com/eugdpracademy/blog/2018/02/22/how-the-gdpr-could-impact-your-hr-department/

  If you want to know more about GDPR compliance you can consider enrolling in this EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

• ISO 9001 Risk identification

  I always recommend following three ways to determine risks:

  • Risks deriving from context and interested parties (see clause 6.1.1 of ISO 9001:2015)
  • Risks deriving from products and services (see clause 5.1.2 b) of ISO 9001:2015)
  • Risks deriving from processes (see clause 4.4.1 f) of ISO 9001:2015) 

  In this free webinar on demand - How to implement risk management in ISO 9001:2015 - https://advisera.com/9001academy/webinar/how-to-implement-risk-management-in-iso-90012015-free-webinar/ - I show some examples of determining risks and then acting on them.

  After determining risks, you have to evaluate them to determine which ones are more relevant and deserve some kind of action (see clause 6.1.2 of ISO 9001:2015). ISO 9001:2015 is very flexible about how organizations decide to evaluate and to act.

  Please check also this other free webinar on demand - Measurement, analysis, and improvement according to ISO 9001:2015 - https://advisera.com/9001academy/webinar/measurement-analysis-and-improvement-according-to-iso-9001-2015-free-webinar/

  You can find more information below about risks.

  • How to address risks and opportunities in ISO 9001: https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
  • How to identify risk significance in ISO 9001:2015 - https://advisera.com/9001academy/blog/2019/01/14/how-to-identify-risk-significance-in-iso-90012015/
  • For a free preview of an example of the Registry of Key Risks and Opportunities - https://advisera.com/9001academy/documentation/registry-of-key-risks-and-opportunities/
  • Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
  • Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ (I use a lot of examples based on the risk-based approach)

• Document control

  ISO 17025 has the requirement for your laboratory to control documents and records. There are a number of reasons. Document control is not just about the unique identifiers (document name, number) and revision number. The purpose of document control is that plus to make sure the correct documents are in use, obsolete version are taken out of use. Furthermore to make sure all documents are reviewed periodically and have been approved.

  If the form has been reviewed as suitable and you are meeting the other requirements, it is up to your laboratory to make a decision about the risk of hand written changes. You should document what you are allowing in your document control and record procedure to manage the risk – so that everyone understands what is and what is not allowed. Remember a form (blank template) is a document. Make sure the old form and number is in your record “List of Internal Documents” and you indicate teh old number as obsolete. Then create /renumber the form electronically and approve it.  Add it to the “List of Internal Documents”. Lastly, any handwritten changes should follow your procedure and should only be done by an authorised person with a neat line through the old number (so that it is still legible). Write, stamp or print the new number and initials of the authorised person on the preprinted "old" copies.

  For more information on document control, see the ISO 17025 toolkit document template: Document and Record Control Procedure https://advisera.com/17025academy/documentation/document-and-record-control-procedure/

• Additional requirements to become IATF certified when you are ISO 9001:2015 certified

  According to IATF 16949: 2016 standard and IATF rules 5, organizations that do not design products and no product design responsibility; IATF standard, 8.3.2.2 "Product design skills", 8.3.2.3 "Development of products with embedded software", 8.3.3.1 "Product design input" and 8.3.5.1 "Product design and development outputs" are not responsible for these 4 items and must be excluded from QMS. According to the automotive standard and rules, the process design must always be within the scope and any production organization is responsible for the process design activity.