Search results

Following up on pending issues

Let us first make some comments to your wording.

There is no definition in ISO 9000:2015 or in ISO 19011:2018 about what is an audit observation. So, I will assume in this answer that an observation is the same as an opportunity for improvement (OFI). What is included in the text of the observation is not a non-conformity (NC), but an invitation to evaluate, to consider improving something.

Normally, audits generate NC. During the follow-up of an audit a NC may require a correction and a corrective action.

About observations. After the audit, relevant management, must evaluate the relevance of each observation and decide if any change will be made. The decision, and the action may be recorded in a meeting minute about the follow-up of the audit.

About NC. After the audit, relevant management, must analyze each NC and define what correction is needed and if a corrective action is needed. Normally, organizations have a form, for example Corrective Action Request (CAR), where the correction, corrective action if needed, verification of implementation and effectiveness and closure is recorded. Please check this example from our Documentation Toolkit - ISO 9001 document template - Procedure for Internal Audit - https://advisera.com/9001academy/documentation/procedure-internal-audit/

You can find more information in the following links:

• Major vs. minor nonconformities in the certification audit - https://advisera.com/27001academy/blog/2014/06/02/major-vs-minor-nonconformities-in-the-certification-audit/
• Free webinar on demand - How to perform an ISO 9001:2015 internal audit - https://advisera.com/9001academy/webinar/how-to-perform-an-iso-9001-2015-internal-audit-free-webinar-on-demand/ (includes a slide about the follow-up)
• You can enroll for free in this course - ISO 9001:2015 Internal Auditor Course: https://advisera.com/training/iso-9001-internal-auditor-course/
• Book - ISO internal audit: A plain English guide: https://advisera.com/books/iso-internal-audit-plain-english-guide/

Contexto de la organizacion

Determinar el contexto de la organización se trata de un requisito de la norma ISO 9001:2015 y que se encuentra recogido en la cláusula 4. Básicamente con este requisito se pide que una organización considere las cuestiones internas y externas que pueden tener un impacto sobre sus objetivos estratégicos y a la planificación del Sistema de Gestión de Calidad. 

La norma no obliga a tener un documento que certifique que se ha determinado el contexto de la organización, sin embargo durante una auditoría, debe de existir evidencia de que sí se ha llevado a cabo este requisito. Es decir, que se podría evidenciar además de con un documento donde se vean reflejadas las cuestiones internas y externas de la organzación, con por ejemplo, una entrevista con la alta dirección.

Para más información sobre el contexto de la organización vea los siguientes materiales: 

- Cómo identificar el contexto de la organización en ISO 9001:2015: https://advisera.com/9001academy/pt-br/kit-de-documentacao-da-iso-9001/nowledgebase/como-identificar-el-contexto-de-la-organizacion-en-iso-90012015/

- Formación gratuita en línea – Fundamentos de ISO 9001:2015 : https://advisera.com/es/formacion/curso-fundamentos-iso-9001/

- Libro – Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

Primer paso para ISO 9001

El primer paso para la impelmentación es contar con el apoyo de la alta dirección de su organización, que va a ser crucial durante la implementación de ISO 9001:2015, porque que proporciona los recursos tanto económicos como de personal.

Luego puede llevar a cabo un análisis GAP o de brecha, que le va a ayudar a identificar aquellos requisitos con los que ya cumple y aquellos con los que aún debe aún cumplir. Aquí puede llevar a cabo el análisis de forma gratuita: https://advisera.com/9001academy/iso-9001-gap-analysis-tool/

Es importante que antes de la implementación de la norma conozca cada una de las cláusulas con las que tiene que cumplir para poder llevar a cabo el proyecto de implementación de ISO 9001. En este white paper puede encontrar información resumida sobre cada una de ellas - Clause by clause explanation of ISO 9001: https://info.advisera.com/9001academy/free-download/clause-by-clause-explanation-of-iso-90012015

Posteriormente puede escribir un plan de proyecto en el que determine responsabilidades, defina la documentación que va a escribirse, los plazos de implementación, etc. En este enlace puede descargarse una plantilla - Plan de Proyecto para la implementación de ISO 9001:https://info.advisera.com/9001academy/es/descarga-gratuita/plan-de-proyecto-para-la-implementacion-de-iso-9001-ms-word

Luego ya podría empezar con la implementación de la norma: la definición de la política de calidad, los objetivos de calidad y planes para llevarlos a cabo, el contexto de la organización y sus partes interesadas, el alcance del SGC, etc...hasta llegar a la auditoría interna y la revisión por la dirección, que sería el paso previo para certificarse. En este enlace puede descargarse un checklist para la implementación de la norma - Porject checklist for ISO 9001:2015: https://info.advisera.com/9001academy/free-download/project-checklist-for-iso-9001-2015-implementation

Estos materiales pueden ayudarle con la implementación de ISO 9001:2015:
- Libro – Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Formación gratuita en línea – Fundamentos de ISO 9001:2015 : https://advisera.com/es/formacion/curso-fundamentos-iso-9001/

Applicability of ISO 9001

ISO 9001 is a generic international standard designed to be applicable in all economic sectors regardless of organization’s size.

ISO 9001 is used by organizations to demonstrate their ability to systematically provide products and services that meet requirements and to satisfy customers and other interested parties.

The following material will provide you more information:

• What is ISO 9001? - https://advisera.com/9001academy/what-is-iso-9001/
• The history and future of the ISO 9000 series of standards - https://advisera.com/9001academy/blog/2019/04/15/history-of-the-iso-9000-series-of-standards-and-what-to-expect-next/
• Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
• Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

Validation of software of machines and equipment related to production process

Yes, you need to validate software of machine and equipment related to the production process, but only when there is a new revision of the software; when you get information from the machine manufacturer that there is a necessity to update the software. 

If that is not the case, then you do not need to regularly validate that software.  

You can see how records of software validation look in ISO 13485:2016 Documentation toolkit on the following link:

• Record of Software Validation https://advisera.com/13485academy/documentation/record-of-software-validation-iso-13485-2016/

• ISO 9001 internal documents approval

  Your internal documents don’t need to be approved by clients. If you have internal documents specific to a particular client it may be required, if previously determined by contract, to use client documents or use specific internal documents approved by client.

  You can find more information about records below:

  • How to structure quality management system documentation - https://advisera.com/9001academy/knowledgebase/how-to-structure-quality-management-system-documentation/
  • New approach to document and record control in ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/
  • Some tips to make Document Control more useful for your QMS - https://advisera.com/9001academy/blog/2014/05/20/tips-make-document-control-useful-qms/
  • Free online training ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
  • Book - Managing ISO Documentation: A Plain English Guide - https://advisera.com/books/managing-iso-documentation-plain-english-guide/
     

• Database tesi prova finale

  Sono un docente di Conservatorio di musica. Assieme a un nutrito gruppo di colleghi vorremmo realizzare un database consultabile online sul portale di una rivista di settore. Il database dovrebbe contenere alcuni dati relativi alle tesi presentate per la Prova finale al termine di un corso accademico. In particolare: titolo della tesi, oggetto di interesse, eventuali nomi di diplomandi e di relatori, nome dell'istituzione in cui si è tenuta la Prova. Si tratta di una iniziativa facilmente realizzabile?

  La facilità dell’iniziativa dipende non solo dal GDPR ma da diversi fattori. Dal punto di vista del GDPR, l’articolo 89 GDPR consente le raccolte dati per finalità scientifiche.

  Quali adempimenti saremmo tenuti in caso a rispettare? Grazie

  L’adempimento più importante che mi viene in mente è la redazione di un’informativa privacy per i visitatori del database e un accordo per il trasferimento dei dati con i conservatori.Considerate che mentre l’articolo 89 GDPR non richiede il consenso nel caso di trattamenti per finalità di archivio o di ricerca scientifica, il codice della Privacy italiano richiede il consenso dei soggetti. Il GDPR, infatti, consente agli Stati Membri di introdurre delle discipline più restrittive per tutelare meglio i diritti e le libertà degli individui.Il consenso, tuttavia, è richiesto anche dalla normativa sulla proprietà intellettuale, essendo la tesi protetta dal diritto d’autore. Naturalmente, è possibile inserire una procedura che consenta agli studenti di inviare e pubblicare la tesi sul vostro database in modo da avere il consenso direttamente da loro.Se invece, come mi pare di capire, volete che i conservatori condividano le loro tesi, la cosa potrebbe essere un po’ più complicata. Forse qualche conservatorio nel proprio modulo per il consenso richiede l’autorizzazione al trasferimento dei dati a terzi per finalità di archivio, allora un accordo per il trattamento dei dati tra titolare e responsabile del trattamento può regolare il tutto.L’articolo 89 GDPR richiede inoltre l’adozione di particolari salvaguardie, che venga consentito l’esercizio dei diritti ai soggetti del trattamento, la definizione di un periodo di durata della conservazione del dato, l’adozione di misure di sicurezza come la crittografia.La parte più complicata, tuttavia, è data dal fatto che la normativa italiana richiede che le parti partecipino a programmi comuni di ricerca, quindi sarà necessario elaborare degli accordi con i singoli conservatori.

  Qui puoi trovare ulteriori informazioni:

  • I diritti degli interessati secondo il GDPR https://advisera.com/eugdpracademy/it/knowledgebase/gli-8-diritti-degli-interessati-secondo-il-gdpr/
  • Quattro domande principali per ottenere e gestire il consenso degli interessati ai sensi del GDPR https://advisera.com/eugdpracademy/it/knowledgebase/quattro-domande-principali-per-ottenere-e-gestire-il-consenso-degli-interessati-ai-sensi-del-gdpr/
  • Egrave; necessario il consenso? Sei basi giuridiche per il trattamento dei dati in conformità con il GDPR https://advisera.com/eugdpracademy/it/knowledgebase/e-necessario-il-consenso-sei-basi-giuridiche-per-il-trattamento-dei-dati-in-conformita-con-il-gdpr/
  • Everything you need to know about the GDPR Privacy Notice https://advisera.com/articles/gdpr-privacy-notice-6-key-elements-to-include/

  Se desideri saperne di più sulla conformità al GDPR, puoi prendere in considerazione l'iscrizione a EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

• Example of a completed Risk Assessment Table

  For an example of Risk Assessment and Risk Treatment I suggest you take  look at this paper:

  • Diagram of ISO 27001:2013 Risk Assessment and Treatment process (PDF) https://info.advisera.com/27001academy/free-download/diagram-of-iso-270012013-risk-assessment-and-treatment-process

• Which records need to be signed with a hand-written signature (or electronic equivalent)?

  In ISO 13485:2016 there are no strict requirements regarding the type of signature. In the requirement 4.2.4 Control of documents is stated following documents need to be review and approve documents for adequacy prior to issue; that each document needs to be reviewed, update as necessary and re-approve documents; ensure that the current revision status of and changes to documents are identified; ensure that relevant versions of applicable documents are available at points of use; ensure that documents remain legible and readily identifiable.

  In requirement 4.2.5 Control of records is stated that each record shall be maintained to provide evidence of conformity to requirements and of the effective operation of the quality management system.

  So it is up to your organization how this will be solved.

  For more information about common mistakes with ISO 13485:2016 documentation control and how to avoid them, please see the following link:

  • Common mistakes with ISO 13485:2016 documentation control and how to avoid them https://advisera.com/13485academy/blog/2018/03/14/common-mistakes-with-iso-134852016-documentation-control-and-how-to-avoid-them/

  • List of documents for BCMS

    It is feasible to have a sequential document list only for BCMS.
    I can tell you that we already have an ISMS in place and we will start implementing our BCMS shortly. Regarding the documents, we acquired the complete package to help us complement the ISMS that we currently have.

    Please note that included in your toolkit there is a List of documents file that identifies the documents applicable to an ISO 22301 BCMS implementation.

    Some of them are exclusive for ISO 22301 (e.g., Business Continuity Policy), and will need to be created from zero, while others are common for both ISO 27001 and ISO 22301 (e.g., Training and Awareness Plan), and you will need only to perform some adjustments.

    Regarding the sequence, the List of documents file presents the documents in the order they need to be implemented.

    For further information, see:

    • Checklist of ISO 22301:2019 mandatory documentation (PDF) https://info.advisera.com/27001academy/free-download/checklist-of-iso22301-mandatory-documentation
    • Diagram of ISO 22301 implementation process (PDF) https://info.advisera.com/27001academy/free-download/diagram-of-iso-22301-implementation-process