Search results

Risk and opportunities

Think about what your organization expects as desired results from each of these departments. Think also about the undesired results that you want to avoid.
So, for example, what can be expected from each department:

• Increase brand notoriety (Marketing)
• Reduce delivery delays (Production)
• Reduce defects that are received by customers (Quality Control)
• Keep talented people (Human Resources)
• Good decisions about the whole organization (Management)
• Reduce transportation costs (Logistics)
• Reduce defects imported from suppliers (Purchasing)
• Increase time between equipment failure (Maintenance)

Then, start thinking about events that can introduce uncertainty and deviate from meeting the desired results. For example, concerning Production:

• Delays from suppliers
• Equipment breakdowns
• Wrong planning
• Lack of workers
• Defective raw materials
• Workers lacking the necessary skills

You can also think about events that can introduce positive uncertainty and help meet or surpass the desired results. For example, concerning Maintenance:

• Old equipment that is more likely to break down replaced by newer, more reliable equipment
• Use of more reliable parts suppliers
• Better preventive maintenance

You can find more information below.

• How to address risks and opportunities in ISO 9001: https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
• Does ISO 9001 require a procedure for addressing risks and opportunities?: https://advisera.com/9001academy/blog/2017/10/10/does-iso-9001-require-a-procedure-for-addressing-risks-and-opportunities/
• For a free preview of an example of the Registry of Key Risks and Opportunities - https://advisera.com/9001academy/documentation/registry-of-key-risks-and-opportunities/
• Free webinar on demand - How to implement risk management in ISO 9001:2015 - https://advisera.com/9001academy/webinar/how-to-implement-risk-management-in-iso-90012015-free-webinar/
• Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

ISO 9001: 2008 vs ISO 9001: 2015

Algunos de los cambios más importantes en ISO 9001:2015 con respecto a ISO 9001:2008 son los siguientes:

- un esquema común en las normas que forma parte de la estructura de alto nivel que hace que la integración sea más sencilla

- eliminación del manual de calidad y del representante de la dirección

- inclusión de la determinación del contexto de la organización así como de las partes interesadas

- control de proveedores externos 

- Introducción del pensamiento basado en riesgos y la eliminación de la acción preventiva

- Los registros y documentos pasan a llamarse información documentada

- Refuerzo del enfoque basado en procesos

Para mas información sobre las diferencias entre ISO 9001:2008 e ISO 9001:2015 vea los siguientes materiales:

- Infografía ISO 9001:2015 vs revisión del 2008: qué ha cambiado: https://advisera.com/9001academy/pt-br/kit-de-documentacao-da-iso-9001/nowledgebase/infografia-iso-90012015-vs-revision-del-2008-que-ha-cambiado/

- Curso gratuito en línea - Fundamentos de la norma ISo 9001:2015:  https://advisera.com/es/formacion/curso-fundamentos-iso-9001/

- Libro - ISO 9001:2015 through practical examples:  https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

Environment microbial limits

You should be guided by you sector and any regulations, standards or specifications applicable to your scope of work and tests being performed. For example, the requirements for Food and Agriculture differ from Health and medicine. The intention is that conditions should not adversely affect the validity of your results. Look to guidance documents for your specific sector, e.g. from the FDA, USP or EU on microbial controls. There are also a number of ISO Standards, for Example ISO 14160:2020 Sterilization of health care products — Liquid chemical sterilizing agents for single-use medical devices utilizing animal tissues and their derivatives — Requirements for characterization, development, validation and routine control of a sterilization process for medical devices.

There is a clear need to perform a risk assessment for each test or calibration method and associated activities in the laboratory’s scope of work. Then you can determine what facilities and environmental conditions are suitable and what controls (measures) are required to provide the consistent conditions.

For more information, see the ISO 17025 toolkit Facilities and Environmental Condition Procedure at https://advisera.com/17025academy/documentation/facilities-and-environmental-condition-procedure/

The following articles may assist further:

What does ISO 17025:2017 require for laboratory measurement equipment and related procedures? at https://advisera.com/17025academy/blog/2019/07/25/iso-17025-measurement-requirements-of-the-standard/

Five-step laboratory risk management according to ISO 17025:2017 at https://advisera.com/17025academy/blog/2019/12/05/iso-17025-risk-management-in-five-steps and the webinar How to manage risks in laboratories according to ISO 17025 at https://advisera.com/17025academy/webinar/iso-17025-risk-management-how-to-manage-it-free-webinar-on-demand/

Is it necessary having third party come to certify accuracy of my equipment periodically

You asked

do I have to have a third party come in a certify the accuracy of my equipment periodically?  

The requirement is to ensure the correct capability and performance of you equipment and to document the calibrations for all equipment that contribute to the overall measurement uncertainty of test or calibration results .This means having a linked unbroken calibration chain and known measurement uncertainty (MU). Then on an ongoing basis maintain confidence  (clause 6.4.10) by either performing your own intermediate checks or perhaps own calibrations. Whether you can do you own calibrations all depends on the type of equipment, knowledge of standards and specifications required, and the purpose. If you require measurement uncertainty (MU) values to use in you uncertainty calculation then an external ISO 17025 accredited laboratory can provide that, giving you the required metrological traceability, the MU and a suitable ISO 17025 calibration report. Also consider requirements from your accreditation body as they will typically have a policy on the options or approach required. 

You also asked

If so how often?"

The calibration period must be determined by you, based on accreditation body requirements, risk or best practices. Refer to ILAC (international organisation for accreditation bodies) for policies and guidelines.

Consider, for example, that the annual calibration of a weight set that is used for routine analytical balance verification may be excessive, if the personnel are trained to handle the weights properly, and they suitably stored. For your sensors and gauges, you should refer to recommendations from suppliers and best practices.

The article: What does ISO 17025:2017 require for laboratory measurement equipment and related procedures? at https://advisera.com/17025academy/blog/2019/07/25/iso-17025-measurement-requirements-of-the-standard/

The ISO 17025 toolkit document template: Equipment and Calibration Procedure at https://advisera.com/17025academy/documentation/equipment-and-calibration-procedure/

Also refer to  ILAC P10:07/2020 ILAC Policy on Metrological Traceability of Measurement Results and ILAC G24:2007 Guidelines for the determination of calibration intervals of measuring instruments, available from https://ilac.org/publications-and-resources/

ISO 14001 requirements for emergency planning

Unfortunately, I cannot give you a specific answer. I can only give general answers. I would start with looking for legislation and regulation concerning large-scale and high-risk manufacturing. In many countries these economic activities have to follow some preventive rules that must be taken in consideration while developing an emergency plan.

An organization has to determine potential emergency situations, evaluate them and for the most critical develop preventive actions. In some cases, may be a retention basin to contain leaks and spills, in another may be changing procedures or equipment. However, even with prevention measures emergency situations may occur. For those situations the organization must develop a response. How to act, who must act, where to find help. ISO 14001:2015 also mentions training the response measures and learning with simulations and with the follow-up of any emergency situation.

You can find more information below:

• ISO 14001 emergency preparedness and response - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/iso-14001-emergency-preparedness-and-response/
• 5 steps to set up an emergency plan according to ISO 14001 - https://advisera.com/14001academy/blog/2014/07/23/5-steps-set-emergency-plan-according-iso-14001/
• Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
• Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/

Risk and opportunity register

A risk and opportunity register is not a mandatory document required by ISO 9001:2015. So, organizations are free to include whatever they find useful.

You want to list risks and opportunities. For each one you can record where they occur or their source, and an evaluation of its importance or significance. You can also include a column to include actions to be taken to handle significant risks and opportunities.

You can find more information below.

• How to address risks and opportunities in ISO 9001: https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
• Does ISO 9001 require a procedure for addressing risks and opportunities?: https://advisera.com/9001academy/blog/2017/10/10/does-iso-9001-require-a-procedure-for-addressing-risks-and-opportunities/
• For a free preview of an example of the Registry of Key Risks and Opportunities - https://advisera.com/9001academy/documentation/registry-of-key-risks-and-opportunities/
• Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
   

Privacy policy and GDPR docs

Yes, you need a privacy notice on the website because you are collecting email addresses, IP, cookies from your visitors, which are personal data. You need to inform your visitors in a transparent manner on the purposes of data processing (for marketing reason or subscribing to a newsletter), on data retention period (how long will you keep their email addresses), how to contact the data controller and how they can exercise their rights.

We developed a mini toolkit for websites with templates that help organizations to set up easily all the documents:GDPR Mini Toolkit for Websites https://advisera.com/eugdpracademy/eu-gdpr-mini-toolkit-for-websites/ 

Here you can find more information:

• Everything you need to know about the GDPR Privacy Notice https://advisera.com/articles/gdpr-privacy-notice-6-key-elements-to-include/
• Is consent needed? Six legal bases to process data according to GDPR https://advisera.com/eugdpracademy/knowledgebase/is-consent-needed-six-legal-bases-to-process-data-according-to-gdpr/
• Four main questions for obtaining and managing data subjects’ consent under GDPR https://advisera.com/eugdpracademy/knowledgebase/four-main-questions-for-obtaining-and-managing-data-subjects-consent-under-gdpr/

If you want to know more about GDPR compliance you can consider enrolling in this EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//