Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • ISO 9001 - getting started in a quality department

    I think that a quality department should develop three areas of expertise:

    • Quality control
    • Quality improvement 
    • Quality development 
       

    For quality control you can start with the risk-based thinking and developing a quality control plan from scratch: what to control, where, with what frequency, how, by whom, where to record, whit what specifications.

    For quality improvement you start with the facts collected with quality control and customer satisfaction using tools to find trends, find priorities to improve your system.

    Root cause analysis is fundamental for quality improvement and can be one of the bases for developing knowledge about how to design quality into products and services from the beginning.

     

    The following material will provide you more information:

  • BCMS objectives

    Please note that business continuity objectives depend on the organizational context and the organization's own business objectives and strategies, so it is unfeasible to provide specific inputs.

    Generally speaking, you can have at least two types of objectives:

    1. Strategic objectives – for your whole Business Continuity Management System, and
    2. Tactical objectives – Recovery Time Objectives (RTOs), Recovery Point Objectives (RPOs), Minimum Business Continuity Objectives (MBCOs), and exercising and testing objectives.

    These articles will provide you a further explanation about BC objectives and organizational context (although the last article is about ISO 27001, the same concept applies to ISO 22301):

    This material will also help you:

  • License management Auditing

    Please note that ISO 27001 does not approach specifics about processes and technologies. It only defines requirements for information security management and information security objectives to be achieved.

    Considering that "License management" involves the control and documentation of the software products your business uses, and where and how they are used, you should consider at least auditing these controls:

    • A.8.1.1 Inventory of assets
    • A.8.1.3 Acceptable use of assets
    • A.12.5.1 Installation of software on operational systems
    • A.12.6.2 Restrictions on software installation
    • A.18.1.1 Identification of applicable legislation and contractual requirements
    • A.18.1.2 Intellectual property rights

    This article will provide you a further explanation about developing an audit checklist:

    These materials will also help you regarding performing an audit:

  • Integration of 22301 and 27001 - common policies

    Considering ISO 27001 and ISO 22301, which have a lot of requirements in common, it is perfectly possible to integrate some documents. In fact, this can bring many benefits, like decreased costs in implementation, maintenance, and internal audits.

    This article will provide you a further explanation about integrated implementation:

    This material will provide further information:

    This material will provide information about overlaps:

  • Converting from 17025:2015 to 17025:2017

    Transition is primarily about meeting the changed and new requirements. As a laboratory the transition means you need to identifying any gaps in your policies, objectives, processes, procedures and records, to meet ISO 17025:2017 scope of requirements (see clause 8.1.1 and 8.2). Revising and or establishing the necessary documents is part of the process, however there is no prescribed way to number your documents.

    Many laboratories that used the ISO 17025:2005 clause numbering have realigned the numbering with the new clauses. Others have not. What is important is link everything to the management system (clause 8.2.4), remove obsolete documents from use and make sure personnel have clear access to all the information necessary to comply with the new version.

    Decide what will work best for your laboratory, practically, considering opportunities and risks of different ways you could go about the changes to your documentation.

    The following may assist you:

  • Focus area on a surveillance visits

    Broadly speaking, you must focus to keep the documents up to date and to make sure everyone complies with all the documents.

    This approach ensures that all elements of your ISMS will be ready for the surveillance visit, regardless of the surveillance audit scope.

    This article will provide you a further explanation about surveillance audit:

  • Can contract manufacturer exclude validation from their scope?

    No, exclusion 7.3.7 Design and development validation is not possible since it is a strict requirement from the standard. They have to have documented validation plans and all other arrangments. However, this can be outsourced to some other company or laboratory, but then this should be explained as such.

  • Key positions in ISO 17025

    Typically in a small laboratory the key positions would be a single person as Laboratory combined Quality Manager and then technicians (or analysts) where technical responsibilities would be divided between them.

    Let’s look at the basic point that ISO 17025 requires the organisational and management structure to be defined. This means identifying personnel involved with operations and those who have management authority and overall responsibility for the laboratory (clause 5.2). Management can be one or more person. Their responsibility is to manage and communicate issues related to the management system; including impartiality, competence and consistent operation to meet the scope of ISO 17025.

    Note that one of the changes from the previous version is that there is no requirement for a specific Technical Manager and Quality Manager position.  To support any laboratory operation however; as a minimum, certain management, technical  and support service functions are needed. The  emphasis is on specifying the authority, responsibility, and interrelationship of all personnel. If the laboratory operations will benefit from a single person in the role of  “technical manager”, then this functional role could assigned to a person employed as, for example, a Senior Analyst.

    In terms of accreditation, there are two functional roles. You need at least one Authorised / Technical Signatory to take responsibility for the validity of results and sign the reports for your accredited tests. The Laboratory / Quality Manager would be the Representative who will liaise with the Accreditation body.

    Defining the Human resources is covered in the Advisera Toolkit ISO 17025 document template: Competence, Training and Awareness Procedure at https://advisera.com/17025academy/documentation/competence-training-and-awareness-procedure/

  • Internal auditor competencies

    Each organization has the authority to determine its competency requirements for its internal auditors. Normally, organizations consider that internal auditors should have knowledge of the audit criteria (ISO 14001:2015 in this case) and should have training in internal audits. You can even decide that an auditor has to study a book on audits or attend an online course and do an in-house exam. Internal auditor competence requirements can be established in a job description, for example.

    I would recommend training about ISO 14001:2015 and an internal audit course. As a plus I would recommend that you participate as auditor, making part of an audit team, in 2 or 3 internal audits.

    You can find practical information in the links below:
Page 289-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +