Search results

Home / Search

Category:
Select
Select

11277 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Addressing Improvement clause

    You asked

    1. How to address Improvement clause?

    The Quality Manual can be used to state the commitment and any policy addressing Improvements. Although a procedure is not mandatory, it is a commonly used non-mandatory procedure. This is because it is an important quality management system activity and you need to show evidence on how you consider, action and evaluate opportunities for improvement. This should be covered under the procedure Addressing Risks and Opportunities.

    See ISO 17025 document template: Addressing Risks and Opportunities Procedure, available at https://advisera.com/17025academy/documentation/addressing-risks-and-opportunities-procedure/

    You also asked

    2. What data should be included in the context of Improvement data analysis

    For each potential opportunity, a benefit / risk evaluation should be performed. Inputs to the evaluation will be both subjective (knowledge of the system) and objective (for example client requests, contract requirements, strategic decisions).

    The record Registry of Key Risks and Opportunities, or similar, plus any other supportive records such as risk evaluation matrices should be used. The objective is to decide if the opportunity is worth the possible risk of change. Because the actions taken are required to be proportional to the potential impact, you can use a 3 x 3 risk and a 3 x 3 opportunities matrix for the evaluation to semi quantify the evaluation. Start with the benefit score. For example do a 3 x 3 opportunity evaluation where High = 3 points,  Med = 2 points and Low = 1 point. Consider Probability of successful implementation against Positive Impact. Multiple the probability and impact points to determine the Benefit points. Decide on a scale, for example if the Benefit points = 1 or 2 it is low, 3 or 4 is medium and 6 or 9 is high benefit.

    Then do the Risk Score. For example do a 3 x 3 Risk evaluation where Probability of Risk if you implemented the improvement change (High, Med, Low) against Severity, i.e. negative impact if implemented the improvement change (High, Med, Low) where again High = 3 points,  Med = 2 points and Low = 1 point. Multiple the points. Decide on a scale, for example if the Risk Score is 1 or 2 it is low, 3 or 4 is medium and 6 or 9 is high risk.

    Finally perform the overall Evaluation, which is a Benefit / Risk Ratio to guide your decision. State your approach, for example only implement if Low Risk and High or Medium Benefit; do not implement if benefit is Low or Medium and Risk is High; for all other cases evaluate further. Remember  this is not a policy to adhere to, but a guidance, to assist the laboratory decide (on a risk basis) which improvements to implement. Evaluating further will involve looking at how much resources will be needed, in terms of time and finances. These discussions could take place during management review.

    See the ISO 17025 document template: Registry of Key Risks and Opportunities available at https://advisera.com/17025academy/documentation/registry-of-key-risks-and-opportunities/ for more assistance

    The webinar How to manage risks in laboratories according to ISO 17025 will also assist, being available at https://advisera.com/17025academy/webinar/iso-17025-risk-management-how-to-manage-it-free-webinar-on-demand/

  • ISO 13485 implementation duration

    Small contract engineering firm, 10 employees. Decades of experience in product development but little in med devices. Starting from nothing, about how long should it take to achieve 13485 certification using the right consulting firm to assist?

  • ISO 14001 Environmental auditing vs monitoring compliance

    Environmental auditing concerns clause 9.2 of ISO 14001:2015 and his about auditing the whole environmental management system based on a sample. Evaluation of compliance concerns clause 9.1.2 of ISO 14001:2015 and his about checking the current status of an organization against all the regulations and legislation determined according to clause 6.1.3 of ISO 14001:2015, and if there is any noncompliance check if actions were taken to deal with it, and if top management was made aware of the current situation. Evaluation of compliance is not based on sample, is a complete evaluation.

    You can find more information below:

  • ISO 14001: 2015 en la industria química

    Primeramente es muy importante contar con el apoyo lo de la alta dirección, que va a facilitar los recursos tanto de personal como económicos para poder llevar a cabo el proyecto de implementación.

    Posteriormente debería de realizar un análisis de brecha (o GAP, por sus siglas en inglés) que le ayudará a identificar aquellos requisitos con los que la organización aún no cumple. Esto le va a facilitar la implementación ya que reducirá significativamente el tiempo de implementación, especialmente en una industria química donde ya existen numerosos procedimientos que cumplen con regulaaciones especiíficas de medio ambiente. Aquí puede llevar a cabo el análisis de forma gratuita - Herramienta de análisis de brecha en ISO 14001: https://advisera.com/14001academy/es/herramienta-gap-analysis-iso-140012015/

    Más tarde le recomiendo que lleve a cabo un plan de proyecto, donde defina las responsabilidades, hitos durante la implementación, plazos, etc. Aquí puede descargar de forma gratuita un plan de proyecto - Project Plan for ISO 14001:2015 implementation: https://info.advisera.com/14001academy/free-download/project-plan-for-iso-140012015-implementation-ms-powerpoint

    Luego ya podrían empezar con lo que es la implementación en sí de la norma, definiendo el alcance del Sistema de Gestión Ambiental, para lo cual le recomiendo que primeramente de las cuestiones internas y externas del contexto de la organización, ya que le puede ser de gran ayuda a la hora de saber cuáles van a ser los límites de su SGA. A continuación, puede determinar tanto la política de su SGA así como los objetivos del SGA. Aquí puede obtener más información de cómo definir el alcance de su SGA - How to determine the scope of the EMS according to ISO 14001:2015: https://advisera.com/14001academy/blog/2016/02/01/how-to-determine-the-scope-of-the-ems-according-to-iso-140012015/

    Más adentante, deberá de establecer todos los procesos relacionados con el sistema e implentarlos para finalmente realizar la auditoría interna y finalmente llevar a cabo la revisión por la dirección.

    Estos materiales  pueden ayudarle a saber cuáles son los pasos en la implementación de ISO 14001:2015:

    - Artículo: Lista de pasos para la implementación de la ISO 14001: https://advisera.com/14001academy/es/knowledgebase/lista-de-pasos-para-la-implementacion-de-la-iso-14001/

    - Curso gratuito - Fundamentos de ISO 14001:2015:  https://advisera.com/training/es/course/curso-fundamentos-iso-14001/

    - Libro - The ISO 14001:2015 companion: https://advisera.com/books/the-iso-14001-2015-companion/

  • Question about LinkedIn and emails

    My situation is that we are publishing a list of the top 25 UK figures in a specific technology. We would like to notify those figures that they've been chosen before we publish, but we have not been given their email addresses.

    My questions are: If we are able to obtain those email addresses from the public domain (but haven't been given explicit consent from the people to use those email addresses), is it admissible to email them in order to ask them if they want to be featured? Does this fall under 'legitimate interest'?

    Yes, it falls under legitimate interest. If you find the email in the public domain, the owner of the email expects to be contacted for something of interest. Not to receive commercials or spam, therefore informing those persons that they will feature on a list of top 25 UK figures can be considered a legitimate interest.

    If we message these people on social media instead of emailing (i.e. LinkedIn and/or Twitter), but we are not currently 'connected' to them, is this admissible under GDPR?

    Yes, the message is under the legitimate interest of the data controller.

    Here you can find more information:

    If you want to know more about GDPR compliance you can consider enrolling in this EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

  • Early stage compliance

    What do you mean by start-up? Let us consider two hypotheses:

    • A - Let me use start-up to represent a new company with an established business model, like a restaurant, like a new shoe manufacturing plant, or a new transport company.
    • B - Let me use start-up company as a designation for a project of company in search of a business model. Startups, in reality, are not yet companies, they are still projects of companies in search of a successful business model and customer fit. So, a startup is like an experiment being done. The startup can be called a company only after finding the right business model, a customer fit, and when it starts scaling. Only then, the procedures and internal standards are ready to be documented.

    So, for situation B it is too early to certify. For situation A, I think it is easier to get ISO certification than with an established company (with same resources and motivation). An established company has to unlearn some practices and that it is not always easy.

    For situation B certification makes sense only after starting to scale.

    You can find more information below:

  • Clause 8.1 Management system requirements

    Clause 8.1 does not require a procedure. It specifies the need to establish a management system and document it to the extent necessary so that the laboratory can achieve the requirements of ISO 17025. This means it is more applicable to apply clause 8.1 to a policy statement. e.g. State as a policy “The laboratory is committed to establishing,  documenting and maintaining a management system to meet the general, structural, resource, process and management requirements of ISO 17025”. This is typically documented in the Quality Manual, not as a procedure. If the laboratory does not have a system already established in accordance with ISO 9001, then state that the Option A applies, where the clause 8 management requirements are addressed as part of ISO 17025. If the laboratory does have a system already established in accordance with ISO 9001, then state that the Option B applies, where the clause 8 management requirements are addressed as part of ISO 9001, including laboratory activities. This means that, for example how complaints and corrective action are handled, fall under the ISO 9001 activities and evidence can be shown of laboratory activities being included.You can link this clause 8.1 to your overall project planning to implement ISO 17025:2017.

    Have a look at the ISO 17025 toolkit document templates for some more insight:  

    The following articles may be of interest :

  • Excluding "Design" from the ISO audit

    Let us consider three situations:


    a) Company does not perform design activities
    b) Company performs design activities, but they are performed outside the scope of the quality management system
    c) Company performs design activities, and they are performed within the scope of the quality management system and the company decides to exclude design from the certification process

    Situations a) and b) are allowed, but the organization has to explain why design was excluded. These are common, pacific situations.
    Situation c) is not allowed. If design is performed within the management system scope it must be included. Not including design is a major non-conformity.
    The following material will provide you more information about exclusions:

     

  • ISO 9001 - getting started in a quality department

    I think that a quality department should develop three areas of expertise:

    • Quality control
    • Quality improvement 
    • Quality development 
       

    For quality control you can start with the risk-based thinking and developing a quality control plan from scratch: what to control, where, with what frequency, how, by whom, where to record, whit what specifications.

    For quality improvement you start with the facts collected with quality control and customer satisfaction using tools to find trends, find priorities to improve your system.

    Root cause analysis is fundamental for quality improvement and can be one of the bases for developing knowledge about how to design quality into products and services from the beginning.

     

    The following material will provide you more information:

  • BCMS objectives

    Please note that business continuity objectives depend on the organizational context and the organization's own business objectives and strategies, so it is unfeasible to provide specific inputs.

    Generally speaking, you can have at least two types of objectives:

    1. Strategic objectives – for your whole Business Continuity Management System, and
    2. Tactical objectives – Recovery Time Objectives (RTOs), Recovery Point Objectives (RPOs), Minimum Business Continuity Objectives (MBCOs), and exercising and testing objectives.

    These articles will provide you a further explanation about BC objectives and organizational context (although the last article is about ISO 27001, the same concept applies to ISO 22301):

    This material will also help you:
Page 289-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +