Search results

Home / Search

Category:
Select
Select

11272 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Key positions in ISO 17025

    Typically in a small laboratory the key positions would be a single person as Laboratory combined Quality Manager and then technicians (or analysts) where technical responsibilities would be divided between them.

    Let’s look at the basic point that ISO 17025 requires the organisational and management structure to be defined. This means identifying personnel involved with operations and those who have management authority and overall responsibility for the laboratory (clause 5.2). Management can be one or more person. Their responsibility is to manage and communicate issues related to the management system; including impartiality, competence and consistent operation to meet the scope of ISO 17025.

    Note that one of the changes from the previous version is that there is no requirement for a specific Technical Manager and Quality Manager position.  To support any laboratory operation however; as a minimum, certain management, technical  and support service functions are needed. The  emphasis is on specifying the authority, responsibility, and interrelationship of all personnel. If the laboratory operations will benefit from a single person in the role of  “technical manager”, then this functional role could assigned to a person employed as, for example, a Senior Analyst.

    In terms of accreditation, there are two functional roles. You need at least one Authorised / Technical Signatory to take responsibility for the validity of results and sign the reports for your accredited tests. The Laboratory / Quality Manager would be the Representative who will liaise with the Accreditation body.

    Defining the Human resources is covered in the Advisera Toolkit ISO 17025 document template: Competence, Training and Awareness Procedure at https://advisera.com/17025academy/documentation/competence-training-and-awareness-procedure/

  • Internal auditor competencies

    Each organization has the authority to determine its competency requirements for its internal auditors. Normally, organizations consider that internal auditors should have knowledge of the audit criteria (ISO 14001:2015 in this case) and should have training in internal audits. You can even decide that an auditor has to study a book on audits or attend an online course and do an in-house exam. Internal auditor competence requirements can be established in a job description, for example.

    I would recommend training about ISO 14001:2015 and an internal audit course. As a plus I would recommend that you participate as auditor, making part of an audit team, in 2 or 3 internal audits.

    You can find practical information in the links below:

  • ISO 14001 benefits

    Recently, I've seen several organizations implement an environmental management system (EMS) and get its certification because that is becoming increasingly relevant to win B2B clients. I worked with an organization that implemented an EMS to improve the relationship with the neighborhood and local government, to reduce opposition to plant expansion. I worked with another organization that was able to reduce hazardous wastes due to better segregation of wastes. In this article, you can see a longer list of benefits - 6 Key Benefits of ISO 14001 - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/6-key-benefits-of-iso-14001/

    Please check this information below with more detailed answers:

     

  • ISO 9001 benefits and certified assessor

    1. What benefits will be earned by an educational organization by implementing ISO 9001. 

    Answer:

    In this article - Six Key Benefits of ISO 9001 Implementation - https://advisera.com/9001academy/knowledgebase/six-key-benefits-of-iso-9001-implementation/ you can find a general list of benefits for all kinds of organizations. From my experience of working with educational organizations I think the most important benefit is process integration.

    2. Please advise me how to become a certified assessor of ISO 9001?

    Answer:

    If you want to become recognized as lead auditor, you have to evidence knowledge about ISO 9001 and evidence competence about being an auditor. You can, for example, enroll in our free ISO 9001:2015 Lead Auditor Training Course - https://advisera.com/training/iso-9001-lead-auditor-course/

    Then, you should start doing internal audits to gain experience. With time you can apply to audit for certification bodies.

     

  • Minimum number of audits per year requirement

    As stated in IATF 16949: 2016 standard 7.2.3 f) "Maintenance of and improvement in internal auditor competence shall be demonstrated through: f) executing a minimum number of audits per year, as defined by the organization". The minimum number of internal audits to be performed should be determined by the organization. The minimum number of audits could be 1 or 2, etc. Performing 1 audit annually can be a risk for the knowledge and practice of internal auditors.   

    If your internal auditors did not conduct any audit in the last year; my recommendation is that you can develop the relevant internal auditor with internal training and can conduct its first audit with an experienced auditor. You can define the internal training programs with IATF 16949:2016 and ISO 9001:2915  standard knowledge and internal auditor training. If you indicate these points that I recommend in your internal audit procedure, it will be effective for the system.

    This article may provide additional information:

     

  • Special training for employees to help in implementing ISO 17025

    Implementing and obtaining accreditation to ISO 17025:2017 requires you to meet general requirements for competence (of personnel and operations) and consistent operations (in terms of quality of the work and results). This means that all personnel must be sufficiently skilled, trained and deemed competent for the specific task they are responsible for. ISO 17025 has mandatory requirements for documenting the competency requirements and retaining records.

    The technicians should have suitable ISO 17025 awareness training, as they need to know how their role and actions can positively or negatively impact the consistent valid results of the laboratory. This could be inhouse, as long as the knowledge is gained and there is evidence of them understanding the scope and quality requirements of ISO 17025 as relates to their work and contribution to the laboratory accreditation.

    The Whitepaper Clause-by-clause explanation of ISO 17025:2017 could also assist you with ISO 17025 awareness. Available at https://info.advisera.com/17025academy/free-download/clause-by-clause-explanation-of-iso-17025/

    As personnel training and competency is a critical activity, the Advisera ISO 17025 toolkit includes the mandatory procedure as ISO 17025 document template: Competence, Training and Awareness Procedure along with 4 appendices: Training Program, Training Record and Performance Monitoring, Record of Attendance and Competence Approval and Authorization Record. You can preview the template at https://advisera.com/17025academy/documentation/competence-training-and-awareness-procedure/

    Also have a look at the Advisera Expert Advice Community question and answer in deeming someone competent for more information. Available at https://community.advisera.com/topic/how-training-should-someone-have-before-they-are-deemed-competent-for-a-specific-task/

  • Information Security Risk Assessment and Risk Treatment

    1. Are the risk treatment options limited to the four discussed in your publication?

    I'm assuming you are referring to the book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/

    Considering that, risk acceptance, risk avoidance, risk mitigation, and risk transfer are the most common and used treatments, but regarding ISO 27001 you can use other approaches you may find useful.

    2. Is there conventional risk acceptance criteria, based on likelihood and consequence?

    Common types of risk acceptance criteria involve financial, brand, and legal aspects, but there are no conventional details, like the range of financial values, because these details will depend on the business objectives and its tolerance to risks (e.g., for organizations with low tolerance to risk, the acceptable financial impact of risk will be lower than for organizations with high tolerance to risk)

    For further information, see:

    3. Is treatment options generated from risk acceptance criteria?

    No. Treatment options are based on the identified risk and your available resources. The risk criteria will give you an idea about how much resources you should consider, but they do not define them.

    For further information, see:

    4. How can I join your community...to review issues relating to 27001...tried to sign in but it's impossible...can only comment as a guest?

    In order to post comments on our Expert Advice Community, you need to create an account at this link: https://community.advisera.com/sign-up/
    After that, you will be able to log in and post questions and search for other topics you are interested in.

  • Scope of legal and contractual requirements

    Please note that ISO 27001 requires only requirements relevant to information security, not all the regulations in a country.

    Additionally, please note that the list in the article you mentioned is not fully up-to-date because it depends on voluntary contributions from our readers – therefore, it is likely that not all regulations for each country are listed (some even may have been withdrawn). To make sure you have the latest list of laws and regulations, it would be best to hire a local legal adviser.

    For further information, see:
Page 290-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +