Search results

Disposal of assets

Please note that while ISO 27001 provides a general objective for the disposal of media, it does not provide technical guidance on how to perform media disposal.

To see how a Disposal and Destruction Policy compliant with ISO 27001 looks like, please see this free demo template at this link: https://advisera.com/27001academy/documentation/disposal-and-destruction-policy/

For technical guidance, you should consider these references:

• ISO/IEC 27040 Information technology — Security techniques — Storage security https://www.iso.org/obp/ui/#iso:std:iso-iec:27040:ed-1:v1:en
  -NIST 800-88 - Guidelines for Media Sanitization https://csrc.nist.gov/publications/detail/sp/800-88/rev-1/final

These articles can also help:

• Secure equipment and media disposal according to ISO 27001 https://advisera.com/27001academy/blog/2015/12/07/secure-equipmentand-media-disposal-according-to-iso-27001/
• 5 practical tips for media disposal according to ISO 27001 https://advisera.com/27001academy/blog/2018/10/22/5-practical-tips-for-media-disposal-according-to-iso-27001/

Documents and records

1 - A further point to the below on when a document can become a record.

This is the principle in the document change history section of documents, that I’ve been basing our document version control journey on:

V0.1, v0.2, v0.3, v0.4 = Drafts

V1.0 = Approved version based upon v0.4

V1.1, V1.2, V1.3 = Updates to the v1.0. Draft status.

V2.0 = Approved version based upon v1.3

V2.1, V2.2, V2.3, V2.4 = Drafts

V2.4 is reviewed and approved

V3.0 = New approved version.

I had thought that as soon as a document has approved status then it becomes a record. At that point the document which is now in the record log, is subject to the controls re assigning an owner that must check the content on a given review date to ensure that the information and data contained with the document is accurate, current and relevant.

From the advice you have given, I realise I have miss-understood what a record can be and also the control that applies to records. The above example of a document, from what you are saying, is not to be considered a record. However, the quality control still needs to take place to review all documents that have information and data in for their accuracy and relevance etc.?

Please note that a document only becomes a record when you cannot change it anymore (at most you can add an amendment, but the original record is kept intact), and you need to implement controls to ensure unauthorized charges do not occur. While it is subjected to updates, you need to review it when necessary to ensure it is still accurate and relevant, so quality control still needs to perform actions on documents.

2 - Records cannot be edited or amended and they have retention periods, whereas documents are only required up until the point that they are useful to the business. Therefore, all previous versions of documents can be archived or deleted. Is this a correct statement?

Filling and exclusion of a number of obsolete versions of documents (i.e., approved versions that were replaced by updated ones) will depend on the applicable requirements for records retention. For example, for some documents, you may need to keep all previous versions, while for others you may need to keep only the two previous versions.

3 - A secondary point, is the above example of version control a good practice approach or am I leading our team down the wrong path?

Your example of versioning is a common one used in the marketing and is fine to be used for ISO 27001.

Requirements for analytical laboratories under 16949 designation

When you use an external laboratory, ISO 17025 accreditation is a must.

If your supplier who produces the product performs the tests in his own laboratory, I think that if he provides you with evidence that he is in compliance with the 7.1.5.3.1 requirements of the standard, that is, that his internal laboratory is in compliance, it will be sufficient with PPAP. ​​

But again, to be safe, it would be better if you have the tests that are legally required on the product done by an accredited laboratory.

QMS Objectives

Timeframe is one thing, monitoring frequency is another:

If the monitoring frequency is made equal to the timeframe there will not exist any monitoring during the journey to the desired future. You will have only one verification at the end, and if you fail to meet the objective it is too late to act. For example, in the picture above, before the end of the time frame there are three interim moments of monitoring allowing action if needed.

What is the best timeframe for an objective? It will depend on the dimension of the change needed and on the availability of resources.

The following material will provide you more information:

• How to define Key performance indicators for a QMS based ISO 9001: https://advisera.com/9001academy/24/define-key-performance-indicators-qms-based-iso-9001/-iso-9001/
• How to write good quality objectives: https://advisera.com/9001academy/knowledgebase/how-to-write-good-quality-objectives/
• Free webinar on demand - Measurement, analysis, and improvement according to ISO 9001:2015 -
  https://advisera.com/9001academy/webinar/measurement-analysis-and-improvement-according-to-iso-9001-2015-free-webinar/
• Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
   

ISO 13485 workflow explanation

Following article explains how to create an ISO 9001 process flowchart, and provides an example of a process flowchart that can be used as a guideline for creating a flowchart for your own company. You will also learn:

• What the process approach is
• Why it is important
• An overview of commonly used terminology

For more information, please see:

• How to create an ISO 9001 process flowchart https://info.advisera.com/9001academy/free-download/how-to-create-an-iso-9001-process-flowchart

Also, this webinar may provide additional information:

• The Process Approach - What it is, why it is important, and how to do it - https://advisera.com/9001academy/webinar/iso-9001-process-approach-free-webinar-on-demand/

• GDPR consent and scope identification

  ABC Company is the controller of his own staff's personal data. In the job contract or in the staff privacy notice, the staff gave consent to ABC company to process personal data to carry the task of the job, which means also transfer data to processors or the third parties if related to the job.

  The application, therefore, will be a processor that processes ABC’s staff personal data on the behalf of the organization for the scope to fulfill the software license agreement (use the application). Therefore, there will be a data processing agreement between ABC Company and Application Company which regulates how ABC’s data will be processed accordingly Article 28 GDPR requirements.

  GDPR applies to the whole organization and all its data processing activities whether they are computer-based or not.

  Here you can find more information:

  • Article 28 GDPR: https://advisera.com/eugdpracademy/gdpr/processor/
  • Is consent needed? Six legal bases to process data according to GDPR: https://advisera.com/eugdpracademy/knowledgebase/is-consent-needed-six-legal-bases-to-process-data-according-to-gdpr/
  • What is the EU GDPR and why is it applicable to the whole world? https://advisera.com/eugdpracademy/knowledgebase/what-is-the-eu-gdpr-and-why-is-it-applicable-to-the-whole-world/
  • First steps to take to reach GDPR compliance: https://advisera.com/eugdpracademy/blog/2018/10/08/first-steps-to-take-to-reach-gdpr-compliance/

  If you want to know more about GDPR compliance you can consider enrolling in this EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

• ISO 14001 Internal Audit

  Internal auditors receive a kind of order for their audits. That order specifies three critical topics:

  • The scope of the audit (it can be the overall management system or just a part)
  • The objective, the purpose, the reason for the audit (for example checking conformance, or checking effectiveness)
  • The criteria (the part of the standard and the internal documents applicable to the scope)
     

  You can look for more information below:

  • Using internal audits to drive real improvement in ISO 14001:2015 - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/using-internal-audits-to-drive-real-improvement-in-iso-140012015/
  • Enroll for free in ISO 14001:2015 Internal Auditor Course - https://advisera.com/training/iso-14001-internal-auditor-course/
  • Book - ISO internal audit: A plain English guide: https://advisera.com/books/iso-internal-audit-plain-english-guide/

• ISO 14001 Examples of Life Cycle Persepctive Analysis

  Imagine a wooden furniture manufacturing company. Life cycle analysis can begin with a concern for the origin of the wood, the guarantee that the wood came from a legitimate origin with proper exploitation practices. Then, the wood is worked in a way to be used well. And it can reach the point where the company proposes to customers to collect the furniture at the end of its useful life.

  Another example may be that of a toy manufacturer that includes information for customers to properly dispose of toy batteries at the end of their useful life.

  Please check this information below with more detailed answers:

  • Environmental aspect identification and classification - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/environmental-aspect-identification-and-classification/
  • Catalogue of environmental aspects - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/catalogue-of-environmental-aspects/
  • How does product life cycle influence environmental aspects according to ISO 14001:2015? - https://advisera.com/14001academy/blog/2016/03/21/how-does-product-life-cycle-influence-environmental-aspects-according-to-iso-140012015/
  • Free webinar - ISO 14001: Identification and evaluation of environmental aspects - https://advisera.com/14001academy/webinar/iso-14001-identification-and-evaluation-of-environmental-aspects-free-webinar-on-demand/
  • Enroll for free in this course – ISO 14001:2015 Lead Auditor Course - https://advisera.com/training/iso-14001-lead-auditor-course/
  • Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/

• ISO 14001 Question

  ISO 14001 is about an environmental management system (EMS). So, risk assessment in ISO 14001 is related with desired or undesired results about the EMS.

  In a laboratory you can start by determining environmental aspects and impacts generated by laboratory operation. Then, you can determine if there are any risks and opportunities around those environmental aspects and impacts. For example, I worked in a laboratory that generated hazardous wastes. Risks could be about giving the right treatment for those wastes, working with the authorized waste operators, using practices to minimize waste generation, minimizing wastes mixture.

  You can find more information below:

  • ISO 14001 risks and opportunities vs. environmental aspects - https://advisera.com/14001academy/blog/2016/03/21/how-does-product-life-cycle-influence-environmental-aspects-according-to-iso-140012015/
  • Risks and opportunities in ISO 14001:2015 – What they are and why they are important - https://advisera.com/14001academy/blog/2016/03/07/risks-and-opportunities-in-iso-140012015-what-they-are-and-why-they-are-important/
  • Free webinar - ISO 14001: Identification and evaluation of environmental aspects - https://advisera.com/14001academy/webinar/iso-14001-identification-and-evaluation-of-environmental-aspects-free-webinar-on-demand/
  • ISO 14001 document template: Procedure for Identification and Evaluation of Environmental Aspects and Risks - https://advisera.com/14001academy/documentation/procedure-for-identification-and-evaluation-of-environmental-aspects/
  • Enroll for free in this course – ISO 14001:2015 Lead Auditor Course - https://advisera.com/training/iso-14001-lead-auditor-course/
  • Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/