Search results

ISO 9001 Pregunta

Lo primero q debe contar es con el apoyo de la dirección para que pueda facilitar todos los recursos necesarios, tanto económicos como de personal, para llevar a cabo un proyecto de tal complejidad.

Posteriormente puede hacer un análisis GAP o de brecha para saber con qué requisitos ya cuenta y con cuáles debe aún cumplir. En este enlace puede realizar este análisis de forma gratuita - Herramienta de análisis de brecha ISO 9001: https://advisera.com/9001academy/es/herramienta-analisis-de-brecha-iso-9001/

Así mismo, le recomiendo establecer un Plan de Proyecto, en el que determine cada uno de los hitos del proyecto, responsabilidades y metas. Aquí puede descargar un Plan de Proyecto gratuito para ISO 9001:2015 - Project Plan for ISo 9001 implementation: https://info.advisera.com/9001academy/free-download/project-plan-for-iso-9001-implementation-ms-word

Más tarde ya puede comenzar a determinar la política de calidad, los objetivos del SGC, el contexto de la organización y así hasta llegar a la auditoría interna y la revisión por la dirección. 

En el caso de un laboratorio de materiales debe de poner especial atención a la cláusula 7.1.5 de Recursos de seguimiento y medición.  

Estos materiales pueden serle de utilidad para la implantación de la norma en un laboratorio de materiales

- Monitoring and measurement equipment control: https://advisera.com/9001academy/blog/2014/05/06/monitoring-measurement-equipment-control/

- ISO 9001 audit checklist for laboratory: https://advisera.com/9001academy/blog/2018/09/04/iso-9001-audit-checklist-for-laboratory/

- ISO 9001 implementation diagram: https://info.advisera.com/9001academy/free-download/iso-9001-implementation-diagram

- Curso de Fundamentos de la norma ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/

- Discover ISO 9001:2015 through practicale examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

ISO 9001 introduction to the staff

As part of the induction for all staff I recommend following clause 7.3 of ISO 9001:2015. Each function may have its specific requirements for competence and awareness, but for all people it is a must to know the quality policy. Not verbatim, but the sense, the meaning, the purpose behind it. All people must know the quality objectives, or at least those that they can contribute to or influence. All people must know how they can contribute to an effective quality management system and what may be the consequences of non-conformities.

You can find more information below

• How to ensure competence and awareness in ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/how-to-ensure-competence-and-awareness-in-iso-90012015/
  ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
   

Cold calling via e-mail to website visitors or potential customers with a presumed interest

A general email address like info@... is not considered as personal data, so you can send emails to companies to present your services. Email addresses with name or surname (direct contact) are personal data under GDPR. These direct contacts are not published to receive advertising or promoting contacts, the person who published it does not attend to receive such email (unless the text around it allows you to believe otherwise) so that it would not be appropriate to contact them.

However, if you model your email as a cold email using legitimate interest as a legal ground, you can present your company and the advantages in working with you and underline that you are contacting them because they are looking for a similar profile. This would be in line with GDPR requirements. 

Here you can find more information:

• Is consent needed? Six legal bases to process data according to GDPR https://advisera.com/eugdpracademy/knowledgebase/is-consent-needed-six-legal-bases-to-process-data-according-to-gdpr/
• How does GDPR impact marketing activities? https://advisera.com/eugdpracademy/blog/2018/02/08/how-does-gdpr-impact-marketing-activities/
• How does GDPR affect digital marketing? https://advisera.com/eugdpracademy/blog/2019/02/20/how-does-gdpr-affect-digital-marketing/

• EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

• Do internal auditors need training?

  Yes, system internal auditors must receive training on the following topics according to IATF 16949:2016 standard clause 7.2.3.

  • ISO 9001:2015 and IATF 16949:2016 standard knowledge
  • Risk-based thinking based automotive process approach internal auditor training
  • Core tools training (FMEA, SPC, MSA, APQP, PPAP, etc)
  • Customer-specific requirements knowledge

  For more information, please read the following article:

  • Requirements for the competence of IATF 16949 internal auditors https://advisera.com/16949academy/blog/2017/10/19/requirements-for-competence-of-iatf-16949-internal-auditors/
  You can consider enrolling in our free courses:
  • ISO 9001:2015 Foundations Course https://advisera.com/training/iso-9001-foundations-course/
  • ISO 9001:2015 Internal Auditor Course https://advisera.com/training/iso-9001-internal-auditor-course/

  • ISMS

    Please note that besides documents and records required by the standard, legal, statutory, and business requirements related to the ISMS may also require documents and records to be kept, such as:

    • contracts
    • blueprints and specifications
    • manuals

    Considering that, you need to identify legal, statutory, and business requirements related to your ISMS to identify documents and records that you need to present during the audit.

    This article will provide you a further explanation about the identification of requirements:

    • How to identify ISMS requirements of interested parties in ISO 27001 https://advisera.com/27001academy/blog/2017/02/06/how-to-identify-isms-requirements-of-interested-parties-in-iso-27001/

  • Document/template used for the context of the organisation in ISO 27001 toolkit

    Please note that ISO 27001 does not require documenting the context of the organization and this is especially not recommended for smaller organizations - you only need to take into the context of the organization when defining the scope and doing the risk assessment.

    You can read more here:

    • Explanation of ISO 27001:2013 clause 4.1 (Understanding the organization) https://advisera.com/27001academy/knowledgebase/how-to-define-context-of-the-organization-according-to-iso-27001/

  • ISO 9001 Organizational strategy

    Although not 100% correct, life is much more complex, I like to think that organizational strategies can be segmented into three basic types:

    • Cost-based strategies;
    • Innovation or design-based strategies;
    • Customization strategies.
       

    Each strategy appeals to a different customer segment, or to a different customer-context and that influences the whole organization.

    Remember that a quality policy must be designed considering the strategic orientation. That way, strategic orientation influences quality objectives and the definition who are the relevant interested parties. And all that influences what processes are critical.

    Some years ago, I developed this crazy metaphor of seeing an organization with all its processes as an athlete. If you compare the body of someone competing on athletics with the body of someone that competes on weightlifting, they are very, very different. The body of a soccer player is very different from the body of a basketball player. Different strategic orientations require different process content. Two different organizations with two different strategic orientations may have very different relevant quality objectives.

    The following material will provide you more information:

    • How to define Key performance indicators for a QMS based ISO 9001: https://advisera.com/9001academy/24/define-key-performance-indicators-qms-based-iso-9001/-iso-9001/
    • How to write good quality objectives: https://advisera.com/9001academy/knowledgebase/how-to-write-good-quality-objectives/
    • Free webinar on demand - Measurement, analysis, and improvement according to ISO 9001:2015 -
      https://advisera.com/9001academy/webinar/measurement-analysis-and-improvement-according-to-iso-9001-2015-free-webinar/
    • Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
    • Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
       

  • ISO 9001 Question

    I have a different opinion. The standard is recommending us to, after reviewing of corrective actions, consider whether there are risks or opportunities that have not been determined previously, or if their evaluation should be updated. Please check that “if necessary” at the end of clause 10.2.1 e).

    I find it very useful. Don’t consider this clause as applicable to every and each non-conformity. For each non-conformity we are not obliged to develop a corrective action. We develop them when non-conformities are very serious or are trending. In this free webinar on demand - How to implement risk management in ISO 9001:2015 - https://advisera.com/9001academy/webinar/how-to-implement-risk-management-in-iso-90012015-free-webinar/ I say something like “Consider the non-conformities, complaints, devolutions, lost customers as signs, as warnings about the need to update the risk register or the risk evaluation. Are they signaling that changes must be made?”

    You can find more information below.

    • How to address risks and opportunities in ISO 9001: https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
    • Does ISO 9001 require a procedure for addressing risks and opportunities?: https://advisera.com/9001academy/blog/2017/10/10/does-iso-9001-require-a-procedure-for-addressing-risks-and-opportunities/
    • For a free preview of an example of the Registry of Key Risks and Opportunities - https://advisera.com/9001academy/documentation/registry-of-key-risks-and-opportunities/
    • Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
    • Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
       

  • Business Continuity Plan - Pandemic

    Please note that there is not a specific policy or template to cover pandemic, because its impacts can vary from organization to organization, which makes it unfeasible to develop a template to cover all possible situations.

    However, the toolkit provides you the means to customize a BCP to handle this situation. What you need to do is:

    • use the "Bird Flu Pandemic" scenario, documented on template "Examples of Disruptive Incident Scenarios", located on folder 06 Business Continuity Strategy, to identify the strategies and actions required to ensure business continuity and business recovery (e.g., use of masks, work from home, etc.)

    In case you have any BCP which covers staff shortage or lack of communications, you can use them as a basis to develop a BCP to handle the impacts of a pandemic.

    This material may help you:

    • Free webinar – How to use ISO 22301 to continue operations during the pandemic https://advisera.com/27001academy/webinar/how-to-use-iso-22301-to-continue-operations-during-the-pandemic-free-webinar-on-demand/