Search results

ISO 9001 Organizational strategy

Although not 100% correct, life is much more complex, I like to think that organizational strategies can be segmented into three basic types:

• Cost-based strategies;
• Innovation or design-based strategies;
• Customization strategies.
   

Each strategy appeals to a different customer segment, or to a different customer-context and that influences the whole organization.

Remember that a quality policy must be designed considering the strategic orientation. That way, strategic orientation influences quality objectives and the definition who are the relevant interested parties. And all that influences what processes are critical.

Some years ago, I developed this crazy metaphor of seeing an organization with all its processes as an athlete. If you compare the body of someone competing on athletics with the body of someone that competes on weightlifting, they are very, very different. The body of a soccer player is very different from the body of a basketball player. Different strategic orientations require different process content. Two different organizations with two different strategic orientations may have very different relevant quality objectives.

The following material will provide you more information:

• How to define Key performance indicators for a QMS based ISO 9001: https://advisera.com/9001academy/24/define-key-performance-indicators-qms-based-iso-9001/-iso-9001/
• How to write good quality objectives: https://advisera.com/9001academy/knowledgebase/how-to-write-good-quality-objectives/
• Free webinar on demand - Measurement, analysis, and improvement according to ISO 9001:2015 -
  https://advisera.com/9001academy/webinar/measurement-analysis-and-improvement-according-to-iso-9001-2015-free-webinar/
• Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
   

ISO 9001 Question

I have a different opinion. The standard is recommending us to, after reviewing of corrective actions, consider whether there are risks or opportunities that have not been determined previously, or if their evaluation should be updated. Please check that “if necessary” at the end of clause 10.2.1 e).

I find it very useful. Don’t consider this clause as applicable to every and each non-conformity. For each non-conformity we are not obliged to develop a corrective action. We develop them when non-conformities are very serious or are trending. In this free webinar on demand - How to implement risk management in ISO 9001:2015 - https://advisera.com/9001academy/webinar/how-to-implement-risk-management-in-iso-90012015-free-webinar/ I say something like “Consider the non-conformities, complaints, devolutions, lost customers as signs, as warnings about the need to update the risk register or the risk evaluation. Are they signaling that changes must be made?”

You can find more information below.

• How to address risks and opportunities in ISO 9001: https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
• Does ISO 9001 require a procedure for addressing risks and opportunities?: https://advisera.com/9001academy/blog/2017/10/10/does-iso-9001-require-a-procedure-for-addressing-risks-and-opportunities/
• For a free preview of an example of the Registry of Key Risks and Opportunities - https://advisera.com/9001academy/documentation/registry-of-key-risks-and-opportunities/
• Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
   

Business Continuity Plan - Pandemic

Please note that there is not a specific policy or template to cover pandemic, because its impacts can vary from organization to organization, which makes it unfeasible to develop a template to cover all possible situations.

However, the toolkit provides you the means to customize a BCP to handle this situation. What you need to do is:

• use the "Bird Flu Pandemic" scenario, documented on template "Examples of Disruptive Incident Scenarios", located on folder 06 Business Continuity Strategy, to identify the strategies and actions required to ensure business continuity and business recovery (e.g., use of masks, work from home, etc.)

In case you have any BCP which covers staff shortage or lack of communications, you can use them as a basis to develop a BCP to handle the impacts of a pandemic.

This material may help you:

• Free webinar – How to use ISO 22301 to continue operations during the pandemic https://advisera.com/27001academy/webinar/how-to-use-iso-22301-to-continue-operations-during-the-pandemic-free-webinar-on-demand/

Gap analysis for ISO 13485

ISO 13485:2016 is the international standard requirement for a medical device manufacturing quality management system. ISO 13485:2016 standard is based on the requirements of ISO 9001:2008. ISO 13485 includes the entire ISO 9001:2008 standard with additional requirements included in blue italics text. One major distinction of ISO 13485 is that it is intended to also be required for regulatory purposes as well as a non-statutory requirement for a quality management system. 

For more information on this topic, please see the following article:

• Similarities and differences between ISO 9001:2015 and ISO 13485:2016 https://advisera.com/9001academy/blog/2015/01/21/iso-9001-vs-iso-13485/

Also, the following articles can be helpful in understanding the ISO 13485:2016:

• What is ISO 13485? https://advisera.com/13485academy/what-is-iso-13485/How to get ISO 13485 certified? - https://advisera.com/13485academy/iso-13485-certification/
• Checklist of ISO 13485 implementation and certification steps https://advisera.com/13485academy/knowledgebase/checklist-of-iso-13485-implementation-and-certification-steps/
• Six key benefits of ISO 13485 implementation - https://advisera.com/13485academy/knowledgebase/six-key-benefits-of-iso-13485-implementation/

• Transfer to controllers or Processors - which one to use?

  I would need more information. It depends on who processes personal data. The processor collects and processes personal data on behalf of the controller, according to the article 28 GDPR. So if the contractor software company will process data on your behalf, you will be the controller and the contractor will be the processor.

  On the contrary, if you are developing a software and license it to the contractor who will processes data on its own behalf and on its own servers, the contractor will be the controller and you might be the processor if you have any access to personal data (i.e. for maintenance reason).

  You can also find more information here:

  • EU GDPR controller vs. processor – What are the differences? https://advisera.com/eugdpracademy/knowledgebase/eu-gdpr-controller-vs-processor-what-are-the-differences/
  • What is the EU GDPR and why is it applicable to the whole world? https://advisera.com/eugdpracademy/knowledgebase/what-is-the-eu-gdpr-and-why-is-it-applicable-to-the-whole-world/

  You can consider enrolling in our free EU GDPR Foundations Course

  • EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

  • Ionizing radiation doc

    In the procedure 12.4 Procedure for ionizing radiation sterilization, you need to fulfill only elements that are marked with comments. Of course, your data depends on your specific process of radiation, and only you know which they are (for example in section 3.4 Alara Principle).

    If you have anything else that you consider important, of course, that you can add to the procedure.

    If your sterilization process is outsourced, take into consideration to make this procedure in collaboration with the company that provides this process for you.

    For more information about common mistakes with ISO 13485:2016 documentation control and how to avoid them, please see the following article:

    • Common mistakes with ISO 13485:2016 documentation control and how to avoid them https://advisera.com/13485academy/blog/2018/03/14/common-mistakes-with-iso-134852016-documentation-control-and-how-to-avoid-them/

    • ISO 9001 Management Review

      Management review is more than just a meeting, it is the whole process of collecting inputs, transforming data into information, study and make decisions. So, using your language, management review is a working meeting. The purpose is not to make a presentation, the purpose is to evaluate management system adequacy, suitability and effectiveness and make decisions about improvement opportunities, need for changes and resource needs.

      You can find more information below:

      • How to make Management Review more useful in the QMS - https://advisera.com/9001academy/blog/2014/01/21/make-management-review-useful-qms/
      • How to Make Management Review More Practical - https://advisera.com/9001academy/blog/2013/12/10/make-management-review-practical/
      • Free webinar – How to perform management review according to ISO 9001:2015 - https://advisera.com/9001academy/webinar/how-to-perform-management-review-according-to-iso-9001-2015-free-webinar-on-demand/
      • ISO 9001 document template: Procedure for Management Review - https://advisera.com/9001academy/documentation/procedure-management-review/
      • Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
      • Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
         

    • ISO 17025 in pharmaceutical industry

      How is a pharmaceutical company performing it's own drug stability testing in their own lab required to be certified?