Search results

AS9100 - defining Top Management

The use of “top management” in AS9100 carries over from the ISO 9001 standard; as such the definition comes from ISO 9000. Top Management is the person or group who direct the organization at the highest level within the scope of the QMS. So, if the QMS scope is the one building you are located in, but you have a parent company in another country, then top management refers to the senior managers at the facility detailed in the scope.

You can learn more about meeting the QMS leadership requirements in this applicable 9001Academy article: How to comply with new leadership requirements in ISO 9001:2015, https://advisera.com/9001academy/knowledgebase/how-to-comply-with-new-leadership-requirements-in-iso-90012015/

Single person company becoming ISO 9001?

First, note this is typical corporate culture, apply one size to fit all rules.
Second, there is no basic or entry-level ISO, but ISO 9001:2015 is very flexible. Organizations can design a very light quality management system. For a single person company, you can minimize documentation to almost only what is mandatory.

You can find more information in the following links:

• List of mandatory documents required by ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/
• Should you use a gap analysis in your ISO 9001 implementation? -https://advisera.com/9001academy/17/use-gap-analysis-iso-9001-implementation/
• Free ISO 9001:2015 Gap Analysis Tool -https://advisera.com/9001academy/iso-9001-gap-analysis-tool/
• Checklist of ISO 9001 implementation & certification steps - https://advisera.com/9001academy/knowledgebase/checklist-of-iso-9001-implementation-certification-steps/
• Enroll for a free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/

Change request procedure

In ISO 13485:2016, in requirement 4.1.4, there is no request to have a documented procedure for change control. In this requirement is stated that changes need to be made, evaluated for their impact on the quality management system and medical device, and controlled. In our documentation toolkit, in procedure 21_Procedure_for_Management_Review_Premium_EN, in section 3.2.1 Review inputs is stated that one of the inputs is Changes that affect the quality system. The section about changes is also stated in form 21.2_Appendix_2_Management_Review_Minutes_Premium_EN.

In our procedure 14_Warehousing_Procedure_Premium_EN is stated that the purpose of this procedure is to describe the process of warehousing and planning warehousing resources. The warehousing process includes, but is not limited to: storage of raw materials, products, clients’ property, nonconforming products, and hazardous waste. This procedure excludes: Storage, transport, and handling of medical products; and Temporary storage in case of incidents and emergency situations. In section 4.1 is stated that both FEFO and FIFO can be used. It is up to you to decide which approach is most suitable for you.

There is no direct requirement in the ISO 13485:2016 in section 7.5.11 to have documented Goods in and Goods out procedure.

Can single process (stamping) be certified to IATF 16949 standard?

If your production process is just "stamping" and you are selling the pressed part to your automotive customer without any further action, you can apply for IATF certification. Your scope would be "Manufacturing of stamped parts" if product design excluded.

If you have welding and assembly processes in your automotive product other than the stamping process, then the welding and assembly processes must also be audited under IATF certification. 

If you have welding and assembly processes within the scope of ISO 9001 and "stamping" is only within the scope of automotive; Even if your scope is ‘’ manufacturing of stamped parts’’ because production processes cannot be separated according to IATF rules and they are all in the same factory; welding and assembly processes must also be audited.

In the case of this situation I have mentioned, 3 different actions can be taken in accordance with IATF rules:

1) The automotive process can be moved to another building. Or

2) The "stamping" process is separated by a separate wall inside the building; its door must be separate, its operators must be separate and it must not work for anyone other than automotive. In case of a 2nd case, as this issue is risky for IATFyou should make a detailed application to your certification company. Or

3) All production processes must be audited in the same building, but your certification scope is "manufacturing of stamped parts".

• QMS Auditing concerns

  I can't help but invite you to watch this free webinar on demand - How to perform an ISO 9001:2015 internal audit - https://advisera.com/9001academy/webinar/how-to-perform-an-iso-9001-2015-internal-audit-free-webinar-on-demand/ - where I try to draw attention to the main points to take into account in an internal audit to a QMS.

  Particularly, during the audit, I consider the following topics as very important:

  • Approach auditees with an open mind, present yourself and explain what you are doing and why
  • Make clear questions, one at a time
  • Listen – give time to answer. Rephrase the question if needed
  • Repeat the answer in your own words to check that you understood
  • Ask for evidences – take note of what you saw and what you heard. Take your time. Elephants have memory, auditors take notes
  • Beware of the sample you audit. You want to be sure in your conclusions, they must rest on clear, objective and sufficient number of findings
  • Don’t forget to say thank you once finished the audit interview

  You can find more information in the following links:

  • ISO 9001 – Five Main Steps in ISO 9001 Internal Audit - https://advisera.com/9001academy/knowledgebase/five-main-steps-in-iso-9001-internal-audit/
  • ISO 9001 document template: Procedure for Internal Audit - https://advisera.com/9001academy/documentation/procedure-internal-audit/
  • Please find in this free webinar on demand - How to perform an internal audit remotely -https://advisera.com/9001academy/webinar/remote-internal-audit-free-webinar-on-demand/
  • ISO 9001:2015 Lead Auditor Training Course - https://advisera.com/training/iso-9001-lead-auditor-course/
  • Book - ISO internal audit: A plain English guide: https://advisera.com/books/iso-internal-audit-plain-english-guide/

• Legal and statutory requirements associated with ISO 13485

  The best way to start for legal and statutory requirements is the list of harmonized standards published by the European Union. These harmonized standards are applicable for different types of medical devices.

  Here is the link to List of harmonized standards: https://ec.europa.eu/growth/single-market/european-standards/harmonised-standards/medical-devices_en

  For more information, please see the following articles:

  • What are EU harmonized standards? https://advisera.com/13485academy/blog/2020/06/12/what-are-eu-harmonized-standards/
  • How to determine regulatory requirements according to ISO 13485:2016 https://advisera.com/13485academy/knowledgebase/how-to-determine-regulatory-requirements-according-to-iso-13485/

  • Organizational units and funcitons

    The meaning of organizational unit is context dependent. For example, it can be an individual company or an individual non-governmental organization. If you think about a corporation, each business unit may be seen as an organizational unit. If you think about a hospital, each main service, blood services, infectious-contagious, may be seen as an organizational unit.

    For each organizational unit there are specific functions, normally identified in an organizational chart. Like warehouse manager, like seller, like quality controller, like line operator.

    You can find more information below:

    • How to document roles and responsibilities according to ISO 9001 - https://advisera.com/9001academy/blog/2018/02/26/how-to-document-roles-and-responsibilities-according-to-iso-9001/
    • Enroll for free in ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-9001-internal-auditor-course/
    • Book - Discover ISO 9001 :2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
       

     

  • Artificial Intelligence Modelling

    The approach you take will depend on the perceived risks and legal requirements that must be fulfilled related to the Artificial Intelligence modeling activity, so without more details, it is not possible to provide a specific answer.

    In a general way, I can devise at least two controls that can be applied:

    • access control (A.9.1.1 Access control policy): only authorized personnel must have access to data/information, both digitally and physically form
    • protection of test data (A.14.3.1 Protection of test data): data in the test must be changed in a way now one can identify the original data from a test sample (i.e., anonymization)

    These articles will provide you a further explanation about access control and use test data:

    • How to handle access control according to ISO 27001 https://advisera.com/27001academy/blog/2015/07/27/how-to-handle-access-control-according-to-iso-27001/
    • How to set security requirements and test systems according to ISO 27001 https://advisera.com/27001academy/blog/2016/01/11/how-to-set-security-requirements-and-test-systems-according-to-iso-27001/  

  • Risks for those working on a contracted cloud

    Muito útil. Agradecida.