Search results

Can single process (stamping) be certified to IATF 16949 standard?

If your production process is just "stamping" and you are selling the pressed part to your automotive customer without any further action, you can apply for IATF certification. Your scope would be "Manufacturing of stamped parts" if product design excluded.

If you have welding and assembly processes in your automotive product other than the stamping process, then the welding and assembly processes must also be audited under IATF certification. 

If you have welding and assembly processes within the scope of ISO 9001 and "stamping" is only within the scope of automotive; Even if your scope is ‘’ manufacturing of stamped parts’’ because production processes cannot be separated according to IATF rules and they are all in the same factory; welding and assembly processes must also be audited.

In the case of this situation I have mentioned, 3 different actions can be taken in accordance with IATF rules:

1) The automotive process can be moved to another building. Or

2) The "stamping" process is separated by a separate wall inside the building; its door must be separate, its operators must be separate and it must not work for anyone other than automotive. In case of a 2nd case, as this issue is risky for IATFyou should make a detailed application to your certification company. Or

3) All production processes must be audited in the same building, but your certification scope is "manufacturing of stamped parts".

• QMS Auditing concerns

  I can't help but invite you to watch this free webinar on demand - How to perform an ISO 9001:2015 internal audit - https://advisera.com/9001academy/webinar/how-to-perform-an-iso-9001-2015-internal-audit-free-webinar-on-demand/ - where I try to draw attention to the main points to take into account in an internal audit to a QMS.

  Particularly, during the audit, I consider the following topics as very important:

  • Approach auditees with an open mind, present yourself and explain what you are doing and why
  • Make clear questions, one at a time
  • Listen – give time to answer. Rephrase the question if needed
  • Repeat the answer in your own words to check that you understood
  • Ask for evidences – take note of what you saw and what you heard. Take your time. Elephants have memory, auditors take notes
  • Beware of the sample you audit. You want to be sure in your conclusions, they must rest on clear, objective and sufficient number of findings
  • Don’t forget to say thank you once finished the audit interview

  You can find more information in the following links:

  • ISO 9001 – Five Main Steps in ISO 9001 Internal Audit - https://advisera.com/9001academy/knowledgebase/five-main-steps-in-iso-9001-internal-audit/
  • ISO 9001 document template: Procedure for Internal Audit - https://advisera.com/9001academy/documentation/procedure-internal-audit/
  • Please find in this free webinar on demand - How to perform an internal audit remotely -https://advisera.com/9001academy/webinar/remote-internal-audit-free-webinar-on-demand/
  • ISO 9001:2015 Lead Auditor Training Course - https://advisera.com/training/iso-9001-lead-auditor-course/
  • Book - ISO internal audit: A plain English guide: https://advisera.com/books/iso-internal-audit-plain-english-guide/

• Legal and statutory requirements associated with ISO 13485

  The best way to start for legal and statutory requirements is the list of harmonized standards published by the European Union. These harmonized standards are applicable for different types of medical devices.

  Here is the link to List of harmonized standards: https://ec.europa.eu/growth/single-market/european-standards/harmonised-standards/medical-devices_en

  For more information, please see the following articles:

  • What are EU harmonized standards? https://advisera.com/13485academy/blog/2020/06/12/what-are-eu-harmonized-standards/
  • How to determine regulatory requirements according to ISO 13485:2016 https://advisera.com/13485academy/knowledgebase/how-to-determine-regulatory-requirements-according-to-iso-13485/

  • Organizational units and funcitons

    The meaning of organizational unit is context dependent. For example, it can be an individual company or an individual non-governmental organization. If you think about a corporation, each business unit may be seen as an organizational unit. If you think about a hospital, each main service, blood services, infectious-contagious, may be seen as an organizational unit.

    For each organizational unit there are specific functions, normally identified in an organizational chart. Like warehouse manager, like seller, like quality controller, like line operator.

    You can find more information below:

    • How to document roles and responsibilities according to ISO 9001 - https://advisera.com/9001academy/blog/2018/02/26/how-to-document-roles-and-responsibilities-according-to-iso-9001/
    • Enroll for free in ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-9001-internal-auditor-course/
    • Book - Discover ISO 9001 :2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
       

     

  • Artificial Intelligence Modelling

    The approach you take will depend on the perceived risks and legal requirements that must be fulfilled related to the Artificial Intelligence modeling activity, so without more details, it is not possible to provide a specific answer.

    In a general way, I can devise at least two controls that can be applied:

    • access control (A.9.1.1 Access control policy): only authorized personnel must have access to data/information, both digitally and physically form
    • protection of test data (A.14.3.1 Protection of test data): data in the test must be changed in a way now one can identify the original data from a test sample (i.e., anonymization)

    These articles will provide you a further explanation about access control and use test data:

    • How to handle access control according to ISO 27001 https://advisera.com/27001academy/blog/2015/07/27/how-to-handle-access-control-according-to-iso-27001/
    • How to set security requirements and test systems according to ISO 27001 https://advisera.com/27001academy/blog/2016/01/11/how-to-set-security-requirements-and-test-systems-according-to-iso-27001/  

  • Risks for those working on a contracted cloud

    Muito útil. Agradecida.

  • Logs Management

    The approach you take must depend on the perceived risks, legal requirements to be fulfilled, and available resources. In terms of ISO 27001 both approaches are acceptable, each one with its own advantages and disadvantages (e.g., logs in separate places mean that regular servers' administrators and operators will not have access to them, increasing security, but this configuration requires more resources and administrative effort).

    This article will provide you a further explanation about log management:

    • Logging and monitoring according to ISO 27001 A.12.4 https://advisera.com/27001academy/logging-according-to-iso-27001/

  • ISO 14001 - Environmental objectives section

    No, it is not the same thing.

    Based on the environmental assessment an organization determines the significant environmental aspects.

    Based on the environmental policy, that sets priorities, and on the significant environmental aspects, an organization must develop its environmental objectives. So, basically, under the priorities of the environmental policy, what environmental improvement challenges must be tackled with scarce resources.

    Please check this information below with more detailed answers:

    • How to Use Good Environmental Objectives - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/how-to-use-good-environmental-objectives/
    • Examples of ISO 14001 objectives based on the different company sizes - https://advisera.com/14001academy/blog/2019/10/22/iso-14001-objectives-examples-for-different-company-sizes/
    • Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
    • Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/
       

  • Based on what the sample size to do MSA?

    There are different types and purposes of MSA studies. One of them is GRR, which is a repeatability and reproducibility study. In this study, 3 operators measure 10 parts three times.  In other words, MSA study is performed according to 90 measurement results.

    Another example of MSA studies is "BIAS" study.

    The meaning of BIAS is the difference between the observed average of measurements and the reference value.  In this study, the reference part is measured at least 10 times by an operator.

    As I mentioned above, there are different types of MSA studies. Such studies are applied according to the type of device and purpose.

    For more information, you can see the following article:

    • How to Establish Measurement System Analysis According to IATF 16949 https://advisera.com/16949academy/blog/2017/11/08/how-to-establish-measurement-system-analysis-according-to-iatf-16949/