Search results

Guide for dock audit

There is no CQI or any other manual about the dock audit.

As you know dock audit is ‘’a quick, final inspection of finished products before they are sealed, boxed, and approved for shipping. It is a visual inspection typically performed by quality control inspectors on the shipping dock of a warehouse shortly before the product is loaded onto a freight truck for delivery.’’

So, as long as it covers the above topics, you can use your own list of questions.

Requirements for custom service business to be compliant for ISO 13485

In ISO 13485:2016 in section 1 Scope is stated that this standard can be equally applicable for both medical device production and related services. This means that instead of production you will describe how you provide your service. Of course, certain documented requirements want to be applicable to you. For example, if you do not provide sterilization process, then requirements (and all applicable documentation) 7.5.5 Particular requirements for sterile medical devices and 7.5.7 Particular requirements for validation of processes for sterilization and sterile barrier systems are not applicable to you. Also, if you have no implantable requirements, then requirement 7.5.9.2 Particular requirements for implantable medical devices is also not applicable to you.

You have to state all requirements that are not applicable and write a justification for them in the Quality manual.

For more information structuring ISO 13485 Quality Management System, please see the following article:

• How to structure Quality Management System documentation according to ISO 13485 https://advisera.com/13485academy/knowledgebase/how-to-structure-quality-management-system-documentation-according-to-iso-13485/

For more information about ISO 13485 implementation, see following articles:

• Checklist of ISO 13485 implementation and certification steps - https://advisera.com/13485academy/knowledgebase/checklist-of-iso-13485-implementation-and-certification-steps/
• Six key benefits of ISO 13485 implementation - https://advisera.com/13485academy/knowledgebase/six-key-benefits-of-iso-13485-implementation/

• Clarity on the certifying body and the cost for it

  Depending on the industry your organization works on, and countries it operates, some certification bodies will be more relevant than others, regardless of its "popularity" in general marketing.

  This article will provide you a further explanation about certification bodies:

  • How to choose a certification body https://advisera.com/blog/2021/01/11/how-to-choose-an-iso-certification-body/

• Difference between BCMS and Risk Management System

  How is a BCMS different from a Risk Management System?

  The BCMS objective is to ensure the continuity of delivery of products and services during and after a disruptive event, while the Risk Management System's objective is to identify, analyze, evaluate, and treat risks according to defined organization's criteria.

  These articles will provide you a further explanation about BCMS and risk management:

  • ISO 22301 https://advisera.com/27001academy/what-is-iso-22301/
  • ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/

  These materials will also help you regarding BCMS and risk management:

  • Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/
  • Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/

• Gantt chart as a project plan for the ISO 27001 project

  Since most of our customers are small businesses, they found the steps defined in the toolkit folders as enough for running a project, and in most cases doing these steps in sequence (without overlapping them) has proved to be satisfactory.

  Unfortunately, we do not have a template for the Gantt chart, but here are some free materials that can help you develop such a document: 

  • Diagram of EU GDPR & ISO 27001 integrated implementation  https://info.advisera.com/eugdpracademy/free-download/diagram-of-eu-gdpr-and-iso-27001-integrated-implementation  
  • Project checklist for ISO 27001 implementation https://info.advisera.com/27001academy/free-download/project-checklist-for-iso-27001-implementation
  • Project checklist for EU GDPR implementation https://info.advisera.com/eugdpracademy/free-download/project-checklist-for-eu-gdpr-implementation

• Annex SL 27001 or annex A 27001

  Please note that there is no ISO document called "Annex SL 27001". ISO 27001 standard has only one annex, called Annex A.

  The Annex SL is a section of the ISO/IEC Directives part 1 that prescribes how the ISO Management System Standard (MSS) standards should be written.

  Considering that, for network security, you need to use annex A from ISO 27001.

  These  articles will provide you a further explanation about ISO 27001 Annex A and network security controls:

  • A quick guide to ISO 27001 controls from Annex A https://advisera.com/27001academy/iso-27001-controls/
  • How to manage network security according to ISO 27001 A.13.1 https://advisera.com/27001academy/blog/2016/06/27/how-to-manage-network-security-according-to-iso-27001-a-13-1/

  These materials will also help you regarding ISO 27001 Annex A:

  • ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
  • ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

• ISO27001& ISO22301, GDPR and PCI-DSS

  Thank you for your rely. If I understand the best is to teach them the new rocedures and policies then later on prepare for certify the company. 

• Defining the Scope

  You can define the scope of your ISMS as the data in the data center, but you need to state in the scope that this data is accessed by third-party, so this information can be used in the risk assessment and risk treatment process (from there you can define how to treat risks related to third-party accessing the data, normally by means of security clauses in contracts, agreements or terms of service).

  These articles will provide you a further explanation about the scope definition supplier security:

  • How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
  • 6-step process for handling supplier security according to ISO 27001 https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/

• ISO 9001 and response time to customer complaints

  ISO 9001:2015 does not define a response time to resolve customer complaints. What is expected is that complaints are resolved without undue delay. 
  For example, I’m working as a consultant with a manufacturing company that was finally able to close a complaint after more than 3 months last month. They had to wait for lab test results that took a lot of time to be received.

  The following material will provide you more information:

  • ISO 9001 – Effective complaints management in a QMS - https://advisera.com/9001academy/blog/2014/09/16/effective-complaints-management-qms/
  • Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
  • ISO 9001:2015 Documentation Toolkit - https://advisera.com/9001academy/iso-9001-documentation-toolkit/ may be useful
  • Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

• Organization structure chart

  If by organization structure chart you mean a drawing representing authority relationship in an organization, you must be aware that ISO 9001:2015 has no requirement for the existence of an organization chart. Also, ISO 9001:2015 has no mandatory requirements for procedures. ISO 9001:2015 has no mandatory procedures. Please check this article - List of mandatory documents required by ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/

  Auditing an organization requires checking evidences from reality against audit criteria. As audit criteria you will have ISO 9001:2015 requirements and any internal rules and procedures, written or not written according to clause 4.4.2.

  You can start your audit preparation by asking the organization its mandatory documents and a list of internal rules or procedures. If the organization has nothing, perhaps it is best to perform a Gap Analysis instead of an internal audit.

  You can find more information below:

  • Gap analysis vs. internal audit in ISO 9001 - https://advisera.com/9001academy/blog/2015/02/17/gap-analysis-vs-internal-audit-iso-9001//
  • Free Gap Analysis Tool - https://advisera.com/9001academy/iso-9001-gap-analysis-tool/
  • ISO 9001 Audit Checklist - https://advisera.com/9001academy/knowledgebase/iso-9001-audit-checklist/
  • How to create a checklist for an ISO 9001 internal audit for your QMS - https://advisera.com/9001academy/blog/2016/07/12/how-to-create-a-check-list-for-an-iso-9001-internal-audit-for-your-qms/ 
  • Free webinar on demand - How to perform an ISO 9001:2015 internal audit - https://advisera.com/9001academy/webinar/how-to-perform-an-iso-9001-2015-internal-audit-free-webinar-on-demand/
  • ISO 9001:2015 Lead Auditor Training Course - https://advisera.com/training/iso-9001-lead-auditor-course/
  • ISO Internal Audit: A Plain English Guide - https://advisera.com/books/iso-internal-audit-plain-english-guide/