Search results

Organization structure chart

If by organization structure chart you mean a drawing representing authority relationship in an organization, you must be aware that ISO 9001:2015 has no requirement for the existence of an organization chart. Also, ISO 9001:2015 has no mandatory requirements for procedures. ISO 9001:2015 has no mandatory procedures. Please check this article - List of mandatory documents required by ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/

Auditing an organization requires checking evidences from reality against audit criteria. As audit criteria you will have ISO 9001:2015 requirements and any internal rules and procedures, written or not written according to clause 4.4.2.

You can start your audit preparation by asking the organization its mandatory documents and a list of internal rules or procedures. If the organization has nothing, perhaps it is best to perform a Gap Analysis instead of an internal audit.

You can find more information below:

• Gap analysis vs. internal audit in ISO 9001 - https://advisera.com/9001academy/blog/2015/02/17/gap-analysis-vs-internal-audit-iso-9001//
• Free Gap Analysis Tool - https://advisera.com/9001academy/iso-9001-gap-analysis-tool/
• ISO 9001 Audit Checklist - https://advisera.com/9001academy/knowledgebase/iso-9001-audit-checklist/
• How to create a checklist for an ISO 9001 internal audit for your QMS - https://advisera.com/9001academy/blog/2016/07/12/how-to-create-a-check-list-for-an-iso-9001-internal-audit-for-your-qms/ 
• Free webinar on demand - How to perform an ISO 9001:2015 internal audit - https://advisera.com/9001academy/webinar/how-to-perform-an-iso-9001-2015-internal-audit-free-webinar-on-demand/
• ISO 9001:2015 Lead Auditor Training Course - https://advisera.com/training/iso-9001-lead-auditor-course/
• ISO Internal Audit: A Plain English Guide - https://advisera.com/books/iso-internal-audit-plain-english-guide/
   

Workplace hazards

The current pandemic illness that is affecting people world wide is certainly a hazard that needs to be taken into account in the hazard assessment for the processes in a company. As such it can be considered an OH&S hazard, and should be included in updated process controls for working processes.

You can learn more about the hierarchy of controls in the article: 5 levels of hazard controls in ISO 45001 and how they should be applied, https://advisera.com/45001academy/blog/2015/09/02/5-levels-of-hazard-controls-in-iso-45001-and-how-they-should-be-applied/

Linking ISO 45001 to data management

Since ISO 45001 aligns with all the other ISO management system documents you will find the same requirements for controlling documented information in clause 7.5. The requirements here give requirements for controlling procedures and records as well as archiving, and are the same as other standards such as ISO 9001 and ISO 14001. As such you can have one process for documentation control for all management system standards.

You can read more about the documentation requirements changes in the article: New approach to ISO 145001 documentation, https://advisera.com/45001academy/blog/2018/03/13/new-approach-to-iso-45001-documentation/

Confidentiality, Integrity, and Availability

Please note that ISO 27001 specifies that the CIA is related to risks (6.1.2 c 1), and to consequences (6.1.2 d 1), not to assets. Considering that, when using asset-based Risk Assessment, you need to consider the CIA on the asset-threat-vulnerability set, and to consequences related to it.

When you talk about a risk-based Risk Assessment approach, I'm assuming you are referring to the description of a risk scenario (scenario-based). In this case, the CIA must refer to the described scenario and related consequences, while that in a process-based Risk Assessment approach the CIA must refer to the defined process and related consequences.

For example:

• For asset-based:  paper document - fire - the document is not stored in a fire-proof cabinet (affects availability)
• For scenario-based: Data leak with impact on regulatory compliance occurring once every five years (affects confidentiality)
• For process-based: Payment process failure, resulting in people receiving wrong values (affects integrity)

For further information, see:

• ISO 27001 risk assessment: How to match assets, threats, and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/

Data to information

Some examples of data being converted to information can be:

Product quality control results after comparing them with specifications become conforming or non-conforming products.
Design and development verification results after comparing with specifications become conforming or non-conforming designs.

So, data is about facts related with something. Facts are neutral. Then, after comparing facts with some rules, they acquire meaning. They become data.

You can find more information below:

• Analysis of data obtained from Monitoring and Measurement - https://advisera.com/9001academy/blog/2014/04/22/analysis-data-obtained-monitoring-measurement/
• Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
   

COVID -19 and ISO 9001 policy, processes and procedures

Normally, organizations do not make changes in policies and processes due to COVID-19. What I see is organizations making changes in procedures because they change the way they do some activities.

You can see more information below:

• Free webinar – How to perform an internal audit remotely - https://advisera.com/9001academy/webinar/remote-internal-audit-free-webinar-on-demand/
• Free webinar – How to use ISO 9001 to control operations during the pandemic - https://advisera.com/9001academy/webinar/how-to-use-iso-9001-to-control-operations-during-the-pandemic-free-webinar-on-demand/

Implementando la lista de verificación de códigos

Como implementaría la lista de verificación de códigos de documentos en una empresa?

Parameters for clean room

Cleanrooms are classified according to the cleanliness level of the air inside them. The cleanroom class is the level of cleanliness the room complies with, according to the quantity and size of particles per volume of air. 

All necessary information regarding cleanroom technology you can find in the following standards:

• ISO 14644-1:2015 Cleanrooms and associated controlled environments — Part 1: Classification of air cleanliness by particle concentration - This standard includes the cleanroom classes ISO 1, ISO 2, ISO 3, ISO 4, ISO 5, ISO 6, ISO 7, ISO 8 and ISO 9, with ISO 1 being the “cleanest” and ISO 9 the “dirtiest” class (but still cleaner than a regular room). The most common classes are ISO 7 and ISO 8.
• ISO 14644-2:2015 Cleanrooms and associated controlled environments — Part 2: Monitoring to provide evidence of cleanroom performance related to air cleanliness by particle concentration
• ISO 14644-3:2019 Cleanrooms and associated controlled environments — Part 3: Test methods

• ISO 9001 typical objectives

  Quality objectives must be aligned with the quality policy and must be built upon the SMART framework.

  Examples of quality objectives can be:

  • Improve customer satisfaction level to no less than 80% in the next 18 months
  • Reduce customer complaints by 10% in the next 12 months
  • Meet deadlines agreed with the client at least in 85% of cases in the next 12 months
  • Pass all round-robin tests in the next 18 months without any non-conformity

  The following material will provide you more information:

  • How to define Key performance indicators for a QMS based ISO 9001: https://advisera.com/9001academy/24/define-key-performance-indicators-qms-based-iso-9001/-iso-9001/
  • How t write good quality objectives: https://advisera.com/9001academy/knowledgebase/how-to-write-good-quality-objectives/
  • Free webinar on demand - Measurement, analysis, and improvement according to ISO 9001:2015 -
    https://advisera.com/9001academy/webinar/measurement-analysis-and-improvement-according-to-iso-9001-2015-free-webinar/
  • Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
  • Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

• ISO 9001 processes and procedures in certification

  First, process and procedure are two different things. A process is a set of activities that convert inputs into outputs. A process is represented by a verb because process is transformation, process is action. A procedure is a description of what to do or how to do it.
  You do not need a procedure to describe every process or every job your organization does.

  ISO 9001:2015 has no mandatory procedures. Please check this article - List of mandatory documents required by ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/ 
  Please also take a look at clause 4.4.2 – It is up to each organization to decide which procedures are useful and should be developed. More complex organizations, or organizations with less training, or organizations with more staff turnover, normally decide to develop more procedures.

  You can find more information below:

  • ISO 9001:2015 process vs. procedure – Some practical examples - https://advisera.com/9001academy/blog/2016/01/19/iso-90012015-process-vs-procedure-some-practical-examples/
  • Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
  • Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/