Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11272 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
DPO, e-mail and transfer of data to third countries
If your company is under German law, you will apply German law and GDPR towards all your data processing activities no matter where your employees are located.
From a GDPR point of view, data processed by employees must comply with GDPR requirements wherever your employees are located. Therefore, you should consider your employee as a German or EU employee and require following the same data policy of your organization. This happens because GDPR compliance is an obligation of the data controller who must assess that everyone in its organization complies with it.
There are other aspects of the employment agreement (wage, illness, social security) which may differ from country to country, and for those, you should check with a labor lawyer.
-
ISO 9001 Paper procedures
Yes, you are right. Please check ISO 9001:2015 clause 7.5.3.2 a). Organizations should have a way of controlling distribution of, or access to, relevant quality management system documents. If documents are on paper, I recommend using a matrix that relates document identification, version, location and who has access to it. If documents are on a digital support, I still recommend the use of a matrix to relate document identification, version, and who has access to it. This is critical to ensure that paper documents are updated whenever there is a change in version and that people is informed of the change (for paper and digital documents).
You can find more information below:
- New approach to document and record control in ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/
- Some tips to make Document Control more useful for your QMS - https://advisera.com/9001academy/blog/2014/05/20/tips-make-document-control-useful-qms/
- Free online training ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- Book - Managing ISO Documentation: A Plain English Guide - https://advisera.com/books/managing-iso-documentation-plain-english-guide/
-
Recommendations regarding EU-US Privacy Shield
What recommendations would you suggest for a small/medium-sized business in light of the recent decision by the ECJ regarding the EU-US Privacy Shield?
The recent decision of the European Court of Justice (ECJ) has a huge impact on data transfer between the US and the EU. You cannot transfer data based on the decision of adequacy of the US Privacy Shield. Therefore, you need to find another legal ground for data transfer. Standard Contractual Clauses can be a solution.
The European Data Protection Board (EDPB) issued a FAQ on the implication on GDPR compliance of the ECJ solution and stated that the data controller must take additional measure to ensure the same level of protection of personal data assured by GDPR: https://edpb.europa.eu/news/news/2020/european-data-protection-board-publishes-faq-document-cjeu-judgment-c-31118-schrems_en
The main issue is that the US data controllers are forced to comply with US law which prevails over Standard Contractual Clause and Binding Corporate Rules (which is a solution for large companies and in some case medium-sized companies).
The EDPB concluded stating that the data controller should consider storing or processing data elsewhere than the US.
You can find more information about data transfer here:
- 3 steps for data transfers according to GDPR: https://advisera.com/articles/3-steps-for-data-transfers-according-to-gdpr/
You can consider enrolling in our free EU GDPR Foundations Course
- EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//
-
OBS recommendations
Now I understand your context much better.
First, find a way of incorporating your own QMS’s definition of OBS in your internal audit procedure and how to handle them, to avoid an NC during the 3rd part audit.
Second, with findings raised in your internal audit, you identified several “fruits” that you want to improve, but in your second question I believe you identified two important root causes that can help improve your QMS situation (I use the term root cause here as important NC):
- QMS did not fully implement
- Employees not fully aware of QMS and ISO 9001 req's
You could have raised these two NCs making the 18 findings as evidence that support their existence.
While your organization has to close those 18 findings, what can also be done to improve implementation and employee’s awareness about QMS and ISO 9001 req's? Employees don’t need to know everything about QMS and ISO 9001 req's, try to make a matrix about the relationship of employees, or groups of employees, or departments and QMS and ISO 9001 req's. Who can influence them? Whom they trust? What can be the benefits for them with certification? Please check if you can find any ideas here:
- Six Key Benefits of ISO 9001 Implementation - https://advisera.com/9001academy/knowledgebase/six-key-benefits-of-iso-9001-implementation/
- What are the benefits of ISO 9001 for your employees? - https://advisera.com/9001academy/blog/2016/06/14/what-are-the-benefits-of-iso-9001-for-your-employees/"
-
Competence, Training & Awareness
Your organization must be consistent. If your organization considers eco-friendly design solutions capabilities to be relevant, either to your business or to the relationship with the environment, then it makes perfect sense that this is an internal competence. In that case, that competence will be assessed in that clause.
You can find more information in the following links:
- ISO 14001 Competence, Training & Awareness: Why are they important for your EMS? - https://advisera.com/14001academy/blog/2014/11/26/iso-14001-competence-training-awareness-important-ems/
- Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
- Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/
-
Implementing QMS in a small factory
Smaller organizations (up to 50 employees) usually implement the standard in up to 8 months. When using our Documentation Toolkit, normally: companies of up to 10 employees - usually implement the standard in up to 3 months and companies of up to 50 employees - usually implement the standard in up to 6 months.
You can find detailed information about how to plan and implement a quality management system in the following links:
- Checklist of ISO 9001 implementation & certification steps - https://advisera.com/9001academy/knowledgebase/checklist-of-iso-9001-implementation-certification-steps/
- ISO 9001 Implementation diagram - https://info.advisera.com/9001academy/free-download/iso-9001-implementation-diagram
- Free webinar on demand - Overview of ISO 9001 implementation steps - https://advisera.com/9001academy/webinar/overview-of-iso-9001-implementation-steps-free-webinar-on-demand/
- Free webinar on demand - How to use a Documentation Toolkit for the implementation of ISO 9001 - https://advisera.com/9001academy/webinar/how-to-use-a-documentation-toolkit-for-the-implementation-of-iso-9001-free-webinar-on-demand/
- Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
-
Becoming a better-accredited auditor
If you are already a certified auditor, you can try to become better by performing more audits and reflecting about what went well and what can be improved. You can look for training to become lead auditor or improve areas where are your weak points.
You can find more information in the following links:
- ISO 9001:2015 Lead Auditor Training Course - https://advisera.com/training/iso-9001-lead-auditor-course/
- Book - ISO internal audit: A plain English guide: https://advisera.com/books/iso-internal-audit-plain-english-guide/
-
Corrective action and communication logs
I see organizations that start a new log every year and I see organizations that continue to use the same log year after year. It is up to each organization. Continuing to use the same log year after year, particularly on a digital format, allow you to easily look for trends.
Please check this information below with more detailed answer:
- How to structure ISO 14001 documentation - https://advisera.com/14001academy/blog/2016/11/28/how-to-structure-iso-14001-documentation/
- Free on-line training – ISO 14001:2015 Foundations- https://advisera.com/training/iso-14001-internal-auditor-course/
- Book - Managing ISO Documentation: A Plain English Guide - https://advisera.com/books/managing-iso-documentation-plain-english-guide/
-
Steps for obtaining CE certification or CE Mark
First, you need to define under which regulation you want and can certify your medical device: MDD 93/42/EEC or MDR 2017/745. Then you need to define which class your face masks are. Rules to define it, you can find on the following links:
- EU MDR Annex 8 Classification rules https://advisera.com/13485academy/mdr/classification-rules/
- Classification rules under the MDD you can find in Annex IX
Then you need to prepare the Technical documentation. Which documents are necessary to be in Technical file under the MDD you can find in Annex 1. Required technical documentation under the MDR you can fin in the
- EU MDR Annex 2 Technical documentation https://advisera.com/13485academy/mdr/technical-documentation/
- EU MDR Annex 3 Technical documentation on post-market surveillance https://advisera.com/13485academy/mdr/technical-documentation-on-post-market-surveillance/
For more information about MDR, please see the following articles:
- EU MDR Easy-to-understand basics https://advisera.com/13485academy/what-is-eu-mdr/
- How can ISO 13485 help with MDR compliance? https://advisera.com/13485academy/blog/2020/03/09/how-can-iso-13485-help-with-mdr-compliance/