Search results

Are flowcharts mandatory for every process?

No, there is no strict requirement to have flowcharts for every single process. In ISO 13485:2016 requirement 4.1.2 is stated that organization shall determine the sequence and interaction of the processes. So, flowchart is only one ways to do that. If you can prove that you have determine sequence and interaction on some other ways, it is apsolutly acceptable. 

More information regarding this topic you can find on the following links:

• How to structure Quality Management System documentation according to ISO 13485 https://advisera.com/13485academy/knowledgebase/how-to-structure-quality-management-system-documentation-according-to-iso-13485/

• ISO 9001: The importance of the process approach https://advisera.com/9001academy/blog/2015/12/01/iso-9001-the-importance-of-the-process-approach/

• How links between processes can increase level of quality https://advisera.com/9001academy/blog/2015/04/07/how-links-between-processes-can-increase-level-of-quality/

• Analysis with each standard and implementation

  I'm assuming you want to know what you need to evaluate to know how to charge for a diagnostic against a standard and for its implementation.

  Considering that, when acting as a consultant, you normally charge per hour or per day - for a diagnostic against a standard it is usually per day, and for standard implementation, it is usually per hour.

  To calculate the amount of time you'll need for a diagnostic, you have to know the following:

  • Are you going to perform the interviews with all the department heads, or are they going to fill out the diagnostic sheets themselves
  • Are you going to perform a deep analysis of documentation and controls or not

  To calculate the amount of time you'll need for implementation, you have to know the following:

  • Are you going to perform an active role in the implementation, or are they going to  act as a support role
  • Are you going to participate in determining the security controls, or will the client do this on their own
  • Which documents should you write

  By the way, as part of our ISO 27001 Consultant Toolkit https://advisera.com/27001academy/consultants/ you'll find a document called "Division of tasks & time plan" which describes all the implementation tasks in more detail, together with the expected timing for each.

  In the book Secure & Simple you'll find a detailed explanation of the steps in the implementation: https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/

  This article may also help you:

  • 3 phases of delivering an ISO 27001/ISO 22301 consulting job https://advisera.com/27001academy/blog/2015/09/28/3-phases-of-delivering-an-iso-27001iso-22301-consulting-job/

• Vulnerabilities

  When performing risk assessment you need to consider both situations: vulnerabilities you know are already in place, and vulnerabilities that can happen in the future, provided they are relevant to the scope of your ISMS.

  In case you have UPS, fire extinguisher, and fire protection, what happens is that the impact and/or likelihood value will be smaller and the risks may become acceptable, but if they are relevant to your context, you need to keep them in the risk assessment, so you can keep track of them, because in case you do not keep them in the risk assessment and the situation changes, the risks may rise to unacceptable levels and you will not know it.

  This article will provide you a further explanation about estimating risks:

  • How to assess consequences and likelihood in ISO 27001 risk analysis https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#assessment

• Should the champions be the head of departments?

  ISO 27001 does not prescribe roles for information security, so you can appoint any role in your organization, provided they are invested with the needed responsibilities and authorities to make information security work.

  Considered your situation, the head of departments should be your first choice, but an alternative would be people designated by them, with the needed authorities.

  This article will provide you a further explanation about roles and responsibilities:

  • Roles and responsibilities of top management in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/06/09/roles-and-responsibilities-of-top-management-in-iso-27001-and-iso-22301/

• ISO 9001 Consultant

  1.Which training courses and test are required to be completed for this?

  Answer:

  In most countries there are no formal requirements to be a consultant. If you have experience of working with ISO 9001 you can start working as consultant. Of course, it is important to be able to evidence knowledge, experience and competence.

  2. Do the QMS accreditation bodies have a franchising system? If so what are the requirements and cost?

  Answer:

  I’m not aware of any accreditation bodies’ franchising system

  3. what is the difference between ISO consultant/ ISO franchisee/ISO lead auditor primarily in field of education?

  Answer:

  As ISO consultant you will work with organizations helping them implement and or maintain their quality management system. As ISO lead auditor you will work for a certification body, leading an audit team during third party audits. You can start working as consultant right away, as long as you win clients. To start working as lead auditor you have to evidence some experience as internal auditor and being able to start working for a certification body.

  You can find more information below:

  • How to choose the most appropriate training - https://advisera.com/training/compare/
  • How to become an ISO 9001 consultant - https://advisera.com/9001academy/blog/2016/11/15/how-to-become-an-iso-9001-consultant/
  • How to sell your ISO 9001 consulting services - https://advisera.com/9001academy/blog/2017/06/20/how-to-sell-your-iso-9001-consulting-services/
  • Free webinar on demand – How to sell ISO consulting services - https://advisera.com/9001academy/webinar/how-to-sell-iso-consulting-services-free-webinar-on-demand/
  • Enroll for free course - ISO 9001:2015 Lead Implementer Course - https://advisera.com/training/iso-9001-lead-implementer-course/
  • Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

• ISO 9001 Sample registration form

  Unfortunately, I cannot provide here a sample change registration form. Please consider the usefulness of developing a change registration form where someone requests a change, explains the motivation. Someone should evaluate the implications of that request and expected results. Someone with authority should approve that change. Someone should confirm that changes were made and someone should report the results of those changes.

  The following material will provide you more information:

  • The ISO 9001 Design Process Explained - https://advisera.com/9001academy/blog/2013/11/05/iso-9001-design-process-explained/
  • About conducting design and development reviews consider - ISO9001 Design Verification vs Design Validation - https://advisera.com/9001academy/knowledgebase/iso9001-design-verification-vs-design-validation/
  • ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/

• ISO 9001 Implementing Managment Quality and Risk-based thinking

  Risk-based thinking is a great way of implementing quality management into the everyday work life of every employee within an organization. ISO 9001:2015 promotes the process approach and in this free webinar on demand - The Process Approach - What it is, why it is important, and how to do it - https://advisera.com/9001academy/webinar/iso-9001-process-approach-free-webinar-on-demand/ I show how to relate processes, risks, training, documentation and control. You can start by mapping your processes. Then, for each process, draw it with a flowchart and ask: what can go wrong?

  

  In the picture above the blue boxes are examples of what can go wrong. The yellow boxes are examples of what was decided to handle those risks – new activities, control plans, new documentation.

  Then, for each flowchart you can see who participates:

  

  Now, for each step, considering risks and answers to them, you can design the organizational knowledge required:

  

  You can find more information below:

  • How to manage knowledge of the organization according to ISO 9001 - https://advisera.com/9001academy/blog/2016/08/30/how-to-manage-knowledge-of-the-organization-according-to-the-iso9001/
  • Using Competence, Training and Awareness to Replace Documentation in your QMS - https://advisera.com/9001academy/blog/2013/12/17/using-competence-training-awareness-replace-documentation-qms/
  • Risk-based thinking replacing preventive action in ISO 9001:2015 – The benefits - https://advisera.com/9001academy/knowledgebase/risk-based-thinking-replacing-preventive-action-in-iso-90012015-the-benefits/
  • How to address risks and opportunities in ISO 9001 - https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
  • Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
  • Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ - where I extensively use the process approach.

• ISO 9001 Evaluation of the effectiveness of training

  Can i request for a sample template for evaluating of training effectiveness

• Managing ISO 9001 for Medical Device Distributors who are not manufacturers

  You can implement ISO 9001 if you are a Medical Device Distributor. However, Medical device regulative MDR 2017/745, which takes full effect on May 2021, has described in Article 14 General obligations of the distributors https://advisera.com/13485academy/mdr/general-obligations-of-distributors/ 

  Further, in Article 16 Cases in which obligations of manufacturers apply to importers, distributors, or other persons, it is stated in point 3 that distributors shall ensure to have in place a quality management system. The quality management system shall cover, among others, procedures which ensure that the translation of information with the manufacturer is accurate and up-to-date, and procedures ensuring that the distributor is informed of any corrective action taken by the manufacturer in relation to the device in question in order to respond to safety issues or to bring it into conformity with this Regulation.

  Also, manufacturers need to be in compliance with harmonized standards published by the Offical Journal of European Union as described in Article 8. On that list, the only standard that covers the quality management system is ISO 13485:2016 so it is expected that all manufacturers have implemented this standard.;

  For more information, please see the following:

  • EU MDR Article 8 Use of harmonized standards - https://advisera.com/13485academy/mdr/use-of-harmonised-standards/
  • List of the harmonized standard https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:L:2020:090I:TOC

  To understand what harmonized standards are, please see the article:

  • What are EU harmonized standards? https://advisera.com/13485academy/blog/2020/06/12/what-are-eu-harmonized-standards/

  For more information regarding ISO 13485 please see the following links:

  • What is ISO 13485? - https://advisera.com/13485academy/what-is-iso-13485/
  • Six key benefits of ISO 13485 implementation - https://advisera.com/13485academy/knowledgebase/six-key-benefits-of-iso-13485-implementation/
  • Checklist of ISO 13485 implementation and certification steps - https://advisera.com/13485academy/knowledgebase/checklist-of-iso-13485-implementation-and-certification-steps/
  • EU MDR Article 16 Cases in which obligations of manufacturers apply to importers, distributors or other persons https://advisera.com/13485academy/mdr/cases-in-which-obligations-of-manufacturers-apply-to-importers-distributors-or-other-persons/
  • Similarities and differences between ISO 9001:2015 and ISO 13485:2016 https://advisera.com/9001academy/blog/2015/01/21/iso-9001-vs-iso-13485/

  • 27001 or NIST for Local Bank

    thank for your reply, this is what i need for my guidance.