Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11269 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
ISO 9001 Effectively auditing training and skills development
How to effectively audit training and skills development?
Answer:
You can have two kinds of audits: conformance or performance audits.
With conformance audits you want to check if the standard and or internal procedures are followed.
With performance audits you want to check if the training and skills development investments are effective. For example, your organization may provide training to reduce product nonconformity or improve productivity. Your performance audit can check if actually training had any impact on product nonconformity levels or productivity levels.
What would be the audit criteria?
Answer:
For conformance audits you have as audit criteria, the standard and your organization’s internal procedures. For performance audits you have as audit criteria the training objectives.
Should there be a training plan in addition to training records?
Answer:
Although not mandatory according to ISO 9001:2015 it is a good practice that I recommend
The following material can provide more information
- ISO 9001 internal auditor training: Is it for me? - https://advisera.com/9001academy/blog/2015/06/02/iso-9001-internal-auditor-training-is-it-for-me/
- Free online training ISO 9001:2015 Internal Auditor Course: https://advisera.com/training/iso-9001-internal-auditor-course/
- Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
-
ISMS scope - IT admins out of the scope?
1. We want to restrict the scope to one software support service only. There are about 100 employees working on this support service with customers. Could we define the Scope as a service?
ISO 27001 ISMS scope can be defined in terms of locations, information, business units, of processes to be protected, so you can define a single software support service as your ISMS scope.
For further information, see:
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
2. There are 5 office locations. Should we name exact addresses or just cities?
You need to identify the exact addresses of each office location from where the software support service is provided.
3. There are two servers in the cloud for the service, they are administered by our IT admins, so they are asset owners for them. The question is: can IT system administrators be not in the scope? Or should all the assets/asset owners be in the scope?
You can define the IT system administrators as out of scope, but you need to evaluate if this separation is worth the effort (since they administrate assets that are part of the service, you would need to treat them as an external supplier for your ISMS scope).
For further information, see:
- Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/
-
Conducting ISO 27001 to multiple organizations from one platform
ISO 27001 does not prescribe how to manage information security in multiple organizations, so you can manage them using a single platform. But is important to note that you need to ensure that the specifics in the implementation of each organization are clearly identified and separated.
For example, you may have the same control (e.g., access control) implemented in different ways in several organizations, and your platform needs to help you track this condition, so activities like internal audit and management review can work on the real situation of each organization.
-
Security policies for cloud environment
To see how policies which cover security requirements for cloud services and privacy on the cloud looks like, I suggest you take a look at the free demo of our ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit at this link: https://advisera.com/27001academy/iso-27001-iso-27017-iso-27018-cloud-documentation-toolkit/
This article will provide you a further explanation about ISO 27017 and ISO 27018:
- ISO 27001 vs. ISO 27017 – Information security controls for cloud services https://advisera.com/27001academy/blog/2015/11/30/iso-27001-vs-iso-27017-information-security-controls-for-cloud-services/
- ISO 27001 vs. ISO 27018 – Standard for protecting privacy in the cloud https://advisera.com/27001academy/blog/2015/11/16/iso-27001-vs-iso-27018-standard-for-protecting-privacy-in-the-cloud/
-
Responsibilities of top management
Top management responsibilities are the main topic of ISO 14001:2015 clause 5.1 Leadership and commitment but in reality, it is spread all over the standard.
Who is best suited to determine context, interested parties and scope?
Who is best suited to design an environmental policy and allocate responsibilities and authorities?
Who is best suited to determine environmental objectives?
Who is best suited to evaluate the EMS performance?
Who is best suited to review the management system?
Please check this information below with more detailed answer:
- How to demonstrate leadership according to ISO 14001:2015 - https://advisera.com/14001academy/blog/2015/10/05/how-to-demonstrate-leadership-according-to-iso-140012015/
- What are the responsibilities of top management in the EMS according to ISO 14001:2015? - https://advisera.com/14001academy/blog/2016/01/18/what-are-the-responsibilities-of-top-management-in-the-ems-according-to-iso-140012015/
- Free on-line training – ISO 14001:2015 Foundations- https://advisera.com/training/iso-14001-internal-auditor-course/
- The ISO 14001:2015 companion - https://advisera.com/books/the-iso-14001-2015-companion/
-
Information on product and packaging labels
Yes, I agree that product label does not contain only UDI information. However, there is no requirement both in ISO 13485:2016 and in MDR 2017/745 to have a procedure for labelling.
Information that need to be on the label and Instruction of use are descibed in MDR 2017/745 in General safety and perfromence requirements, Annex I – in Chapter III REQUIREMENTS REGARDING THE INFORMATION SUPPLIED WITH THE DEVICE. - https://advisera.com/13485academy/mdr/general-requirements
In Article 7 Claims you can see information how clains for intended use are supposed to be stated. https://advisera.com/13485academy/mdr/claims/
-
ISO 9001 internal audit in e-Commerce industry
How to do internal audit of ISO 9001 ? I need case studies in E-Commerce industry
-
Is 13485 Mandatory for making IR Thermometer?
1. Is 13485 Mandatory or ISO 9001 With the scope covering IR Thermometer enough?
All medical devices must be in compliance with harmonized standards. In MDR, in Article 10 General obligations of manufacturers, it is stated that the manufacturer must have implemented a quality management system. The list of harmonized standards is published by Official Jurnal of the European Union. On this list, ISO 13485:2016 is the only standard covering quality management system, therefore it is expected for manufacturers to have implemented ISO 13485:2016.
For more data, please see the following links:
- EU MDR Article 8 – Use of harmonized standards https://advisera.com/13485academy/mdr/use-of-harmonised-standards/
- EU MDR Article 10 – General obligations of manufacturers https://advisera.com/13485academy/mdr/general-obligations-of-manufacturers/
- What are EU harmonized standards? - https://advisera.com/13485academy/blog/2020/06/12/what-are-eu-harmonized-standards/
- Link to the harmonized standards published by EU https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:L:2020:090I:TOC
2. Is 13485 Certification mandatory to obtain the CE Mark?
No, neither in MDD (93/42/EEC) nor MDR (2017/7450), there is no direct requirement that manufacturers need to be certified according to the ISO 13485:2016. The requirement is only to have implemented a quality management system as is explained in the previous answer.
If you need any help for the implementation of the ISO 13485:2016, these materials can help:
- What is ISO 13485? - https://advisera.com/13485academy/what-is-iso-13485/
- Checklist of ISO 13485 implementation and certification steps - https://advisera.com/13485academy/knowledgebase/checklist-of-iso-13485-implementation-and-certification-steps/
- Six key benefits of ISO 13485 implementation - https://advisera.com/13485academy/knowledgebase/six-key-benefits-of-iso-13485-implementation/
You can see our ISO 13485:2016 Documentation toolkit on the following link: https://advisera.com/13485academy/iso-13485-documentation-toolkit/
-
ISO 9001 Generating Supplier Contracting Process
How does the process start? With the need for contracting a supplier? Who has that initial need?
How does the process end? With a new contracted supplier?
What are the main steps from start-to-end?
Identifying the need?
Determining the requirements for the supply?
Determining the requirements for the supplier?
Contacting potential suppliers
Receive and evaluate proposals?
Visit and or audit them?
Signing a contract?
Then write the process sequence and responsibilities and authorities.
The following material can provide more information:
- ISO 9001 document template: Procedure for Purchasing and Evaluation of Suppliers - https://advisera.com/9001academy/documentation/procedure-purchasing-evaluation-suppliers/
- How to evaluate supplier performance according to ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/10/27/how-to-evaluate-supplier-performance-according-to-iso-90012015/
- Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
-
ISO 9001 SME challenge
Unfortunately, Advisera has no case study about that relationship. However, I would like to invite you to a thought exercise.
Productivity is a ratio. So, one can improve productivity either by increasing the numerator (higher value added, higher margins), or either by decreasing the denominator (reducing costs, improving efficiency)?
Consider this scenario as an example:
Now, for each process, determine the functions that participate and what activities contribute the most to productivity and design a job description with the relevant competence criteria. Please check this technique presented on this free webinar on demand - The Process Approach - What it is, why it is important, and how to do it - https://advisera.com/9001academy/webinar/iso-9001-process-approach-free-webinar-on-demand/ - particularly slides 13-15.
The following material will provide you more information about competency and the process approach:
- How to ensure competence and awareness in ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/how-to-ensure-competence-and-awareness-in-iso-90012015/
- Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ - where I extensively use the process approach.