Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11269 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
ISO 9001 Organizational knowledge
That way you will answer to quadrants 1 and 2. If your organization operates in a stable sector that will be enough. However, if your organization operates in a dynamic sector perhaps your organization should consider some activities relevant for quadrants 3 and 4. For example, yearly meetings with innovative suppliers, or subscribing relevant technical journals or magazines.
-
ISO 9001:2008 vs ISO 9001:2015
ISO 9001:2008 is no longer the current standard. ISO 9001:2008 is outdated after September 2018 when the transition period for ISO 9001:2015 finished. So, I recommend to no longer use ISO 9001:2008.
-
ISO 9001 Detailed implementation plan
You can find detailed information about how to plan and implement a quality management system in the following links:
- Checklist of ISO 9001 implementation & certification steps - https://advisera.com/9001academy/knowledgebase/checklist-of-iso-9001-implementation-certification-steps/
- ISO 9001 Implementation diagram - https://info.advisera.com/9001academy/free-download/iso-9001-implementation-diagram
- Free webinar on demand - Overview of ISO 9001 implementation steps - https://advisera.com/9001academy/webinar/overview-of-iso-9001-implementation-steps-free-webinar-on-demand/
- Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
-
ISO 9001 Integrating live video when conducting virtual audits
You can use a tablet, or a smartphone, together with an application like Whatsapp, or Zoom or Skype.
You can find more information below:
- What are the benefits and barriers when performing remote audits? - https://advisera.com/articles/what-are-benefits-and-barriers-when-performing-remote-audits/
- Please find in this free webinar on demand - How to perform an internal audit remotely - https://advisera.com/9001academy/webinar/remote-internal-audit-free-webinar-on-demand/ a detailed explanation about how to remotely audit operations using a tablet, a smartphone, CCTV or a drone.
- ISO 9001:2015 Internal Auditor Course: https://advisera.com/training/iso-9001-internal-auditor-course/
- Book - ISO internal audit: A plain English guide: https://advisera.com/books/iso-internal-audit-plain-english-guide/
-
ISO 9001 Latest development related to Management System
I believe one of the latest developments related to the Management Systems certification domain is the use of remote audits in first stage certification audits and surveillance audits. However, to get a more detailed answer I recommend that you contact your certification body.
You can find more information below:
- How to choose a certification body - https://advisera.com/blog/2021/01/11/how-to-choose-an-iso-certification-body/
- Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- Book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
-
2.4 . 1 /2/3/4 Requirements for logging and monitoring
Controls A.12.4.1 (Event logging) and A.12.4.3 (Administrator and operator logs) are covered by the document Security Procedures for IT Department, located on folder 08 Annex A Security Controls >> A.12 Operations Security
To cover control A.12.4.2 (Protection of log information) you can use the document A.8.3 Information Classification Policy, located on folder 08 Annex A Security Controls >> A.8 Asset Management, to define rules according to the information classification of the log.
To cover control A.12.4.4 (Clock synchronization), you can use the Statement of Applicability, briefly explaining in the column "Implementation method" how the clock is synchronized.
This article will provide you a further explanation about log and monitoring:
- Logging and monitoring according to ISO 27001 A.12.4 https://advisera.com/27001academy/logging-according-to-iso-27001/
This material will also help you regarding log and monitoring:
- ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
-
ISO 9001 Internal and external issues
Organizations cannot think about the future without considering what is happening in its context, internal and external.
Consider the case of a company specialized in recruiting crews for:
- Cruises - Imagine the impact of the current pandemic in that company for the foreseeable future
- Cargo ships – Imagine the impact of the current protectionist trend among some countries, or the long-term impact of reshoring due to more relevance given to supply chain resiliency
These are examples of external issues that surely will affect future business opportunities. As an internal issue consider for example the difficulty of the same company to migrate operations to an online channel due to lack of know-how or resistance from staff.
You can find more information below:
- How to identify the context of the organization in ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/how-to-identify-the-context-of-the-organization-in-iso-90012015/
- Free webinar on demand - ISO 9001:2015 clause 4 - Context of the organization, interested parties, and scope - https://advisera.com/9001academy/webinar/iso-90012015-clause-4-context-of-the-organization-interested-parties-and-scope-free-webinar-on-demand/
- Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- Book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
-
Mandatory policies
ISO 27001 does not prescribe how to develop documents but is important to note that you are talking about different types of documents.
The Risk Assessment and Risk Treatment Methodology is a procedure (it defines how risk assessment and risk treatment are performed), developed once and updated as needed, while the Risk Treatment Plan and the Risk Assessment Report are records (the first contain the results of risk assessment and the second a summary of the risk assessment and treatment results), which can be generated multiple times and are not normally updated.
Considering that, procedures and records should not be merged in a single document, because of the dynamic nature of records (after some time you w.ould have an unmanageable document basically containing records).
Regarding the Risk Treatment Plan and the Risk Assessment Report, they are not normally merged because the report is a summary, and the Risk Treatment Plan is normally referred to as an annex for the Risk Assessment Report
These articles will provide you a further explanation about risk management and records management:
- ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
- Records management in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/11/24/records-management-in-iso-27001-and-iso-22301/
These materials will also help you regarding risk management and records management:
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/
-
Requirement of ISO 13485
If your device is a medical device according to the definition stated in the Medical device regulative (MDR 2017/745), then ISO 13485:2016 is applicable for you. ISO 13485:2016 is the only harmonized standard that is covering quality management system, and each manufacturer has an obligation to show compliance with applicable harmonized standards.
For the definition see:
- EU MDR Article 2 Definitions https://advisera.com/13485academy/mdr/definitions/
For the use of harmonized standard please refer to the following article
EU MDR Article 8 – Use of harmonized standards - https://advisera.com/13485academy/mdr/use-of-harmonised-standards/
If you need any help for the implementation of the ISO 13485:2016, these materials can help
- What is ISO 13485? - https://advisera.com/13485academy/what-is-iso-13485/
- Checklist of ISO 13485 implementation and certification steps - https://advisera.com/13485academy/knowledgebase/checklist-of-iso-13485-implementation-and-certification-steps/
- Six key benefits of ISO 13485 implementation - https://advisera.com/13485academy/knowledgebase/six-key-benefits-of-iso-13485-implementation/
You can see our ISO 13485:2016 DOcumentation toolkit on following link: https://advisera.com/13485academy/iso-13485-documentation-toolkit/
-
Is it possible for the company's internal lab to get ISO accreditation?
Yes indeed, any testing or calibration laboratory, irrespective of size can be accredited. In your case, the client is internal, I assume the production plant ? The benefits of accreditation apply for inhouse laboratories too. Some internal laboratories have larger risks to ensuring quality and safeguarding impartiality than commercial contract work laboratories, so this needs to be carefully addressed.
The following articles may be of interest:
Six key benefits of ISO 17025 implementation at https://advisera.com/17025academy/blog/2019/10/18/six-key-benefits-of-iso-17025-implementation/What is ISO 17025? at https://advisera.com/17025academy/what-is-iso-17025/
Also have a look at similar topics in the 17025 Expert Advice Community
ISO 17025 for internal quality control laboratory at https://community.advisera.com/topic/iso-17025-for-internal-quality-control-laboratory/
Assuring impartiality and confidentiality (for an internal laboratory) at https://community.advisera.com/topic/assuring-impartiality-and-confidentiality/