Search results

ISO 9001 benefits, requirements and implementation

which business requires a QMS implementation

Answer:

Implementing a QMS is beneficial for any kind of organization. I dare say that every organization should have a QMS, some more complex and some more simple.

How QMS will be beneficial for my company

Answer:

Please check this article about the benefits of implementing a QMS - Six Key Benefits of ISO 9001 Implementation - https://advisera.com/9001academy/knowledgebase/six-key-benefits-of-iso-9001-implementation/

QMS requirements trending over the last 10/15 years

Answer:

I can remember the progress of the process approach and more recently the introduction of the risk-based approach

You can find more information below:

• Seven Quality Management Principles behind ISO 9001 requirements - https://advisera.com/9001academy/blog/2014/02/04/seven-quality-management-principles-behind-iso9001-requirements/
• Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
   

ISO 9001 principles, requirements and implementation

QMS principles?
Which business requires a QMS implementation?
How QMS will be beneficial for my company?
QMS requirements trending over the last 10/15 years?

ISO 9001 and setting quality objectives

Quality objectives should be a set of measurable challenges that stem from the quality policy. Good quality objectives stem from a good quality policy.

If a quality policy complies with ISO 9001:2015 clause 5.2.1 a) it will include challenges relevant for an organization. For example, an organization that competes on the market based on innovation may include in its quality policy the ability to:

• be the first to market with new innovative products,
• develop patents,
• improve brand awareness.

From there you can translate that into measurable objectives.

For example, an organization that competes on the market based on cost may include in its quality policy the ability to:

• be efficient,
• buy very well,
• comply with delivery dates

From there you can translate that into measurable objectives.

The following material will provide you more information:

• Article - How to define Key performance indicators for a QMS based ISO 9001: https://advisera.com/9001academy/24/define-key-performance-indicators-qms-based-iso-9001/-iso-9001/
• Article - How t write good quality objectives: https://advisera.com/9001academy/knowledgebase/how-to-write-good-quality-objectives/
• Article - What has changed with quality objectives in ISO 9001:2015: https://advisera.com/9001academy/blog/2018/05/08/what-has-changed-with-quality-objectives-in-iso-90012015/
• Article - Making the best out of ISO 9001 quality plan: https://advisera.com/9001academy/blog/2015/12/08/making-the-best-out-of-iso-9001-quality-plan/
• Free on-line course - ISO 9001:2015 Foundations Course: https://advisera.com/training/iso-9001-foundations-course/
• Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
   

ISO 14001 Setting up a management system

Since you are using the term automated, I assume that you are mentioning the use of the Documentation Toolkit.

According to Advisera’s experience

• Companies of up to 10 employees - up to 3 months
• Up to 50 employees - 3 to 6 months
• Up to 200 employees - 6 to 10 months
• More than 200 employees - 10 to 20 months

Please check this information below with more detailed answer:

• Free webinar on demand - How to use a Documentation Toolkit for the implementation of ISO 14001 - https://advisera.com/14001academy/webinar/how-to-use-a-documentation-toolkit-for-the-implementation-of-iso-14001-free-webinar-on-demand/
• List of ISO 14001 implementation steps - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/list-of-iso-14001-implementation-steps/
• ISO 14001:2015 Implementation diagram - https://info.advisera.com/14001academy/free-download/iso-14001-2015-implementation-diagram
• Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
• Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/

A.5 Information Security Policies

First of all, I'm sorry about this confusion.

Please note that the link between the controls from section A.5 and the documents in folder 08 Annex A is stated in the Statement of Applicability document, located on folder 06 Applicability of Controls:

• Implementation method for control A.5.1.1: "All policies referred to below in this column." (i.e. the Information Security Policy, and policies included in folder 08 Annex A)
• Implementation method for control A.5.1.2: "Each policy has a designated owner who has to review the document at planned interval

ISO 13485 implementation

The first thing I would do myself is to implement a general procedure to keep track of actions and agreements within the organization. I do not see it? Why? How to do it?

In ISO 13485:2016, there is no direct requirement to have a documented procedure to keep track of actions and agreements. In requirement 7.4.2 Purchasing information is stated there is a necessity for a written agreement that supplier. To the extent required for traceability given in 7.5.9, the organization shall maintain relevant purchasing information in the form of documents (see 4.2.4) and records (see 4.2.5). There fore, it is up to you how you will document this. You can write a procedure for managing outsourced processes where you will state methods and frequency of the control over the outsourced processes, or add this section in the Purchasing documented procedure.

Following article can provide you more information about critical suppliers:

• How can ISO 13485 clause 7.4, Purchasing, enhance procurement? https://advisera.com/13485academy/blog/2018/04/18/how-can-iso-13485-clause-7-4-purchasing-enhance-procurement/

You can see how our Quality Agreement for Critical Supplier looks like on the following link: https://advisera.com/13485academy/documentation/quality-agreement-for-critical-supplier/

We are a very small startup for a simple small noninvasive medical device. Both my partner and myself are very experienced in MRI (***), CT (***), etc, although it is 20 years since we worked in a QMS. I want to define Research and predevelopment as a process outside the QMS, then Design transfer to a clinical trial process and to subcontractors inside the QMS We will subcontract engineering/development, manufacturing, service, logistics to ISO13485 certified high-quality partners. We will have these partners audited regularly by consultants we contract and sign the audit reports ourselves after review. Can we somewhere buy a core (just enough) QMS that complies with ISO13485? Your toolkit is much more than we need, do you have a core toolkit as well?

Our ISO 13485:2016 is a basic toolkit that covers all mandatory documents required by the standard. You can buy the whole toolkit, or you can buy separately documents that you considered that you need. If you go to the end of this web page, you can see each document and purchased what is necessary for you: https://advisera.com/13485academy/iso-13485-documentation-toolkit/ 

But please be aware that no matter that you are outsourced some processes, you are still responsible for them. In the eyes of the auditor from the certification body, you need to have at least the list of the documents form the outsourced companies. All outsourced processes also need to be stated in the Quality manual together with the connection to your processes. 

For more information on controlling the outsourced processes using ISO 9001 see this article:

• How to control outsourced processes using ISO 9001 - https://advisera.com/9001academy/blog/2015/05/05/how-to-control-outsourced-processes-using-iso-9001/

Do you have a service that adapts your toolkit to our needs? Including filling in of company name etc.

When buying the toolkit, depending on the type of toolkit that you buy, you can get support in the following ways:

• 10 questions via email per month or Unlimited email support
• 1, 5, or 15 hours of one-on-one support with an ISO 13485 expert
• Expert review of 1, 5, or 15 completed documents
• Pre-audit check (1-hour call where we can check the most important items that the certification auditor will be looking for)

For more details about options when buying a toolkit, please see the following link - https://advisera.com/13485academy/iso-13485-documentation-toolkit/ and go to the end of the page.

ISO 9001 Internal Audit

I do not have all the information. One possible clause is 7.1.5.2 b).

The organization considered that calibration was relevant. The organization scheduled the calibration but then did not perform, did not ensure that equipment was calibrated.

You can find more information below:

• ISO 9001 audit checklist for laboratory - https://advisera.com/9001academy/blog/2018/09/04/iso-9001-audit-checklist-for-laboratory/
• Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
   

ISO 14001 Wastage of resources

You can start with clause 6.1.2, when you determine environmental aspects and impacts and you realize that, more than consumption, you have wastage of water. Then you can have clause 6.1.4 where you have an action plan to address that significant environmental aspect. That action plan may be translated into rules, good practices for operational control, clause 8.1.

Please check this information below with more detailed answer:

• 4 steps in identification and evaluation of environmental aspects - https://advisera.com/14001academy/knowledgebase/4-steps-in-identification-and-evaluation-of-environmental-aspects/
• What makes an environmental aspect significant in ISO 14001? - https://advisera.com/14001academy/blog/2015/03/09/what-makes-environmental-aspect-significant-in-iso-14001/
• Defining and implementing operational control in ISO 14001:2015 - https://advisera.com/14001academy/blog/2016/04/11/defining-and-implementing-operational-control-in-iso-140012015/140012015/
• Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
• Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/

ISO27001 - How to meet the requirement of A.17.1 and A.17.1.2

I'm assuming you are referring to controls A.17.1.1 and A.17.1.2.

Considering that, controls from ISO 27001 Annex A section A.17 (Information security aspects of business continuity management) aims to minimize risks that, in case of an event that disrupts business operations, the information will be kept protected, and operations that rely on them will be resumed as quickly as possible.

To show compliance with control A.17.1.1, an organization needs to identify and include information security requirements in its reparations for business continuity. To do that the organization should ensure that the information security requirements are included when planning for business continuity and disaster recovery. One way to do that is by performing a business impact analysis for information security aspects to verify if the information security requirements being covered in adverse situations.

To show compliance with control A.17.1.2, an organization needs to ensure processes, procedures, and controls required for information security are documented, implemented, and maintained. To do that the organization should:

• put in place a management structure to prepare for, mitigate and respond to a disruptive event using proper resources and competence;
• nominate competent personnel to manage incidents
• documented and approve plans, response and recovery procedures to handle incidents

This article will provide you a further explanation about business continuity for ISO 27001:

• How to use ISO 22301 for the implementation of business continuity in ISO 27001 https://advisera.com/27001academy/blog/2015/06/15/how-to-use-iso-22301-for-the-implementation-of-business-continuity-in-iso-27001/

This material will also help you regarding business continuity for ISO 27001:

• ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/