Search results

Documenting clauses 4.1 and 4.2

According to ISO 9001:2015 it is not mandatory to keep documented evidence of how an organization has considered clauses 4.1 and 4.2. However, most organizations decide, and I recommend it too, to document their external and internal issues and interested parties. Normally, this can be documented with the minutes of a meeting where the topic was addressed, and the conclusions and decisions are recorded. Where there is no documented evidence, I try to use corroboration as a technique during my audits. Asking several people, at different levels in the organization hierarchy and in different places, at different times, the same question and compare their responses.

You can find more information below:

• List of mandatory documents required by ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/
• ISO 9001:2015 Lead Auditor Training Course - https://advisera.com/training/iso-9001-lead-auditor-course/
• Book - ISO internal audit: A plain English guide: https://advisera.com/books/iso-internal-audit-plain-english-guide/

ISO 14001 findings

The most common nonconformities found by third party certification auditors during ISO 14001 audits are around compliance obligations, operational control and document management, according to my experience.

Please check this information below with more detailed answer:

• What is ISO 14001? - https://advisera.com/14001academy/what-is-iso-14001/
• 6 Key Benefits of ISO 14001 - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/6-key-benefits-of-iso-14001/
• ISO 14001: The benefits for customers - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/
• Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
• Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/

ISO 9001 and legal, statutory and regulatory requirements

Please, consider clause 0.4 from ISO 9001:2015. The standard does not include requirements about finance, labor laws, health and safety, environment, and others. During an ISO 9001:2015 audit legal, and statutory regulatory requirements are about the product. For example, a car has to comply with a set of specifications and regulations set by standards and country legislation. For example, if your organization builds houses it has to comply with national regulation about houses as a product. For example, organizations manufacturing bricks in Europe have to comply with CE marking regulation, that means that the product, the bricks, have to comply with regulation and standards establishing minimum performance levels.

You can find more information below:

• What does “external documents control” mean in ISO 9001? - https://advisera.com/9001academy/blog/2019/02/04/what-does-external-documents-control-mean-in-iso-9001/
• How to include statutory and regulatory requirements in your QMS - https://advisera.com/9001academy/blog/2017/02/14/how-to-include-statutory-and-regulatory-requirements-in-your-qms/
• Free on-line course - ISO 9001:2015 Foundations Course: https://advisera.com/training/iso-9001-foundations-course/
• Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
   

Implementing ITIL in SME

Following article contains more details about starting ITIL implementation (including pre-implementation consideration) "Ready, steady… go – Starting ITIL implementation" https://advisera.com/20000academy/blog/2014/06/10/ready-steady-go-starting-itil-implementation/

Also, our free webinar can help you with more practical details "How to use a Documentation Toolkit for the implementation of ITIL / ISO 20000" https://advisera.com/20000academy/webinar/how-to-use-a-documentation-toolkit-for-the-implementation-of-itil-iso-20000-free-webinar-on-demand/

ISO 14001 gaps

Finding gaps is an important task when one wants to implement an environmental management system. You can use our free ISO 14001 Gap Analysis Tool to help define the gap between your present EMS and the requirements of the ISO 14001:2015 standard?

Please check this information below with more detailed answer:

• Is a gap analysis desirable for ISO 14001 implementation? - https://advisera.com/14001academy/blog/2016/11/14/is-a-gap-analysis-desirable-for-iso-14001-implementation/
• Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
• Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/

Cross-mapping ISO 13485, ISO 15189 and other accreditation and regulatory Canadian standards

It is really hard work, but I think it is doable. Since both standards are similar to ISO 9001:2008, maybe that is the starting point.

Following articles can be helpful:

• Similarities and differences between ISO 9001:2015 and ISO 13485:2016 https://advisera.com/9001academy/blog/2015/01/21/iso-9001-vs-iso-13485/
• ISO 13485:2016 vs. ISO 13485:2003 matrix - https://info.advisera.com/13485academy/free-download/iso-13485-2016-vs-iso-13485-2003-matrix
• ISO 17025 vs. ISO 9001 – Main differences and similarities - https://advisera.com/17025academy/blog/2019/07/11/iso-17025-vs-iso-9001-main-differences-and-similarities//

• Best approach to comply with clause 4.4.1.2

  Since the product design belongs to the customer; you are exempt from the preparation of the product drawing and design FMEA, as specified in article 4.4.1.2 of the IATF 16949: 2016 standard. Except for those you are exempt from; You should take the subjects '' a '' to '' m '' specified in 4.4.1.2 of IATF 16949: 2016 standard into your quality system.

  For example, if I give an example of product safety and critical characteristics, Product safety characteristics affect product design and/or production process design. The issue of product safety is related to special characteristics and product safety characteristics are very important for the design and production of products. These important requirements are determined during the product and production design process.

  For example, material hardness and tensile stress are very important safety characteristics for the durability of brake parts. These characteristics come from product design specifications, product drawing, and design FMEA.Since the design is the responsibility of the customer, the customer should show the technical drawing. But in addition, the hardness of the material is also affected by the heat treatment conditions in production, production parameters such as temperature and time. Thus, production parameters such as temperature and time of heat treatment are the subject of product safety and they are also special characteristics related to safety for brake parts. Another example is the tightening torque amount for seat manufacturing and seat assembly process. Screw tightening torque is also safety characteristics and can be affected by the wrong set up of production or not calibration of torque meter, both of the causes may come from the production process.

  Critical characteristics of the product and production process; it is defined by legal regulations, security, and significant important critical characteristics.  All these characteristics have different symbols according to customer-specific requirements as (R/S, CC, SC)

  All these characteristics come from legal regulations, product drawings, product specifications, and production parameters that affect the health of production operators and the durability of products.

   According to the IATF 16949 standard, Product Safety is relating to the design and manufacturing of products to ensure they do not represent harm or hazard to customers. As you know customers are regulations, end-users (driver and passenger), OEM plants, the other manufacturing plants, and production operators. 

  All these requirements must be transferred via product drawing, material specification, DFMEA, PFMEA, Control Plan, etc to the entire supply chain, and the entire supply chain must comply with the product and production-specific characteristics for product safety. 

  For more information, please read the following article:

  • Ensuring product safety according to IATF 16949 https://advisera.com/16949academy/blog/2017/09/20/ensuring-product-safety-according-to-iatf-16949/ 

  • GDPR data in Azure

    GDPR leaves upon the data controller any decision about how to store personal data as long as security measures are taken.Microsoft Azure, as well as many big tech players, is making a great effort to provide GDPR compliant cloud solution and guidelines to its customers that you can follow here: https://azure.microsoft.com/en-in/blog/protecting-privacy-in-microsoft-azure-gdpr-azure-policy-updates/

    There are also guidelines for GxP compliance here: https://azure.microsoft.com/en-us/blog/new-azure-gxp-guidelines-help-pharmaceutical-and-biotech-customers-build-gxp-solutions/

    You can consider enrolling in the EU GDPR Foundation Course:EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

  • Communication Security

    I'm assuming your organization is using outsourced cloud services.

    Considering that, you can exclude controls only if you do not have relevant risks that can be treated by them, and there are no legal requirements (e.g., laws, regulations, or contracts). For example, the organization needs to implement a control to fulfill GDPR, or there are relevant risks related to information backup.

    When using outsourced cloud services, you can verify if the provider has implemented such controls. In case they did, define in Statement of Applicability that the required controls are implemented by the provider.

    This article will provide you a further explanation about supplier management:

    • 6-step process for handling supplier security according to ISO 27001 https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/

  • ISO 9001 + 27001 + 22301 implementation

    1. I would like to implement ISO 9001 + 27001 (+ 27002 + 27031) + 22301 (+22313) all at the same time within the same company. I know there is quite a lot of overlap between these standards, but what would you advise we use as a starting point? Should we start with 9001 and add-on all of the additional requirements from the other standards? or start with 27001 ... ? What would you recommend?

    The order of implementation will depend on your needs:

    • if your priority is to ensure customer satisfaction, then you should use it as a starting point a QMS.
    • if your priority is information protection, then you should use as a starting point an ISMS.
    • if your priority is to ensure processes and services delivery under disruptive conditions, then you should use as a starting point a BCMS.

    These articles will provide further information:

    • Using ISO 9001 for implementing ISO 27001 https://advisera.com/27001academy/blog/2010/03/08/using-iso-9001-for-implementing-iso-27001/
    • What to implement first: ISO 22301 or ISO 27001? https://advisera.com/27001academy/blog/2017/04/03/what-to-implement-first-iso-22301-or-iso-27001/
    • How to implement integrated management system https://advisera.com/articles/how-to-implement-integrated-management-systems/

    2. Is there some sort of overview available of the overlap and differences between these standards?

    These materials will provide information about overlaps:

    • ISO 27001 vs. ISO 22301 matrix (PDF) https://info.advisera.com/27001academy/free-download/iso-27001-vs-iso-22301-matrix
    • ISO 27001 vs. ISO 9001 matrix (PDF) https://info.advisera.com/9001academy/free-download/iso-9001-2015-vs-iso-27001-2013-matrix