Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • ISO 9001 maintenance

    Two recommendations:

    • Improving the quality management system, making it more natural, and less an extra-work thing, simplifying it;
    • Improving performance to provide additional motivation to keep and maintain the quality management system.

    The following material will provide you more information:

     

  • Nonconformities and corrections identified during and audit

    ISO 27001 does not prescribe how to develop documents, so you can record nonconformities and corrections in the same document that you are using to capture risks, but we do not recommend such an approach.

    The reason is that, if nonconformities and risks are in the same document, persons looking for one type of information would have unnecessary access to the other and this can compromise confidentiality.

    Moreover, risks and nonconformities are very different types of information, and this is also why it makes sense to keep them separate. 

    This article will provide you a further explanation about records management:

    These materials will also help you regarding records management:

  • Environmental Objectives

    As far as I understand your question, you are asking for examples of environmental objectives.

    For example, for a Construction company you can think about:

    • Reducing waste sent to landfills
    • Reduce hazardous waste production
    • Increasing waste recycling
    • Reduce water consumption at each construction site
    • Reduce CO2 emissions from transport used for each construction site 

    For each objective you have to set clear targets and time frame. For example: Reducing waste sent to landfills, can become – Reuse at least 50% of demolition waste during the year of 2021. – Responsibility – Person A

    Please check this information below with more detailed answers:

  • Clause 6.1

    Clause 6.1 is about determining risks and opportunities and evaluate its importance to decide about the need to develop action plans.

    For example, an organization while updating the context analysis (clause 4.1) determined some internal and external issues with positive and negative connotations:

    https://www.screencast.com/users/ccruz5284/folders/Default/media/1422e636-b65b-4115-9ff4-a20a27cd19f6

    Then, they started to make combinations between:

    1. Strengths and Opportunities
    2. Strengths and Threats
    3. Weaknesses and Opportunities
    4. Weaknesses and Threats 

    They determined

    1. Develop innovative products to take advantage of the premium market less influenced by after pandemic economic crisis
    2. Develop innovative products to minimize competition in commoditized products
    3. Difficulty in finding a product engineer may hinder the ability to take advantage of the premium market
    4. Difficulty in finding a product engineer may hinder the ability to by-pass price competition

    You may realize that:

    1. Is an opportunity
    2. Is an opportunity
    3. Is a risk
    4. Is a risk 

    You may evaluate these risks and opportunities based on probability and importance (severity or gain)

    I use the interested parties’ point of view to evaluate the importance of risks and opportunities.

    For example, one interested party are the owners of the organization. What do they want, what do they need, what do they expect?

    • Profit
    • Brand awareness
    • Market share

    So, based on this interested party point of view you can determine if each risk and opportunity is important. For example, because profit is relevant for the owners, you may conclude that all those risks and opportunities are critical to maintain or improve profits during a downturn.

    Hope this tip can help you with your clients.

    The following material will provide you more information:

  • First steps towards ISO 27001

    First is important to note that ISO 27001 does note require gap analysis, and we do not recommend it for small organizations (i.e., up to 100 employees), because due to this size it is easier to go directly to the implementation of the standard.

    Broadly speaking, after getting support for your project (through approval of the ISMS project plan) and approval of the Procedure for Document and Record Control, you should consider these steps:

    1. defining ISMS basic framework (e.g., scope, objectives, organizational structure), by understanding the organizational context and requirements of interested parties;
    2. development of risk assessment and treatment methodology;
    3. perform a risk assessment and define the risk treatment plan;
    4. controls implementation (e.g., policies and procedures documentation, acquisitions, etc.);
    5. people training and awareness;
    6. controls operation;
    7. performance monitoring and measurement;
    8. perform an internal audit;
    9. perform management critical review; and
    10. address nonconformities, corrective actions, and opportunities for improvement.

    To see how documents compliant with ISO 27001 look like, I suggest you take a look at the free demo of our ISO 27001 Documentation Toolkit at this link: https://advisera.com/27001academy/iso-27001-documentation-toolkit/

    This article will provide you a further explanation about ISMS implementation:

    These materials will also help you regarding ISO 27001 implementation:

  • Information security in project management

    In short, you can think about the inclusion of information security in project management as if you are going to implement a small ISMS that will fit the project's needs and be proportional to the project's lifetime and budget.

    Considering that, these are some evidence you should consider:

    • definition of information security objectives and include them in the project objectives, the same way you define information security objectives for an ISMS aligned with the organization's objectives, the only difference is that these objectives are restricted to the scope of the project.
    • initial and regular information risk assessment in the project and identification of applicable legal requirements, like you would do it with other business processes, to identify necessary controls (the controls you mentioned should be based on this step)
    • evidence related to the implemented controls (e.g., backup media, in the control A.12.3.1 Information backup is implemented).

    This article will provide you a further explanation about Information security in project management:

  • Auditing Extrusion

    As you know, your control plan starts with the incoming inspection process and shows all the stages of the shipment process to the customer. Therefore, all these processes should be audited as manufacturing process audits according to your control plan. In fact, these processes should be audited until the shift they work, and auditors should audit shift changes. Because all these processes play a critical role in providing products to the customer and in case of deficiency, they will return to you as a customer complaint and as you know the 8D process starts.

    For more information, please read the following articles:

    • Five Main Steps in an IATF 16949:2016 Internal Audit  https://advisera.com/16949academy/knowledgebase/five-main-steps-in-an-iatf-169492016-internal-audit/
    • How to make an Internal Audit checklist for IATF 16949:2016 https://advisera.com/16949academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iatf-16949/

    • ISO 9001 and ISO 13485

      Yes, it is. You can continue implementing ISO 9001 and add the differences coming from ISO 13485. You can see that there is a lot in common, although they follow different structures.

      The following material will provide you more information:

    • Calibration of laboratory equipment

      Although I cannot tell which analyzer you are specifically referring to, as a testing laboratory, you need to start by understanding the difference between calibration and verification, and what a level of measurement uncertainty and traceability to SI is achievable and acceptable (e.g national or international traceability). This involves having a suitable calibration program and intermediate checks (verification) to meet ISO 17025 clause 6.4 equipment requirements and clause 6.5 Metrological traceability. Note that assuring your results goes beyond the analyzer, it includes all equipment used in the process – e.g analytical balances, glassware, dispensing devices, reference standards to establish the analytical calibration on the instrument.

      Regarding your reference to the difference between “external” and “internal” - External is when you contract an ISO 17025 calibration laboratory to perform validations. What you are referring to as “internal” is rather referred to as “intermediate checks” or “verification”. This is because it is possible for laboratories to calibrate internally if calibration requirements are met. Calibration laboratories must have certified reference standards with strong metrological traceability to SI and a fit for purpose, well-documented measurement uncertainty for each test property. When using a calibration laboratory, for example, to calibrate your analytical balances, they need to use a suitable class of reference weights. Depending on the class of balance, a particular class of reference weight must be used to calibrate such a balance, as they have different specifications (agreed technical parameters)  resulting in a particular level of measurement uncertainty.

      How often you do external calibrations and whether you need to perform intermediate checks (and how often), depends on the process steps and what equipment is used. For analytical balances it is straight forward – a laboratory would use a set of weights that they own, where each piece has metrological traceability to SI, where they were previously calibrated by an external calibration provider (at a suitable frequency, based on risk and need).  So here you have reported uncertainties on the calibration certificate that you confirm are acceptable for each piece. Then you perform intermediate checks (verifications) on your balances at suitable time intervals (also based on risk), across the range of use (g) of the balance.  For your analyzer, your intermediate checks could be functional, based on the instrument performance, as well as by using standard reference checks against the calibration. This involves using different standard solutions or materials than what was used in setting up the calibration on the analyzer.

      For further information see the following:

      The article What does ISO 17025:2017 require for laboratory measurement equipment and related procedures? at https://advisera.com/17025academy/blog/2019/07/25/iso-17025-measurement-requirements-of-the-standard/

      The ISO 17025 document template: Equipment and Calibration Procedure at https://advisera.com/17025academy/documentation/equipment-and-calibration-procedure//

      ILAC G24:2007 Guidelines for the determination of calibration intervals of measuring instruments (note currently under revision) available for download at https://ilac.org/?ddownload=818

      You can also refer to another Expert Advice Community Q&A  Are intermediate checks required for calibration laboratories? att https://community.advisera.com/topic/are-intermediate-checks-required-for-calibration-laboratories/

    • Marketing Auditor services

      So, you are an ISO 9001 internal auditor and you want to find clients for your audit service.

      https://www.screencast.com/users/ccruz5284/folders/Default/media/44897233-09bd-48d7-a7c8-1f49e7253b66

      Potential clients must be aware of your competence. About competence: Can you provide evidences of experience as auditor? Can you provide evidence of training as auditor? Can you provide evidence of certification as auditor to provide image and credibility?

      Potential clients must be aware of your existence. You must develop your own brand by evidencing your knowledge and experience. You evidence your knowledge when you write. You should write. Share what you know, share your experience and results, share testimonies of your clients about the outcomes of working with you. Use blogs, professional networks, trade magazines, use your LinkedIn profile, make presentations at conferences. And don’t forget to develop a network of contacts. Consultants implementing quality management systems always need an independent first party auditor. So, you can contact them and offer your services. As soon as you have enough experience as internal auditor you can contact certification bodies to offer your services as third party auditor.

      The following material will provide you more information:
Page 351-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +