Search results

Starting a company with ISO 9001 Lead Auditor certification

Yes, we have an ISO 9001:2015 Lead Auditor Course. I believe you mean to start a consulting company, to help organizations implement a quality management system and get certification. If that is the case the Lead Auditor Course can help you demonstrate knowledge and competence. Perhaps our ISO 9001:2015 Lead Implementer Course could be useful. Please check this article about how our list of courses can help professionals in their journey - How to choose the most appropriate training - https://advisera.com/training/compare/

The following material will provide you more information about consulting:

• How to become an ISO 9001 consultant - https://advisera.com/9001academy/blog/2016/11/15/how-to-become-an-iso-9001-consultant/
• How to sell your ISO 9001 consulting services - https://advisera.com/9001academy/blog/2017/06/20/how-to-sell-your-iso-9001-consulting-services/
   

Software as Medical Device

For classification of the software to be a medical device, please see Rule 11 from Medical device regulation MDR 2017/745 here:

• EU MDR Annex 8 – Classification rules https://advisera.com/13485academy/mdr/classification-rules/

death or an irreversible deterioration of a person’s state of health, in which case it is in class III; ora serious deterioration of a person’s state of health or surgical intervention, in which case it is classified as class IIb.Software intended to monitor physiological processes is classified as class IIa, except if it is intended for monitoring of vital physiological parameters, where the nature of variations of those parameters is such that it could result in immediate danger to the patient, in which case it is classified as class IIb.

All other software is classified as class I.

Manufacturers of a medical device must have implemented ISO 13485:2016.

More information about this standard you can find on the following links:

• What is ISO 13485? - https://advisera.com/13485academy/what-is-iso-13485/
• Clause-by-clause explanation of ISO 13485:2016 - https://info.advisera.com/13485academy/free-download/clause-by-clause-explanation-of-iso-13485
• Checklist of ISO 13485 implementation and certification steps - https://advisera.com/13485academy/knowledgebase/checklist-of-iso-13485-implementation-and-certification-steps/
• Free webinar on demand: A how-to guide for ISO 13485 implementation - https://advisera.com/13485academy/webinar/a-how-to-guide-for-iso-13485-implementation-free-webinar-on-demand/

• Health, safety and EMS in a construction company

  As ISO 14001 and Iso 45001 are written to be used by any industry, the process of implementation is the same for construction, the main difference is that the environmental aspects (interactions with the environment), OH&S hazards and legal requirements will be different. Start each implementation off with management support, and ensure that you implement each part of the standards. You can see the implementation process for ISO 14001 here (ISO 14001:2015 Implementation diagram, https://info.advisera.com/14001academy/free-download/iso-14001-2015-implementation-diagram) and ISO 45001 here (Diagram of ISO 45001 Implementation Process, https://info.advisera.com/45001academy/free-download/diagram-of-iso-45001-implementation-process).

  If you are implementing both ISO 14001 and Iso 45001, it might be helpful to see our whitepaper on integrating management systems; How to integrate ISO 9001, ISO 14001 and ISO 45001, https://info.advisera.com/9001academy/free-download/how-to-integrate-iso-9001-iso-14001-and-iso-45001

• ISO 14001 certification at corporate level

  Yes, it is possible to certify your EMS at the corporate level. If an organization has more than one location, the scope should include the activities or processes involved, the products or services considered, and the name and addresses of each location. Each location has to comply with legal and regulatory requirements applicable to its own location.

  You can find more information in the following links:

  • Although from ISO 9001 this article can be useful - Certifying different legal entities under one certification scope in ISO 9001 - https://advisera.com/9001academy/blog/2018/03/27/certifying-different-legal-entities-under-one-certification-scope-in-iso-9001/
  • Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
  • Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/

• International personal data transfers – Binding Corporate rules (BCR) under GDPR – and Cross boarder documentation

  "I have been through the forwarded material around GDPR compliance and I have the following questions:

  1. International personal data transfers – Binding Corporate rules (BCR) under GDPR – and Cross border documentationHow do we secure compliance? Is it by fill in and sign the Cross Border document or do we need another agreement?

  I assume you are referring to the documentation in the EU GDPR Documentation Toolkit. As you may know, Binding corporate rules (BCR) under Article 47 GDPR apply to group companies for transfers inside the same group, and to be compliant must be approved by the competent Data Protection Authority (DPA) following the procedure in Article 63 GDPR which is quite complex.

  BCR must

• be enforceable to all companies of the group and legally binding,
• assure data subjects rights,
• provide information and contacts of the group and each company belonging to the group,
• provide information on data transfers, data subjects involved, third countries of destination,
• assure the application of principle layout in GDPR as data minimization, data retention period, purpose limitation, data quality, data protection by design and by default,
• accept liability for any breach of the BCR by any company of the group as reported by the competent DPA,
• assure compliance of all group’s companies to BCR with audits, employees’ training to follow BCR, and willingness to modify and implement BCR to DPA’s new requirements,
• Cooperate with and report to DPA any data breach.

BCR are quite complex and not suitable for small-medium companies, with a long and complex adoption procedure. Maybe, your question referred to the Standard Contractual Clauses, which are used for assuring the transfer of data between companies that do not belong to the same group.

These are contained in Folder 7 of the EU GDPR Documentation Toolbox that you bought. If so, you need to attach the Data Transfer Agreement to the original Agreement with the other Party selecting the right template depending if you are transferring to a data processor or to a data controller.

2. When we have “employed” sellers and consultants with their own companies which invoices their “salary” to Digizuite, do we then need specific Data processing agreements with each of them?

Do your sellers and consultants process personal data on your behalf in their job? If they do, you need to sign a specific data processing agreement with each of them independently from the use of Digizuite. Maybe sellers relate with customer's personal data and you need to assure the process data being compliant with GDPR requirements as data processors.

3. I can’t find a Data Processor agreement in your material. Why isn’t it part of the toolkit?"

In the EUGDPR Documentation Toolkit, you can find 2 templates of Data Processor Agreement in Folder 8 - Third Party Compliance.

Here you can find some useful material about data transfer:

• 3 steps for data transfers according to GDPR: https://advisera.com/articles/3-steps-for-data-transfers-according-to-gdpr/
• Standard Contractual Clauses for the Transfer to Processors and Standard Contractual Clauses for the Transfer to Controllers.: https://info.advisera.com/eugdpracademy/free-download/standard-contractual-clauses-annexes
• EU GDPR Article 44 – General principle for transfers: https://advisera.com/eugdpracademy/gdpr/general-principle-for-transfers/
• EU GDPR Article 45 – Transfers on the basis of an adequacy decision: https://advisera.com/gdpr/transfers-on-the-basis-of-an-adequacy-decision/
• EU GDPR Article 46 – Transfers subject to appropriate safeguards: https://advisera.com/gdpr/transfers-subject-to-appropriate-safeguards/
• EU GDPR Article 47 – Binding corporate rules: https://advisera.com/gdpr/binding-corporate-rules/
• Free webinar – How to make personal data transfers to other countries compliant with GDPR: https://advisera.com/webinars/how-to-make-personal-data-transfers-compliant-with-gdpr-free-webinar-on-demand/
• EU GDPR controller vs. processor – What are the differences? https://advisera.com/eugdpracademy/knowledgebase/eu-gdpr-controller-vs-processor-what-are-the-differences/

You can consider enrolling in this EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

• Requirements for certification

  Setup a project sponsor, a project manager and a project team. Ensure top management support, get training and as a first step perform a Gap analysis, to determine the amount of work to be done - comparing what your organization already has in place versus ISO 9001:2015 requirements. From that GAP Analysis you can develop your Project Plan, listing what needs to be done, by whom, until when.

  Then, an important step is to design a model of how your organization work as a set of interrelated processes. For example:

  

  Decide how to describe and monitor those processes.

  From there it is implementation in order to close the gaps found. Then, perform an internal audit and the management review. There you can decide if your organization is ready for a certification audit.

  This is a very short description of the journey but below you can find more detailed information:

  • Free Gap Analysis Tool - https://advisera.com/9001academy/iso-9001-gap-analysis-tool/
  • Should you use a gap analysis in your ISO 9001 implementation? -https://advisera.com/9001academy/17/use-gap-analysis-iso-9001-implementation/
  • Checklist of ISO 9001 implementation & certification steps - https://advisera.com/9001academy/knowledgebase/checklist-of-iso-9001-implementation-certification-steps/
  • ISO 9001 Implementation diagram - https://info.advisera.com/9001academy/free-download/iso-9001-implementation-diagram
  • Free webinar on demand - Overview of ISO 9001 implementation steps - https://advisera.com/9001academy/webinar/overview-of-iso-9001-implementation-steps-free-webinar-on-demand/
  • Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
  • Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
     

• Clause 6.1.1

  One general advise: avoid generic lists of risks. Each organization is a particular case.

  According to ISO 9001:2015 organizations can determine three types of risks:

  • Risks related with context and interested parties;
  • Risks related with products and services; and
  • Risks related with processes 

  The following material will provide you more information about risks:

  • Risk-based thinking replacing preventive action in ISO 9001:2015 – The benefits - https://advisera.com/9001academy/knowledgebase/risk-based-thinking-replacing-preventive-action-in-iso-90012015-the-benefits/
  • How to address risks and opportunities in ISO 9001 - https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
  • How to identify risk significance in ISO 9001:2015 - https://advisera.com/9001academy/blog/2019/01/14/how-to-identify-risk-significance-in-iso-90012015/
  • How to identify risk controls in ISO 9001:2015 - https://advisera.com/9001academy/blog/2019/01/21/how-to-identify-risk-controls-in-iso-90012015/
  • Methodology for ISO 9001 Risk Analysis - https://advisera.com/9001academy/blog/2015/09/01/methodology-for-iso-9001-risk-analysis/
  • ISO 9001:2015 Risk Management Toolkit - https://advisera.com/9001academy/iso-90012015-risk-management-toolkit/

• Auditing own subordinates

  After ISO 9001:2015 the requirement for the independence of internal auditors has been removed from the internal auditor definition but not from the audit definition. Now, in addition to meeting your organization's competence criteria, internal auditors only have to ensure objectivity and impartiality. Thus, the manager could audit his own subordinates during an internal audit if, and only if he/she can ensure that it will be carried as a systematic, independent and documented process for obtaining objective evidence. This requirement is lost when the auditor (the manager) is a person who could be affected by the audit. For example, as manager he/she who would need to deal with the corrective actions that were found. So, avoid having managers auditing their own subordinates during an internal audit.

  The following material will provide you more information:

  • Major vs. minor nonconformities in the certification audit - https://advisera.com/27001academy/blog/2014/06/02/major-vs-minor-nonconformities-in-the-certification-audit/
  • Free webinar on demand - How to perform an ISO 9001:2015 internal audit - https://advisera.com/9001academy/webinar/how-to-perform-an-iso-9001-2015-internal-audit-free-webinar-on-demand/ (includes a slide about developing checklist questions)
  • ISO 9001:2015 Internal Auditor Course: https://advisera.com/training/iso-9001-internal-auditor-course/
  • Book - ISO internal audit: A plain English guide: https://advisera.com/books/iso-internal-audit-plain-english-guide/
     

• ISO 9001 inquiry

  1- Implementation process flow

  Answer:

  The following links provide information that can help you develop your own implementation process flow. The first article is about using the Gap Analysis as the first step in gathering information to develop an implementation plan:

  • Should you use a gap analysis in your ISO 9001 implementation? -https://advisera.com/9001academy/17/use-gap-analysis-iso-9001-implementation/
  • Checklist of ISO 9001 implementation & certification steps - https://advisera.com/9001academy/knowledgebase/checklist-of-iso-9001-implementation-certification-steps/
  • ISO 9001 Implementation diagram - https://info.advisera.com/9001academy/free-download/iso-9001-implementation-diagram
  • Free webinar on demand - Overview of ISO 9001 implementation steps - https://advisera.com/9001academy/webinar/overview-of-iso-9001-implementation-steps-free-webinar-on-demand/ 

  2- Basic required procedures"

  Answer:

  This may come as a surprise to you but ISO 9001:2015 does not requires any procedure. It is up to each organization to decide what procedures, if any, are needed (please check clause 4.4.2). Not being mandatory is not the same as being forbidden. So, I recommend organizations to develop relevant procedures. The more complex an organization is and the bigger the staff rotation, the more are procedures useful. Please check this article - List of mandatory documents required by ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/ 

   

• Management review

  Please check the beginning of clause 9.3.1. It states that top management shall review to ensure a set of things about the quality management system. The conclusions and decisions of the management review are about that set of things. If top management does not approve those outputs, it cannot evidence that that set of things is being ensured.

  The following material will provide you more information:

  • How to make Management Review more useful in the QMS - https://advisera.com/9001academy/blog/2014/01/21/make-management-review-useful-qms/
  • How to Make Management Review More Practical - https://advisera.com/9001academy/blog/2013/12/10/make-management-review-practical/
  • Free webinar – How to perform management review according to ISO 9001:2015 - https://advisera.com/9001academy/webinar/how-to-perform-management-review-according-to-iso-9001-2015-free-webinar-on-demand/
  • ISO 9001 document template: Procedure for Management Review - https://advisera.com/9001academy/documentation/procedure-management-review/
  • Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
  • Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/