Search results

Auditing own subordinates

After ISO 9001:2015 the requirement for the independence of internal auditors has been removed from the internal auditor definition but not from the audit definition. Now, in addition to meeting your organization's competence criteria, internal auditors only have to ensure objectivity and impartiality. Thus, the manager could audit his own subordinates during an internal audit if, and only if he/she can ensure that it will be carried as a systematic, independent and documented process for obtaining objective evidence. This requirement is lost when the auditor (the manager) is a person who could be affected by the audit. For example, as manager he/she who would need to deal with the corrective actions that were found. So, avoid having managers auditing their own subordinates during an internal audit.

The following material will provide you more information:

• Major vs. minor nonconformities in the certification audit - https://advisera.com/27001academy/blog/2014/06/02/major-vs-minor-nonconformities-in-the-certification-audit/
• Free webinar on demand - How to perform an ISO 9001:2015 internal audit - https://advisera.com/9001academy/webinar/how-to-perform-an-iso-9001-2015-internal-audit-free-webinar-on-demand/ (includes a slide about developing checklist questions)
• ISO 9001:2015 Internal Auditor Course: https://advisera.com/training/iso-9001-internal-auditor-course/
• Book - ISO internal audit: A plain English guide: https://advisera.com/books/iso-internal-audit-plain-english-guide/
   

ISO 9001 inquiry

1- Implementation process flow

Answer:

The following links provide information that can help you develop your own implementation process flow. The first article is about using the Gap Analysis as the first step in gathering information to develop an implementation plan:

• Should you use a gap analysis in your ISO 9001 implementation? -https://advisera.com/9001academy/17/use-gap-analysis-iso-9001-implementation/
• Checklist of ISO 9001 implementation & certification steps - https://advisera.com/9001academy/knowledgebase/checklist-of-iso-9001-implementation-certification-steps/
• ISO 9001 Implementation diagram - https://info.advisera.com/9001academy/free-download/iso-9001-implementation-diagram
• Free webinar on demand - Overview of ISO 9001 implementation steps - https://advisera.com/9001academy/webinar/overview-of-iso-9001-implementation-steps-free-webinar-on-demand/ 

2- Basic required procedures"

Answer:

This may come as a surprise to you but ISO 9001:2015 does not requires any procedure. It is up to each organization to decide what procedures, if any, are needed (please check clause 4.4.2). Not being mandatory is not the same as being forbidden. So, I recommend organizations to develop relevant procedures. The more complex an organization is and the bigger the staff rotation, the more are procedures useful. Please check this article - List of mandatory documents required by ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/ 

Management review

Please check the beginning of clause 9.3.1. It states that top management shall review to ensure a set of things about the quality management system. The conclusions and decisions of the management review are about that set of things. If top management does not approve those outputs, it cannot evidence that that set of things is being ensured.

The following material will provide you more information:

• How to make Management Review more useful in the QMS - https://advisera.com/9001academy/blog/2014/01/21/make-management-review-useful-qms/
• How to Make Management Review More Practical - https://advisera.com/9001academy/blog/2013/12/10/make-management-review-practical/
• Free webinar – How to perform management review according to ISO 9001:2015 - https://advisera.com/9001academy/webinar/how-to-perform-management-review-according-to-iso-9001-2015-free-webinar-on-demand/
• ISO 9001 document template: Procedure for Management Review - https://advisera.com/9001academy/documentation/procedure-management-review/
• Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
   

Project sponsor

I can only provide a general answer about project sponsors. Normally, a project sponsor is someone who does not actively participate in the project. The project sponsor must be regularly briefed by the project manager about the project status and intervene if the project is halted. A project sponsor can be very useful for unlocking resources and reconciling conflicting priorities and escalated issues.

The following material will provide you more information about design and development:

• The ISO 9001 Design Process Explained - https://advisera.com/9001academy/blog/2013/11/05/iso-9001-design-process-explained/
• Procedure for Design and Development - https://advisera.com/9001academy/documentation/procedure-design-development/
• Free online training ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
• Book – Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

Third Party Compliance

I have a question in regards to the document in section 8, Third Party Compliance. Supplier Data Processing Agreement.  We use a third party like Google Analytics, does it fall under this category?

Implementing 13485 as a wire harness supplier

According to the ISO 13485:2016 requirement 4.2.3 Medical device file, here are the elements that you need to have:

• a general description of your product and labeling
• specification of the product
• description of how you manufacture the device, package, store, handling, and distribution<
• if there is any kind of measuring or monitoring procedure
• if there are instruction or any requirement for installation to another device
• if there is a possibility to service your part of the device, then you need a procedure for that

For more information, please see the following article:

• How to meet ISO 13485:2016 requirements for medical device files - https://advisera.com/13485academy/blog/2017/06/28/how-to-meet-iso-13485-requirements-for-medical-device-files/

• Changes to EU GDPR policies regarding e-privacy

  Hi, I need to know whether there have been any changes to the EU GDPR policies recently in relation to e-privacy. Can you advise?

• Certified ISO auditor in the US

  Great answer. Thank you very much. 

• Key Performance Indicators in relation to ISO

  Unfortunately, I’m not aware of any standard to be used as a reference for the definition of KPI’s.

  KPIs should be a function of the strategic orientation of an organization. Simplifying a complex world, an organization can serve clients that value above all:

  • The lowest price; or
  • Innovation or design; or
  • Customized service.

  If an organization manufactures a product or provides a service focused:

  • on customization, the point is not efficiency but effectiveness;
  • on the lowest cost, the point is efficiency. 

  Some years ago, I developed this crazy metaphor of seeing an organization with all its processes as an athlete. If you compare the body of someone competing on athletics with the body of someone that competes on weightlifting, they are very, very different. The body of a soccer player is very different from the body of a basketball player. Different strategic orientations require different process content. Two different organizations with two different strategic orientations may have a process with a similar name but with different activities or different priorities.

  The following material will provide you more information:

  • Article - How to define Key performance indicators for a QMS based ISO 9001: https://advisera.com/9001academy/24/define-key-performance-indicators-qms-based-iso-9001/-iso-9001/
  • Article - How t write good quality objectives: https://advisera.com/9001academy/knowledgebase/how-to-write-good-quality-objectives/
  • Free webinar on demand - Measurement, analysis, and improvement according to ISO 9001:2015 -
    https://advisera.com/9001academy/webinar/measurement-analysis-and-improvement-according-to-iso-9001-2015-free-webinar/
  • Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
  • Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
     

• Internal Audit Procedure

  One can describe the internal audit process like this:

  

  Please check this free webinar on demand that details each step in the internal audit process - How to perform an ISO 9001:2015 internal audit - https://advisera.com/9001academy/webinar/how-to-perform-an-iso-9001-2015-internal-audit-free-webinar-on-demand/

  You can find more information in the following links:

  • ISO 9001 – Five Main Steps in ISO 9001 Internal Audit - https://advisera.com/9001academy/knowledgebase/five-main-steps-in-iso-9001-internal-audit/
  • ISO 9001 document template: Procedure for Internal Audit - https://advisera.com/9001academy/documentation/procedure-internal-audit/
  • Free online training ISO 9001:2015 Internal Auditor Course
    – https://advisera.com/training/iso-9001-internal-auditor-course/ 
  • Book - ISO Internal Audit: A Plain English Guide - https://advisera.com/books/iso-internal-audit-plain-english-guide/