Search results

Using customer's data from the questionnaire

Thank you. Am I permitted to create this privacy policy myself?

Yes, you can create it by yourself. Advisera has developed some templates to make it easy to develop your own privacy notice.

You can check out our document template here: EU GDPR document template: Privacy Notice https://advisera.com/toolkit-documents/eu-gdpr/privacy-notice/

Should individuals receive this privacy policy if they've chosen to share their contact details with me?

Individuals should read and consent to your privacy policy when filling your questionnaire. You can insert a link on a questionnaire to allow individuals to read your privacy notice.

Environmental management manual

What is the purpose of an environmental management manual?

Answer:

ISO 14001:2015 does not require an environmental management manual. Organizations may decide having one or not. So, if one organization decide to have an environmental management manual it is free to determine a purpose for it. Working with organizations, I advise the creation of an environmental management manual as a document to present the environmental management system, its policy, its main processes, its documents and main responsibilities.

why language is so important in writing operating procedures?

Answer:

Language is important while writing operating procedures because we want a document to be clear, to be precise, to be able to be understood by those who will read and apply it.

Please check below information about ISO 14001:2015:

• What is an environmental management system manual? - https://advisera.com/14001academy/knowledgebase/what-is-an-environmental-management-system-manual/
• How to structure ISO 14001 documentation - https://advisera.com/14001academy/blog/2016/11/28/how-to-structure-iso-14001-documentation/
• Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
• Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/

IATF 16949 standard documents in digital form

It is possible to find the IATF 16949: 2016 standard online.

Since the right to sell the standard is in the IATF organization; you can buy it as pdf or hard copy from the websites of SMMT, AIAG, VDA.

For more information, please read the follwoing article:

• What is IATF 16949? https://advisera.com/16949academy/what-is-iatf-16949/

• Clause 8.2.3.1

  If the delivery date is “blank” it may be considered a finding by an auditor, like me.

  Every organization works with unorganized clients. At the end of clause 8.2.3.1, one can read: “The customer’s requirements shall be confirmed by the organization before acceptance when the customer does not provide a documented statement of their requirements.”. What you report is a typical situation framed by this text from the standard. In this situation, the supplier should evaluate the best possible delivery date, as soon as possible may be interpreted as “fast”, and send an order confirmation stating what was ordered, in what quantity, at what price, to be delivered where and when. So, if that order confirmation sent has no answer, it means that the client accepted the conditions.

   

• Control of outsourced activities

  Clause 8.1.4.3 Includes the requirements for outsourced activities as part of the purchasing requirements for the OHSMS. The gist of these requirements is that you need to control these activities when they happen, that your outsourcing meets legal requirements, and that you define the control needed to ensure OH&S requirements are covered when outsourcing. This could include identification of OH&S hazards for the supplier.

  You can learn more on hazards in this article: How to identify and classify OH&S hazards, https://advisera.com/45001academy/blog/2015/05/14/how-to-identify-and-classify-ohs-hazards/

• Laboratory activity - where to draw the line

  You asked why a testing laboratory, who conforms to ISO 17025 requirements to verify and calibrate their own equipment, cannot offer calibration services and calibration certificates for clients.

  Although ISO 17025 is applicable to both testing and calibration laboratories, the application of the standard differs. From a laboratory point of view, there are specific laboratory activities for calibration and testing laboratories, involving different technical and performance capability of equipment, operational activities and risks. Reporting requirements are also different. For the required purpose of metrological traceability to international units, an unbroken chain of calibrations is required, linked to appropriate references. For each chain a measurement uncertainty must be calculated so that the overall uncertainty can be known. Only then can a testing lab determine if a method is adequate for use. Testing laboratories generally rely on competent calibration laboratories to meet these specific metrological needs.

  From an accreditation point of view, accreditation bodies are themselves accredited for specific scopes, where testing and calibration scopes are independent and programs are managed separately. This said, an organisation could, in principle, apply separately for accreditation as a Calibration laboratory and as a Testing laboratory, each with their different range of activities and scope of accreditation

  Have a look at another ISO 17025 answered question that all addressed this topic - Calibration of measurement equipment, available at https://community.advisera.com/topic/calibration-of-measurement-equipment//

• New measurement system

  I assume that by “CMM” you are referring to coordinate-measuring machines.  I cannot tell if the question is in the context of a calibration laboratories service, a legal metrology verification laboratory, or generally as a product quality assurance and quality control tool for a workshop (machining and assembly) in a manufacturing sector. There are a number of standards for measuring the geometry of physical objects. The ISO publication list is available at https://www.iso.org/committee/54924/x/catalogue/ Which are relevant will depend on the application, country, sector and any other regulations.  It could be, for example, a recognised national standard or other (based on an international standard) to which a verification laboratory will be granted accreditation.

  If the context is metrology for calibration laboratory, the ISO 17025 standard will require method development and validation and the evaluation of measurement of uncertainty to prove the system to be appropriate for its defined use.  ISO 17025 requirements must be met to ensure competency to produce consistently reliable results. 

  The ISO 17025 toolkit at https://advisera.com/17025academy/iso-17025-documentation-toolkit/. includes the procedure for validation and verification of methods, named Test and Calibration Method Procedure, along a Test Method Development, Verification and Validation Register and Test Method Development, Verification and Validation Record. 

  Have a look at other ISO 17025 answered questions for further information which may be of interest.
  Procedures for validation and verification of methods at https://community.advisera.com/topic/procedures-for-validation-and-verification-of-methods/
  Methods verification at https://community.advisera.com/topic/methods-verification/

• ISO 45001 vs OHSAS 18001

  Probably the biggest change from OHSAS 18001 to ISO 45001 is the introduction of the context of the organization. This requirement means that you need to understand the internal and external issues that affect your OHSMS, as well as who your interested parties are and what their needs are. This information is used later in the standard to identify risks that are not directly related to hazards, as well as plans for emergency response.

  We have a pre-recorded webinar that discusses the change which may help: ISO 45001:2018 vs. OHSAS 18001:2007 – The main changes, https://advisera.com/45001academy/webinar/iso-45001-2017-vs-ohsas-18001-2007-the-main-changes-on-demand/

• Certify company in safe data destruction and recycling

  We need to certify our company in the secure erasure of data, either by software methods or by the destruction of disks and that we can demonstrate or certify that the data is irrecoverable for the machines unsubscribed by the client.

   It is possible to certify a secure erasure of data process against ISO 27001, certifying that the process follows the standard's requirements and that the data is irrecoverable from the media where it was stored.

  But please note that ISO 27001 does not provide technical guidance on how to perform data disposal. For technical guidance, you need to consider additional references, like NIST special publications.

  These articles will provide you a further explanation about ISO 27001, how it can be used for media disposal, and NIST practices:

  • What is ISO 27001 https://advisera.com/27001academy/what-is-iso-27001/
  • Where to start from with ISO 27001 https://advisera.com/27001academy/knowledgebase/iso-27001-where-to-start-most-important-materials/
  • Secure equipment and media disposal according to ISO 27001 https://advisera.com/27001academy/blog/2015/12/07/secure-equipmentand-media-disposal-according-to-iso-27001/
  • 5 practical tips for media disposal according to ISO 27001 https://advisera.com/27001academy/blog/2018/10/22/5-practical-tips-for-media-disposal-according-to-iso-27001/
  • How to use NIST SP 800-53 for the implementation of ISO 27001 controls https://advisera.com/27001academy/blog/2016/05/10/how-to-use-nist-sp-800-53-for-the-implementation-of-iso-27001-controls/

  These materials will also help you regarding ISO 27001:

  • Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
  • ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/