Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • ISO 9001 consultant challenges

    Some of the challenges of being a consultant are:

    • Finding new customers;
    • Winning a bad project;
    • Customers expecting that consultants do customers’ work;
    • Meeting project delivery dates;
    • Meeting budget target;
    • Always being in a research and learning mode

    You can find more information below:

  • ISO 9001 and property belonging to customers/external providers

    Clause 8.5.3 about property belonging to customers or external providers (suppliers) may not be applicable to every organization.

    Simpler case – a customer bought a product and that product is returned for planned maintenance, or for correcting some defect, or for upgrading some part (last week I updated my computer battery, for example).

    Business to consumer – your company sold a washing machine to a consumer and one of your company’s teams is going to install it at the consumer’s kitchen. You expect that the team does not damage the consumer’s kitchen.

    Business to business case – consider a brand that outsources the manufacturing of its garments to a manufacturer. The manufacturer buys and applies all materials, but the brand supplies the high-profile brand labels. Those labels must be protected from theft or any kind of loss. For all purposes, those labels are like money.

    Intellectual property – a customer sends you, the manufacturer, the blueprints of its later high-tech gadget. Customers expect that the blueprints are protected from theft or leaking into the media.

    Molds – A customer has a mold and asks your organization to manufacture injection molding parts with it. The customer expects that you don’t start injection parts with that mold for your own use

    External providers – It is becoming more common that organizations don’t possess equipment, they rent it to an external provider. For example, in a construction company, the scaffolding structure used may belong to an external provider.

    You can find more information below:

  • Inventory of Assets template

    For the value on the "Impact" column in the Inventory of Assets template, you must copy the value identified in the "Consequence" column in the Risk Assessment Table template.

  • ISO 27001 implementation

    Yes, the templates take into account the integration with ISO 27001 with other ISO management systems.

    Since 2012 all ISO management systems have common requirements aligned (e.g., control of documents and records, internal audit, management review, etc.), so you can use part of the documents you already have for ISO 9001 and make only small adjustments for them to be also compliant with ISO 27001.

    These articles will provide you a further explanation about integrating management systems:

    These materials will also help you regarding ISO 27001 implementation:

  • Information Security Policy vs IT Security Policy

    Please note that these are different documents:

    • the Information Security Policy is located on folder 02 (General policies), as you mentioned
    • the IT Security Policy is located on folder 08 Annex A Security Controls, subfolder A.8 Asset Management

    The purpose of the Information Security Policy is to define high-level information about how information security is managed, while the purpose of the IT Security Policy is to provide details on how to use the information system and other information assets.

    In the List of Documents file included in your toolkit, you can identify where each document is located and which clauses and controls are covered by each of them.

    This article will provide you a further explanation about the information security policy:

  • IS Cross Border Personal Data Transfer Procedure actual according to GDPR?

    If I correctly understand your question, you are asking if in your documentation you can mention the Directive 95/46/EC.

    As you correctly said, Directive 95/46/EC has been replaced by GDPR and it is not in force anymore. Therefore, it is not correct to mention Directive 95/46/EC in your documentation, you should refer to GDPR.

    GDPR does not mention “Data Importer” and “Data Exporter”, only the data controller and data processor.

    If you want to keep the definition of “Data Importer” and “Data Exporter” in your documentation, you should define it inside the GDPR framework (i.e. “Data Importer is a data processor under Article 28 GDPR which is located in a third country where the data are transferred with adequate safeguards according to Articles 44-50 GDPR”) and then you can keep using those definitions.

  • Procedures listed in equipment's manual

    1. 6.4.3 The laboratory shall have a procedure for handling, transport, storage, and use and planned maintenance of equipment, these procedures could they be the ones that listed in the equipment's manual? Or a procedure must be created according to the manual and the laboratory's policy?

    The mandatory requirement for ISO 17025:2017 is that your laboratory has a procedure and necessary records. I assume you are referring to you own equipment manual, which covers all your equipment. Yes, you could use you own equipment manual as your documented procedure and refer to the relevant sections of Suppliers manuals; as long as the references and information is up to date and controlled.

    Regarding your reference to “the laboratory's policy”, there is no need for a policy on management of your equipment. Your ISO 17025 management system must include an overall quality policy and specific objectives. How you meet the requirements for equipment management must be risk and opportunity based, to support your quality policy and to achieve your objectives.

    2. If the laboratory has a code of ethics and conducts, to which every employee signed his agreement to respect, does that prove the company's impartiality and confidentiality?"

    If the established code of ethics and conduct addresses the requirements to safeguard impartiality and confidentiality, this is evidence of management’s commitment to these topics. The purpose of a signed acknowledgment by an employee is to show that, firstly it has been communicated to them (again a requirement of management), they have received it and that they acknowledge the content of the code. Even if they declared by signing that they will abide by the code; this is not evidence of actual compliance with the policies. There is no objective evidence through acknowledging the code that impartiality and confidentiality is in fact upheld.

    Ensuring Impartiality and confidentiality is an activity that is ongoing. It is achieved through a process approach by knowing your process inputs and outputs and the factors that could affect your objective of safeguarding impartiality and confidentiality for every laboratory activity. Risk assessments should be performed upfront to identify and address any initial risks to impartiality and confidentiality. Then use surveillance activities such as audits, employee meetings/feedback and customer feedback on an ongoing basis to monitor compliance. Take appropriate action to mitigate any new or changed risks.

    For more information, have a look at the ISO 17025 Expert Advice Community answersAssuring impartiality and confidentiality - https://community.advisera.com/topic/assuring-impartiality-and-confidentiality/Compliance with the ISO/IEC 17025:2017 requirement for Impartiality - https://community.advisera.com/topic/compliance-with-the-isoiec-170252017-requirement-for-impartiality/Procedure for impartiality - https://community.advisera.com/topic/procedure-for-impartiality/

    Have a look to see how the following toolkit documents can assist you:Quality Policy, Quality Manual and procedure Addressing Risks and Opportunities.  Previews are available at https://advisera.com/17025academy/iso-17025-documentation-toolkit/

  • SoA and selection of control A.11.2.9 Clear desk and clear screen policy

    1. How much there is room for modifying the procedure concerning the control, if there is only need for the clear screen policy but no need for a clear desk policy?

    The templates are fully editable, so you can modify them freely to fulfill your needs.

    2. Can one select the control as applicable on SoA and then write procedure concerning only the clear screen policy (or if required adapt the clear desk policy only concerning specific areas such as conference rooms, reception area, etc.?

    In a situation where you do not have relevant risks or legal requirements (e.g., laws, regulations, or contracts) related to the clear desk, you can write a procedure only related to a clear screen.

    You also can adapt the policy to have only a separate clear desk policy covering specific areas.

    But please note that separating the clear desk and clear screen in different policies does not make much sense and may add unnecessary administrative work to maintain both policies (most probably the places where you have information on both electronic and physical media will have sensitive information on both media, which can be treated by a single policy).

    This article will provide you a further explanation about the clear desk and clear screen:

  • How to become ISO/IEC 17025 certified and cost associated

    I do not know who can and how much it is to become certified 

    Please note that the correct term is accredited, not certified; as it involves formal recognition of competence.

    The process involves implementation of ISO/IEC 17025:2017 by establishing systems, processes and documentation; followed by evidence of implementation and maintenance in order to apply for accreditation.

    Accreditation involves contacting your national accreditation body or selecting one if you have a choice; application and then a competency assessment. The costs will depend on the accreditation body. You will need to request a quotation. In awarding accreditation, the accreditation body attests to your laboratory’s competence to provide consistently valid results through meet the requirements of 17025. An accreditation certificate, which details your scope of accreditation is then issued.

    how often we will need to be re-certified.

    There is an accreditation cycle of 4 to 5 years, with a number of followup assessments. The first is 6 to 12 months after initial accreditation is awarded. At the end of the cycle, a full re-assessment is made again (as if you were applying for the first time).

    Have a look at our free webinar on demand - What are the steps in the ISO 17025 accreditation process? It includes explanation of the application process, and the accreditation cycle, and is available at https://advisera.com/17025academy/webinar/what-are-the-steps-in-the-iso-17025-accreditation-process-free-webinar-on-demand/ 

  • EMS for wastewater treatment

    If you have a wastewater treatment that is operating effectively and complying with legislation and permits then develop an environment management system should be relatively straightforward.

    Start with a self-assessment compliance checklist to list the initial gaps between ISO 14001:2015 requirements and your organization’s current environmental practices and performance. As long as you have top management support, any sound environmental management system starts with a clear identification of environmental aspects and impacts and its evaluation, and with an identification of any compliance obligations. Then, you have to plan your implementation project about how to improve environmental aspects situations and meet your environmental objectives aligned with an environmental policy. For a wastewater treatment plant that is operating effectively your organization may have already implemented procedures for operation and control, for monitoring performance, for communicating performance to relevant interested parties, for preventing and responding to emergency situations.

    Please check this information concerning specifically wastewater treatment:

    If you are in a hurry to implement your environmental management system, perhaps our ISO 14001:2015 Documentation Toolkit - https://advisera.com/14001academy/iso-14001-documentation-toolkit/ can be useful.

    Please check this information below relevant for implementing an environmental management system::
Page 376-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +