Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11272 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Context of organization - culture, beliefs, values, or principles
Clause 4.1 of ISO 9001:2015 mentions internal and external issues. Culture, beliefs, values, or principles inside the organization are internal issues. For example, different organizations have different risk aversion cultures. For example different organizations have different beliefs concerning short and long term investment.
The following material will provide you information about the context of a management system:
- How to identify the context of the organization in ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/how-to-identify-the-context-of-the-organization-in-iso-90012015/
- How to Align Company Culture with ISO 9001 - https://advisera.com/9001academy/blog/2014/10/14/align-company-culture-iso-9001/
- Free webinar - ISO 9001:2015 clause 4 - Context of the organization, interested parties, and scope - https://advisera.com/9001academy/webinar/iso-90012015-clause-4-context-of-the-organization-interested-parties-and-scope-free-webinar-on-demand/
- Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- Book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
-
Process approach auditing
how to use the approach with top management and some support functions
I use the process approach in my audits for many years. However, when auditing top management, I mix the process approach with the clause approach. For example: management review, quality policy and objectives, risks and opportunities, context and interested parties, monitoring, and evaluation.
Am on the right thought path with "the process style" of auditing?
Yes, I believe you are, based on your description.
what clauses are most useful to audit against for different types of processes?
Let me show you the turtle diagram:
You can audit a process and consider one or more ISO 9001:2015 clause(s) relevant from section 8. But for any process, you can use the turtle diagram and list several other clauses that you can audit:
You can find more information about auditing below:
- Article - ISO 9001 Audit checklist: https://advisera.com/9001academy/knowledgebase/iso-9001-audit-checklist/
- Article - How to create a checklist for an ISO 9001 internal audit for your QMS: https://advisera.com/9001academy/blog/2016/07/12/how-to-create-a-check-list-for-an-iso-9001-internal-audit-for-your-qms/
- Free webinar on demand - How to perform an ISO 9001:2015 internal audit - https://advisera.com/9001academy/webinar/how-to-perform-an-iso-9001-2015-internal-audit-free-webinar-on-demand/ (includes a slide about developing checklist questions)
- ISO 9001:2015 Internal Auditor Course: https://advisera.com/training/iso-9001-internal-auditor-course/
- Book - ISO internal audit: A plain English guide: https://advisera.com/books/iso-internal-audit-plain-english-guide/
-
ISO 14001 controls
An environmental management system based on ISO 14001 is based on the assessment of how an organization interacts with the environment. Those interactions are called environmental aspects. Each environmental aspect has consequences for the environment – environmental impacts. Organizations should assess and evaluate environmental aspects and impacts and determine action plans to improve or control environmental performance.
Please consider these sources of information:- Article - 4 steps in identification and evaluation of environmental aspects - https://advisera.com/14001academy/knowledgebase/4-steps-in-identification-and-evaluation-of-environmental-aspects/
- Article - Environmental aspect identification and classification - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/environmental-aspect-identification-and-classification/
- Free webinar - ISO 14001: Identification and evaluation of environmental aspects - https://advisera.com/14001academy/webinar/iso-14001-identification-and-evaluation-of-environmental-aspects-free-webinar-on-demand/
- Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
- Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/
-
ISO 14001 and recycling
If your organization currently recycles and switches to non-recycling that means going against the commitments in clause 5.2 of ISO 14001:2015, namely entries:
- c) – commitment to prevent pollution,
- d) – commitment to fulfill compliance obligations, and
- e) – commitment to continual improvement.
You can find more information about ISO 14001 below:
- How ISO 14001 can improve recycling performance - https://advisera.com/14001academy/blog/2019/03/27/how-iso-14001-can-improve-recycling-performance/
- Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
- Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/
-
07.7 - Data Subject Disclosure Form
Yes, Document 07.7 is for disclosing information to data subjects.
You can find help in setting the process with the EU GDPR Data Subject Access Request Flowchart https://info.advisera.com/hubfs/EUGRPRAcademy/EUGDPRFreeDownloads/EU_GDPR_Data_Subject_Access_Request_Flowchart_EN.pdf
You can have more information about how to manage Data Subjects right here:Four main questions for obtaining and managing data subjects’ consent under GDPR: https://advisera.com/eugdpracademy/knowledgebase/four-main-questions-for-obtaining-and-managing-data-subjects-consent-under-gdpr/
You may also consider enrolling in this online EU GDPR Foundations Course:EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//
-
Need for ISO 14001 implementation
Please consider this article - 6 Key Benefits of ISO 14001 - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/6-key-benefits-of-iso-14001/ Without knowing your organization I might guess that image and credibility among potential clients/consumers and neighborhood, and a more systematic approach to legal and regulatory environmental compliance can be the most important benefits.
You can find more information about ISO 14001 below:
- Disadvantages of ISO 14001, and how to overcome them - https://advisera.com/14001academy/blog/2019/09/23/iso-14001-disadvantages-in-depth-analysis-and-solutions/ - these may be some of the arguments against that you will hear and how to overcome them
- Free webinar - Free webinar - ISO 14001: Identification and evaluation of environmental aspects - https://advisera.com/14001academy/webinar/iso-14001-identification-and-evaluation-of-environmental-aspects-free-webinar-on-demand/
- Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
- Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/
-
Timeframe of the monitoring of environmental aspects.
If you want to measure performance you need a benchmark, something that can evidence the impact of the EMS. For example:
The purpose of the EMS is not to take a “picture” at a certain moment but to promote environmental improvement. So, if you start with 2020 data you will have to wait for 2021 to evidence improvements.
You can find more information about ISO 14001 below:
- Environmental performance evaluation - https://advisera.com/14001academy/blog/2015/07/06/environmental-performance-evaluation/
- How to perform communication related to the EMS - https://advisera.com/14001academy/blog/2015/08/31/how-to-perform-communication-related-to-the-ems/
- Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
- Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/
-
Mandatory requirement for "effective date"
No, there is no mandatory requirement to mention "effective date" in any specific forms or procedures along with the form number and revision. ISO 9001:2015 clause 7.5.2 mentions date as an example, not a mandatory requirement.
Although it is not mandatory it is commonly used in procedures and work instructions, not so common in forms.
The following material will provide you more information about document control:
- How to structure quality management system documentation - https://advisera.com/9001academy/knowledgebase/how-to-structure-quality-management-system-documentation/
- New approach to document and record control in ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/
- Some tips to make Document Control more useful for your QMS - https://advisera.com/9001academy/blog/2014/05/20/tips-make-document-control-useful-qms/
- Free online training ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- Book - Managing ISO Documentation: A Plain English Guide - https://advisera.com/books/managing-iso-documentation-plain-english-guide/
-
Statutory & regulatory requirements
Some organizations provide products or services that need to comply with statutory & regulatory requirements. For example, an organization manufactures a product like curbs for public roads that need to comply with international standards and regulatory requirements to be able to enter in European markets with the CE mark. For example, an organization manufactures textiles for a group of brands that require that suppliers abide by some commitments concerning child labor, sexual harassment and sexual discrimination. These organizations need to know what the statutory & regulatory requirements are, need to surveille any changes, new or updated requirements, need to translate those new or updated requirements into quality management system requirements.
The following material will provide you more information about statutory & regulatory requirements:
- What does “external documents control” mean in ISO 9001? - https://advisera.com/9001academy/blog/2019/02/04/what-does-external-documents-control-mean-in-iso-9001/
- How to include statutory and regulatory requirements in your QMS - https://advisera.com/9001academy/blog/2017/02/14/how-to-include-statutory-and-regulatory-requirements-in-your-qms/
- Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
-
SOA controls
1. What happens in the case where we realize that some SOA controls that were marked as N/A during last years audit could actually be applicable...
If you think that one or more controls, previously stated as non-applicable, now may be applicable you have to:
- review the risk assessment and treatment and the list of legal requirements, and update those that will provide the basis by which you will justify the now applicable controls
- update the SoA to reflect the new status (i.e., state the related controls as applicable and provide justification for their applicability), and have it approved by top management
- update the risk treatment plan considering these new applicable controls
- implement the controls, and gather evidence that the new applicable controls are working and achieving defined objectives.
Basically, you have to perform the risk assessment and treatment again.
For further information, see:
- ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
2. What impact will it have on our surveillance audit?
When the SoA is changed, you need to inform the certification body about the changes made, so it can verify if the surveillance audit needs adjustment, either in duration or in the number of required auditors, due to the change in the number of applicable controls. You need to communicate this as soon as possible.
3. Would we need to recertify before going for the surveillance audit?
There is no need for re-certification in case of changes in the SoA. During the surveillance audit, the certification auditor will verify if the change had or had not negatively impacted your ISMS, and provide his conclusions in the audit report, and related non-conformities if necessary.