Search results

Home / Search

Category:
Select
Select

11272 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • ISO 9001 and calibration

    As far as I understand your situation and questions:

    • Your company was certified according to ISO 9001:2015.
    • Can your company internally calibrate a monitoring resource, use it to make measurements, and send the report of that measurements for the customer? Or should your company need a calibration lab?

    Your company can calibrate monitoring resources internally and use those monitoring resources to make measurements and issue reports for customers. However, to perform that calibration your company must use measurement standards. Those measurement standards must be calibrated against measurement standards traceable to international or national measurement standards. Normally, that traceability requirement makes mandatory to calibrate measurements standards at a calibration lab.

    You can find more information about calibration below:

  • NIST framework

    I'd suggest you t take a look at ISO 27004 (https://www.iso.org/standard/64120.html), a supporting standard that provides guidelines to help organizations in evaluating the performance and the effectiveness of an ISMS.

    These articles will provide you a further explanation about performance evaluation:

  • Procedure for determining context of the organization

    Yes, the procedure for determining the context of the organization is not mandatory. Please, check this article - List of mandatory documents required by ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/

    The following material will provide you information about the context of a quality management system:

  • Processes in Risk assessment vs. business impact analysis article

    We do not know your local regulations, but for example, as a customer, it would be unacceptable not being able to perform payments for more than 12 hours (and most probably there may be some sort of law or regulation for the banking industry defining fines for such a failure).

  • General Information Security Policy

    Previously, with ISO 27001: 2005, I used the general information security policy and right there I defined the scope and assembled it in a policy manual, separating the security policy, today I see that it is necessary to do an ISMS scope, which I have no doubt if it should be three documents, General Information Security Policy, Policy Manual (A whole set) and the scope of the ISMS separately.

    ISO 27001 (even the previous 2005 version) does not prescribe how to document the Information Security Policy, the ISMS scope, and other developed policies, so organizations are free to document them in a single or separate document as best fit their needs.

    Regarding policies, our recommendation is that these are documented as separate documents, because the information security policy is a high-level policy, while other policies are more specific, and developing them as a single document would only create a document too big and too complex to read and manage.

    These articles will provide you a further explanation about developing policies:

    These materials will also help you regarding developing policies:

  • LGPD and ISO 27001 conformity

    First of all, thanks for the compliment to our material.

    With regards to the material on LGPD and ISO 27001, I suggest that you seek the Brazilian version of the ISO 27701 standard, because the last annex of this standard makes a correlation between LGPD clauses and controls in Annex A of ISO 27001.

    This article will provide you a further explanation about ISO 27701:

  • LGPD e ISO 27001 conformidade

    Primeramente, obrigado pelo elogio ao nosso material.

    Com relação a material sobre LGPD e ISO 27001, eu sugiro que você busque a versão brasileira da norma ISO 27701, porque o último anexo desta norma faz uma correlação entre cláusulas da LGPD e controles do Anexo A da ISO 27001.

    Este artigo fornecerá mais explicações sobre a ISO 27701:

  • PSCR Audit

    As you know,  PSCR means is Product Safety & Conformity Representative. 

    Every organization within the automotive supply chain is obliged to ensure the safety and conformity of its products. To this end, in the respective countries and regions, current legal statutes on product integrity must be observed, also the justifiable safety expectations of the public must be fulfilled. With products conspicuously “ unsafe “ in the market, or whose conformity to legal requirements is questionable, those responsible are obliged to initiate the necessary actions. In order to be aware of and to understand the many demands addressed to a product safety representative, comprehensive information and qualification are necessary. 

    The central topics of product integrity are explored, and competence as product safety representative is developed in the scope of these five modules including integrity tasks in the product life cycle, delegation guidelines, and non-conformity management. Therefore, the following topics are important issues for PSCR audit.

    • The product safety requirements and critical parameters are in product drawings, technical specifications, Design, and Process FMEA’s.
    • The legal requirement for products for safety regulation.
    • Product special characteristics, monitoring methods, and results of critical parameters. 
    • If there is a problem related to product safety issues, the escalation process, respond to immediate and corrective actions.
    • Product-related errors, complaints from the field or OEM Customer or Tier n customer, corrective actions, and lessons learned.
    • Comparison and benchmark analysis of nonconformance products in similar products produced by competitors.Organization training for product and product safety topics.
    • Product Financial Liability, Insurance Policies for re-calls.  

    For more information, please see the following article:

    • Ensuring product safety according to IAT 16949 

      https://advisera.com/16949academy/blog/2017/09/20/ensuring-product-safety-according-to-iatf-16949/

    • Document coding system

      A coding system in our toolkit is just a suggestion. It means that you can use your own system however it suits you and how you feel you and your employees will do better. It is just necessary to ensure that current revision status of and changes to documentation are identified; that relevant versions of applicable documents are available at the point of use, and to that documents remain legible and readily identifiable. 

      If you would like to differentiate stated documents and records, you can use the system from your previous company. So, you can code your documents with SOP, WI, FORM, and REP and just add a number, or you can also add a department code. Here are some examples:

      SOP-01 can be procedure for Document management, SOP-02 can be Internal audit procedure.SOP-Q-01 can be code for the first standard operating procedure for Quality department; SOP-SAL-01 can be first standard operating procedure in the Sales department.  

      This is only the suggestion. 

      For more details please see the following article:

Page 391-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +