Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • How to become GDPR compliant?

    There are plenty of solutions on the market that allow you to build email marketing, pop up, and online booking services. You should discuss it with your web designer. You need to remember to describe the process in your privacy notice, ask for consent from the client in order to send newsletters and publish terms and conditions on your website.

    The GDPR allows the data controller to establish the right place where to store data: his internal servers, in the cloud, purchasing hosting space, and so on. You need to verify your service provider's compliance.

    You can find more information in the following articles:

    You can also consider enrolling in this free online training EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

  • GDPR compliance

    Personal information under GDPR includes addresses, so if you want to show your work on your website you can ask consent to the client by inserting a clause in the agreement. Otherwise, you can insert the town where the work has been realized without any personal information about the client. In this case, the project will be anonymous and it will not be any more under GDPR prescription because Paragraph 26 in the Preamble states: “The principles of data protection should therefore not apply to anonymous information, namely information which does not relate to an identified or identifiable natural person or to personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable. This Regulation does not, therefore, concern the processing of such anonymous information, including for statistical or research purposes.”

    You can also consider enrolling in this free online training EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

  • IATF 16949 Certification

    I work in a company certified for ISO9001. Now we want to get also automotive customers so it is necessary to be certified for IATF. My question is: is it possible to get IATF if we do not have any automotive customers?

    For companies that have not yet automotive customers but who wants to receive an IATF 16949: 2016 certificate, IATF rules revision 5 offers the option of obtaining the letter of conformance.

    According to IATF Rules revision 5; the purpose of the letter of conformance is to confirm that processes exist that satisfy the requirements of IATF 16949 and these "Rules" and where the client is not able to achieve IATF 16949 certification because of:

    a new site without twelve (12) months of internal or external performance data for the automotive production and/ or service parts in the scope of certification.an existing site that can demonstrate it is on an active bid list fora customer requiring IATF 16949 certification or compliance.

    Also, how to prove all requirements specific for automotive if we do not have it?

    In any case, you should comply with all articles of the IATF 16949: 2016 standard. However, if you are not designing products, your scope will be excluded from product design input and product design output items. Also, if you have no automotive customer-specific requirements; you can determine the main issues and get approval from your customer. The main issues are briefly including PPAP, core tools, process capability requirements, special characteristics definition, record-keeping conditions, etc.

    Here you will find all the templates for automotive QMS implementation:

  • IATF 16949 Documentation Toolkit https://advisera.com/16949academy/iatf-16949-2016-documentation-toolkit/

     

     

  • Cumplimiento de requisitos

    Para demostrar las responsabilidad de la alta dirección debería presentar las siguientes evidencias para cumplir con los requisitos de la norma:

    - Demostrar liderazgo y compromiso con respecto al enfoque al cliente: la alta dirección debe conocer las necesidades y expectativas del cliente, los requisitos legales y reglamentarios y los riesgos y oportunidades que pueden afectar la conformidad de los productos y servicios de la organización. Ejemplos: registros de actas de reunión que incluyen información de quién estuvo presente, qué se discutió y cuáles fueron los temas tratados. 

    - Establecer, implementar y mantener una política de calidad: la alta dirección debe establecer una  política coherente con la misión, visión y valores, que integre los procesos relevantes de la organización, la estrategia de la organización y sus objetivos de calidad. Ejemplos: participar activamente en el establecimiento de la política y los objetivos de calidad.

    - Asignar responsabilidades y autoridades a los roles relevantes dentro de la organización: la alta dirección debe asignar las responsabilidades sobre los diferentes procesos y proyectos y evaluar la competencia de dichos roles. Ejemplos: Tener documentos y registros para demostrar que los roles, responsabilidades y autoridades están definidos.

    - Asegurar que el SGC sea adecuado para el contexto de la organización y coherente con la dirección estratégica de la organización. Ejemplos: Participar activamente en la revisión del contexto del SGC de la organización, demostrándolo con actas de reunión en las que se lleve a cabo un análisis FODA; contar con una lista de acciones para enfrentar los riesgos y oportunidades.

    Para más información sobre cómo demostrar que la alta dirección cumple con los requisitos de ISO 9001:2015, vea los siguientes materiales: 

    - ISO 9001 top management audir: how to perform it successfully: https://advisera.com/9001academy/blog/2019/05/15/iso-9001-top-management-audit-how-to-perform-it-successfully/

    - Libro - Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

    - Curso gratuito en línea - Curso de fundamentos de la norma ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/

  • Denial of Service Attack

    The main assets you must consider as affected by a Denial of Service Attack are the information you need to access through the systems under attack (not necessarily documents). 

    For example:

    - if the attacked system is an e-commerce website, among other information, the information it provides about products on sale are affected (customers won't know what to buy)
    - if the attacked system is an internal financial system, the information about invoices are affected (you cannot charge customers or pay suppliers)
    - if the attacked system is your file server, then, in this case, your documents are affected

    This article will provide you a further explanation about DDoS:
    - Can ISO 27001 help your organization in a DDoS attack? https://advisera.com/27001academy/blog/2017/12/04/can-iso-27001-help-your-organization-in-a-ddos-attack/

  • Retention time of documents

    As long as there are no legal requirements, and as long as there are no customer requirements, for example on contracts, organizations are free to determine the retention time for their records.

    Normally, in these cases, I advise keeping records for 3 or 4 years, to assure that records generated during a certification cycle will be available.

    The following material will provide you information about retaining records:

  • Questions to ask during ISO 14001 audit

    About auditing HR you can focus your attention on competence requirements for employees:

    • Are competence requirements defined?
    • Are competence gaps determined?
    • Are actions to close those gaps defined?
    • Are those actions implemented?
    • Is the effectiveness of those actions evaluated?

    About the other departments, use the list of environmental aspects as the basis for developing your checklist:

    • What significant environmental aspects were determined for each department?
    • What kind of actions were defined to control operations, or to improve prevention and response to emergency situations?
    • What kind of monitoring is being followed?
    • Any nonconformities? How were they treated?

    You can find more information below:

  • CARs

    You say you document a lot of CARs, sometimes for small things. Perhaps your organization is confusing the development of corrections with the development of corrective actions. The development of actions to eliminate nonconformities, with the development of actions to eliminate the cause(s) of nonconformities.

    Whenever a nonconformity occurs an organization must correct the situation:

    https://www.screencast.com/users/ccruz5284/folders/Default/media/72e0c8d5-12cc-4ec4-a6ed-662a460eb3e9 

    The timer in the figure means that normally this must be done as quick as possible, to avoid unintended use.

    What happens can be described as below:

    https://www.screencast.com/users/ccruz5284/folders/Default/media/0257e9b3-4df8-4d4f-bf29-2e24fa4a2cba 

    An organization has a standard way of working and operates according to that standard. Then quality is check. If everything is OK the circle is closed and the organization decides to continue to use the standard. If a nonconformity is found the organization has to correct the situation and ask: Can we still trust in our standard or should we improve it? If the decision is: We need to improve the standard! The organization jumps from the cycle of control into the cycle of improvement:

    https://www.screencast.com/users/ccruz5284/folders/Default/media/42888aff-f383-4de6-ab4c-cd706e15cc33 

    A well-used CAR is only used when an organization decides that improvement is needed: An experiment has to be planned, performed and results check. If the results are positive, the decision is to make the change experimented become the new standard

    So, a CAR should not be used automatically to treat a nonconformity. A CAR should only be used when an improvement is needed.

  • Auditor certification requirements in ISO 14001

    Each organization has the authority to determine its competency requirements for its internal auditors. Normally, organizations consider that internal auditors should have knowledge of the audit criteria (ISO 14001:2015 in this case) and should have training in internal audits. You can even decide that an auditor has to study a book on audits or attend an online course and do an in-house exam. Internal auditor competence requirements can be established in a job description, for example.

    I would recommend training about ISO 14001:2015 and an internal audit course. As a plus I would recommend that you participate as auditor, making part of an audit team, in 2 or 3 internal audits. Attention, I don’t recommend that internal auditors perform global internal audits. Normally, they don’t have time and experience for that, I recommend splitting the scope of the quality management system into 3 or 4 audits along a year.

    You can find more information below:

  • FMEA:2019

    First of all, I should mention that there is no document named FMEA 2019. I guess you asked about the new FMEA, its full name is AIAG & VDA FMEA Handbook 1st Edition 2019. 

    The type of FMEA application is determined by the customer-specific requirement. If your automotive customer-specific requirement has stated that you should implement the new FMEA, then you shall be using this new FMEA application before the IATF 16949:2016 certification audit. If you do not have any customer-specific requirements regarding FMEA application, I recommend you apply the AIAG FMEA rev 4 manual due to this FMEA is already valid and useful. 

    For more information, please read the following article: 

  • What is FMEA, and how to apply it in IATF 16949 https://advisera.com/16949academy/blog/2017/09/06/what-is-fmea-and-how-to-apply-it-in-iatf-16949/
Page 401-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +