Search results

Home / Search

Category:
Select
Select

11270 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Quality audit steps

    Describe the steps in conducting a quality audit, key inputs, activities and outcomes in each step..??

  • Clause 7.5.3.2 external documents

    The answer to that question will depend on each organization. The most common external documents are standards, legislation and regulation.

    Please check this article that develops the theme more profoundly - What does “external documents control” mean in ISO 9001? - https://advisera.com/9001academy/blog/2019/02/04/what-does-external-documents-control-mean-in-iso-9001/

  • Process mapping VS Process flow chart

    Let me start with the management system definition according to ISO 9000:2015. Something like, a system to establish a policy, translate it into a set of objectives and work to meet them.

    https://www.screencast.com/users/ccruz5284/folders/Default/media/cd27823f-f5c2-40a3-8f31-5c9b17abdd25 

    ISO 9001:2015 promotes the use of the process approach. Consistent and predictable results are achieved more effectively and efficiently when everyday activities are seen and managed as interrelated processes that work as a coherent system.

    So, if you open that black box called “System” you will see a set of interrelated processes:

    https://www.screencast.com/users/ccruz5284/folders/Default/media/15ce1149-a13a-4b15-ae5d-3d47f3770c2b 

    In our webinar - Free webinar – The Process Approach - What it is, why it is important, and how to do it - https://advisera.com/9001academy/webinar/iso-9001-process-approach-free-webinar-on-demand/ - we use this example for process mapping:

    https://www.screencast.com/users/ccruz5284/folders/Default/media/682a30fb-ab44-4b94-9d5e-a5947da139a7 

    Process mapping is about designing a model of how an organization works as a set of interrelated processes.

    Now, you want to zoom each process and see how work is actually done. So, for each process you design a flow chart. In the same webinar, we use the following example:

    https://www.screencast.com/users/ccruz5284/folders/Default/media/f3c7f757-6356-4d5b-83e4-bcec5c23d474 

    While process mapping is about the flow inter-processes, flowcharting is about the flow intra-process.

    You can find more information below:

     

  • Supplier classification

    What does your organization expect from a supplier?

    Do they comply with quality? Do they deliver on time? These are topics relevant for all kinds of suppliers.

    What about their price? These are topics relevant if your organization competes on price.

    Are they flexible enough? Do they allow small quantities and variety? These are topics relevant if your organization expects service.

    Do they deliver innovation or design? Are they fast with novelties? These are topics relevant if your organization expects premium offers.

    You can use an evaluation based on the opinion of those that contact with suppliers, or another based on more objective criteria like number of occurrences per number of orders.

    You can get much more information in the following links:

  • Retention of documented information

    According to ISO 9001:2015 there is mandatory documents or records concerning clause 8.4.2. I recommend organizations to have a plan about how to control subcontractors, and products or services received from suppliers. I also recommend organizations to keep records that evidence control of subcontractors and suppliers.

    You can find more information below:

  • IT Resilience Requirements

    The best way to make IT Resilience Requirements for IT and for Projects comprehensive would be to base it on a risk assessment and risk treatment process because this way it would cover the aspects that may disrupt IT and project activities.

    To see how a risk assessment and risk treatment looks like, please see the free demo of our ISO 27001/ISO 22301 Risk Assessment Toolkit at this link: https://advisera.com/27001academy/iso-27001-22301-risk-assessment-toolkit/

    This article will provide you a further explanation about risk assessment:

    This material will provide you a further explanation about risk assessment:

  • ISO 9001 doubts

    1. Please explain what is contingency action as per 8.2.1?

    Answer:

    A contingent action is an action from a contingency plan. A contingency plan helps an organization respond effectively to an important event that can be foreseen. For example, supply a customer by air freight when goods cannot be delivered by normal truck due to a severe storm.

    2. Please explain "Organization can meet the claims for Products & services it offered" as per 8.2.2

    Answer:

    Clause 8.2.2 a) is about specifications. They are written.

    Clause 8.2.2 b) is about allegations. For example, claiming “with our product you will reduce your energy consumption by 25%”. Claims that depend not only of the product or service per se but also from the customer’s context.

    3. Design engineer can perform Internal Audit of Design Department in same organization.? I think it's a violation of 9.2.2 (c). Please confirm.

    Answer:

    Yes, it is.

    4. Customer satisfaction to be monitored as per 9.1.2. No Documented information to be retained. Is it so.?

    Answer:

    There is no mandatory record to be kept according to ISO 9001:2015. As a good practice I recommend organizations to keep it.

    5. I couldn't find 'preventive action' word. Is it removed from current version.? Please confirm.

    Answer:

    Yes, it was removed from ISO 9001:2015. In a certain way it is included, without the wording, in the risk based approach.

    6. What does mean by "Organization shall ensure"....? I think documented information to be maintained whenever require but if only above statement is mentioned then no requirement of maintaining the documented information. Is it correct?

    Answer:

    “Shall” means it is a requirement.

    When we read “shall maintain documented information” it means there must be a document. “Maintain” is the key word.

    When we read “shall retain documented information” it means there must be a record. “Retain” is the key word.

    You can find more information below:

  • Postponing Management Review

    According to the ISO 13485:2016 requirement 5.6.1 Management review General, is stated that Top management must review management system at documented planned intervals to ensure that the system is stable, adequate and efficient. Therefore, if your planned interval is one year, and usually it is done in May, than you should do it in May. If you had shorter interval of doing the management review, then it would be acceptable to postpone it, but since one year is a very long period of time, it is not advisable to postpone it.

    For more information How to perform management review according to ISO 13485, please read an article on the following link: 

    https://advisera.com/13485academy/blog/2017/11/09/how-to-perform-management-review-according-to-iso-13485/

  • The travel agencies services for the employees of other company

    Your company is the data controller of your employees’ data because your company determines the purposes and means of data processing (Which data? Transferred to whom? Why? What security measures have been taken?).In fact, according to Article 4 GDPR, the data controller is “the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data” while the data processor “processes personal data on behalf of the controller”.Therefore, your company selects the winning travel agency and transfers employees’ data, while the travel agency will process those data on your behalf by organizing the travels for your employees.

    Here you can find some useful information:EU GDPR controller vs. processor – What are the differences? https://advisera.com/eugdpracademy/knowledgebase/eu-gdpr-controller-vs-processor-what-are-the-differences/

    In case of need, here you can find our template of data processor agreement for suppliers:Supplier Data Processing Agreement https://advisera.com/eugdpracademy/documentation/supplier-data-processing-agreement/

    You can also consider enrolling in this free online training EU GDPR Foundations course: https://advisera.com/training/eu-gdpr-foundations-course// 

  • Class II device packaging services, CE mark

    I work for a contract packaging house that is ISO13485:2016. I have a customer that has a Class II device they would like to package with us. They will be getting the item certified to EU standards to get the CE mark for it. The question I have is, does our 13485 ISO cert cover us to support the customer on this? Since we do not hold the 510k, but would be a part of the supply chain, is any additional certification needed for us to primary and secondarily package this Class II item?
Page 405-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +