Search results

How to control data tape movement during COVID19

Once the decision is made by Top management, if it impacts BCP procedures or policies guidelines, then you have to document the exception, according to your procedure for documents and records control.

As a suggestion for the text, you should consider include this exception as a sub-clause in the main topic of your document, defining it the details about how to handle this situation. For example:

Clause x - Backup
Clause x.x - Backup procedure during a pandemic
In case of a pandemic, the backup procedure must be made as follows: <from this point you must include the procedure specific for this case>

Corrective actions

For every proposed corrective action the auditor must look for implementation evidence.

For example, if the proposed action is training, the auditor must look for certifications, attendance lists, or interview employees about the training topic. If the proposed action is a system update, the auditor must look for a change record or information about which is the most updated version of the system and verify if it is the same version in the system. If the proposed action is the installation of a CCTV system, the auditor must look for the installed cameras and see if they are operational.

This article will provide you further explanation about Corrective actions:

• Practical use of corrective actions for ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2013/12/09/practical-use-of-corrective-actions-for-iso-27001-and-iso-22301/

Quality audit

In the following diagram you can see the main steps of an audit and the outcomes of each step:

In the following diagram you can see the key inputs for any audit: the scope, the criteria and the objectives:

You can get much more information in the following links:

• Free webinar – How to perform an ISO 9001:2015 internal audit - https://advisera.com/9001academy/webinar/how-to-perform-an-iso-9001-2015-internal-audit-free-webinar-on-demand/
• Free online training ISO 9001:2015 Internal Auditor Course – https://advisera.com/training/iso-9001-internal-auditor-course/
• Book -  ISO Internal Audit: A Plain English Guide - https://advisera.com/books/iso-internal-audit-plain-english-guide/
   

Road map to ISO 9001

The first step that I recommend is to perform a Gap analysis, to determine the amount of work to be done.

With this information you can develop your project plan, listing what needs to be done, by whom, until when.

After implementation, perform an internal audit and the management review. There you can decide if your organization is ready for certification audit. You can check a much detailed checklist at - Checklist of ISO 9001 implementation & certification steps - https://advisera.com/9001academy/knowledgebase/checklist-of-iso-9001-implementation-certification-steps/

You can get much more detailed information in the following links:

• Should you use a gap analysis in your ISO 9001 implementation? - https://advisera.com/9001academy/17/use-gap-analysis-iso-9001-implementation/
• Free ISO 9001:2015 Gap Analysis Tool - https://advisera.com/9001academy/iso-9001-gap-analysis-tool/
• ISO 9001 Implementation Duration Calculator - https://advisera.com/9001academy/iso-9001-duration-calculator/
• How much does the ISO 9001 implementation cost? - https://advisera.com/9001academy/blog/2016/12/20/how-much-does-the-iso-9001-implementation-cost/
• ISO 9001 Implementation diagram - https://info.advisera.com/9001academy/free-download/iso-9001-implementation-diagram
• Project Plan for ISO 9001 implementation - https://info.advisera.com/9001academy/free-download/project-plan-for-iso-9001-implementation-ms-word
• Free webinar on demand – Overview of ISO 9001 implementation steps - https://advisera.com/9001academy/webinar/overview-of-iso-9001-implementation-steps-free-webinar-on-demand/
• Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

Lab processes

ISO 9001 is a standard for general use in any economic sector. For lab processes there is a more specific standard, ISO 17025.

ISO 17025 is the international standard for testing and calibration laboratories. ISO 17025 is more than about a quality management system it is also for demonstrating technical competency.

The following material will provide you information about ISO 17025:

• ISO 17025 vs. ISO 9001 – Main differences and similarities - https://advisera.com/17025academy/blog/2019/07/11/iso-17025-vs-iso-9001-main-differences-and-similarities//
• What is ISO 17025? - https://advisera.com/17025academy/what-is-iso-17025/
• ISO/IEC 17025 DOCUMENTATION - https://advisera.com/17025academy/

Implementacion de SGA

Lo primero y más importante es contar con el apoyo lo de la alta dirección, que es la que va a facilitar los recursos tanto de personal como económicos para poder llevar a cabo el proyecto de implementación.

Posteriormente le recomendaría que realice un análisis de brecha (o GAP, por sus siglas en inglés) que le ayudará a identificar aquellos requisitos con los que la organización aún no cumple. Aquí puede llevar a cabo el análisis de forma gratuita - Herramienta de análisis de brecha en ISO 14001: https://advisera.com/14001academy/es/herramienta-gap-analysis-iso-140012015/

Más tarde, debería de definir el alcance del Sistema de Gestión Ambiental, para lo cual le recomiendo que primeramente de las cuestiones internas y externas del contexto de la organización, ya que le puede ser de gran ayuda a la hora de saber cuáles van a ser los límites de su SGA. A continuación, puede determinar tanto la política de su SGA así como los objetivos del SGA. Aquí puede obtener más información de cómo definir el alcance de su SGA - How to determine the scope of the EMS according to ISO 14001:2015: https://advisera.com/14001academy/blog/2016/02/01/how-to-determine-the-scope-of-the-ems-according-to-iso-140012015/

Luego deberá de establecer todos los procesos relacionados con el sistema e implentarlos para finalmente realizar la auditoría interna y finalmente llevar a cabo la revisión por la dirección.

Estos materiales  pueden ayudarle a saber cuáles son los pasos en la implementación de ISO 14001:2015:

- Artículo: Lista de pasos para la implementación de la ISO 14001: https://advisera.com/14001academy/es/knowledgebase/lista-de-pasos-para-la-implementacion-de-la-iso-14001/

- Curso gratuito - Fundamentos de ISO 14001:2015:  https://advisera.com/training/es/course/curso-fundamentos-iso-14001/

- Libro - The ISO 14001:2015 companion: https://advisera.com/books/the-iso-14001-2015-companion/

Verifying corrective action implementation

Yes, both in internal and surveillance audits, auditors can verify that agreed corrective actions have been implemented and are effective. Actually, I consider that to be the best approach, close in an audit scenario what was opened in a audit scenario.

The following material will provide you information about internal auditors:

• ISO 9001 – ISO 9001 internal auditor training: Is it for me? - https://advisera.com/9001academy/blog/2015/06/02/iso-9001-internal-auditor-training-is-it-for-me/
• Free online training ISO 9001:2015 Internal Auditor Course – https://advisera.com/training/iso-9001-internal-auditor-course/
• Book -  ISO Internal Audit: A Plain English Guide - https://advisera.com/books/iso-internal-audit-plain-english-guide/
   

Data controller or data processor

According to article 4 GDPR, a data processor processes personal data on behalf of the data controller. With reference to the IT maintenance system, there has been an interpretation of the German Data Protection Authority (DPA) which considers “ data processing” also the occasional access to client’s data from the IT maintenance company. You should verify if your national DPA gave some definition of data processing. If not, it would be safer to adhere to the strict German interpretation in order to assure compliance and consider the IT company as a data processor.

This is the official statement of German DPA (in German): https://datenschutz-hamburg.de/assets/pdf/DSK_Kurzpapier_Nr_13_Auftragsverarbeitung.pdf

Here you can find some useful information:

You can also consider enrolling in our free EU GDPR Foundation course:

Preventive measures and Incident report

Incident report can be seen from various perspectives - it could mean report after a major incident or it could mean log of the incident resolution. Or maybe as report, e.g. at the end of the months with incident status and activities.

Here are a few links that can help:

How to measure Incident Management efficiency according to ITIL  https://advisera.com/20000academy/blog/2015/09/08/how-to-measure-incident-management-efficiency-according-to-itil/

Incident Record – you can’t live without it https://advisera.com/20000academy/blog/2014/07/01/incident-record-cant-live-without/

Major Incident Report https://advisera.com/20000academy/documentation/major-incident-report/

Problem management or Continual Service Improvement would be a good fit for Preventive maintenance activities.

These articles provide you with more details:

ITIL Reactive and Proactive Problem Management: Two sides of the same coin https://advisera.com/20000academy/knowledgebase/itil-reactive-proactive-problem-management-two-sides-coin/

ITIL and ISO 20000 Problem Management – Organizing for problem resolution https://advisera.com/20000academy/blog/2014/07/29/itil-iso-20000-problem-management-organizing-problem-resolution/

ITIL Continual Service Improvement – the never-ending story https://advisera.com/20000academy/blog/2013/04/09/itil-continual-service-improvement-never-ending-story/

ISO 9001:2015 versus ISO 13485:2016

ISO 9001:2015 requirements that have been discarded form ISO 13485:2016 are the context of the organization (4.1 Understanding the organization and its context) and interested parties (4.2 Understanding the needs and expectations of interested parties).