Search results

ISO 9001 & IATF 16949 management review meetings

I have no experience of working with IATF 16949 but I have experience of management review meetings for integrated quality and environmental management systems. I recommend you put side by side clause 9.3 of both standards. For example, with a yellow color highlight topics that are specific of ISO 9001, with a green color highlight topics that are specific of IATF 16949, with an orange color highlight topics that are common to both standards. Now, considering your particular organization, draw a logical path to treat each topic from each of the above groups in one or more meetings. When one meeting alone is impossible or ineffective, I recommend one meeting to look into the past performance, context and risks, and another to look into the future and determine objectives and make decisions.

You can find more information about management review in the following links:

- How to make Management Review more useful in the QMS - https://advisera.com/9001academy/blog/2014/01/21/make-management-review-useful-qms/
- How to Make Management Review More Practical - https://advisera.com/9001academy/blog/2013/12/10/make-management-review-practical/
- Free webinar – How to perform management review according to ISO 9001:2015 - https://advisera.com/9001academy/webinar/how-to-perform-management-review-according-to-iso-9001-2015-free-webinar-on-demand/
- ISO 9001 document template: Procedure for Management Review - https://advisera.com/9001academy/documentation/procedure-management-review/
- Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
 

ISO 45001 and calibration of equipment

In clause 9.1.1 when ISO 45001 discusses the general requirements for monitoring, measurement, analysis and performance evaluation, they make the statement that “the organization shall ensure that monitoring and measurement equipment is calibrated or verified as applicable, and is used and maintained as appropriate.”. This has to do with all measuring equipment for the determined OH&S monitoring and measurement.

For more information on monitoring and measurement in the OHSMS, see that article: How monitoring, measuring, evaluation, and analysis in DIS/ISO 45001 works, https://advisera.com/45001academy/blog/2016/03/09/how-monitoring-measuring-evaluation-and-analysis-in-disiso-45001-works/

Determining priority

It's SLA that defines priority. But,it's not always the case that users (meaning end-users of the service) are aware of the SLA content. So, they should determnine priority while opening an incident and Service Desk should correct it (according to SLA), if needed.

Here are some more details about prioritization: All about Incident Classification https://advisera.com/20000academy/knowledgebase/incident-classification/

Quality Manger and Head of Department

To answer your question, let’s look at what ISO 17025 requires and the intent behind the requirement. A laboratory needs to actively identify and act on opportunities for improvement in order to increase the effectiveness of the management system, its activities, service to customers and the consistent validity of results. The drive for improvement should be integrated with existing management system activities such as trend analysis of primary quality indicators to support policies, internal and external quality control; as well as the review of processes, customer satisfaction, internal audit results, documents and records, corrective actions and risk assessments.

To address the need for improvement effectively, a laboratory should

1. Establish measurable quality objectives (targets)  which are aligned to the strategic direction and policies of the laboratory or organisation. Examples are a) to achieve a 90% percentage customer satisfaction based on the annual survey (minimum 60% response required) and b) to achieve a turnaround time (time from sample submission to reporting) of not more than 3 days, 90% of the time.
2. Monitor activities that support the strategic direction, policies and quality objectives of the laboratory. Examples are Proficiency testing performance over time; changes in customer satisfaction.
3. Create a mechanism to identify opportunities for improvement, for example by applying the PDCA (Plan-Do-Check-Act) Cycle for each activity 
4. Use an Registry of Key Risks and Opportunities to: 
    a) list proposed opportunities for improvement
    b) perform and record a risk-to-benefit measurement (matrix) to determine the best or most suitable opportunities
        to act on
    c) choose appropriate actions to be taken, and review the progress.
   
   

The following articles will provide more guidance:

• Maintaining and improving quality management in laboratories according to ISO 17025:2017 https://advisera.com/17025academy/blog/2019/08/30/iso-17025-maintenance-and-improvement-in-laboratories//
• Five-step laboratory risk management according to ISO 17025:2017 https://advisera.com/17025academy/blog/2019/12/05/iso-17025-risk-management-in-five-steps/
• Plan-Do-Check-Act in the ISO 9001 Standard, also applicable to ISO 17025 https://advisera.com/9001academy/knowledgebase/plan-do-check-act-in-the-iso-9001-standard/

The relevant ISO 17025 document templates and their related documents are available stand-alone, or part of the toolkit :

• Addressing Risks and Opportunities Procedure https://advisera.com/17025academy/documentation/addressing-risks-and-opportunities-procedure/
• Management Review Procedure https://advisera.com/17025academy/documentation/management-review-procedure/

ISO 13485 & EU MDR Integrated Documentation Toolkit

In my opinion, our ISO 13485 & EU MDR Integrated Documentation Toolkit is beneficial when compared to CEN/TR 17223 because in it we have already prepared procedures and templates for all documented requirements from the MDR 2017/745. We have focused on the general obligations of the manufacturer (Article 10) and the conformity assessment requirements (Annexes IX and XI), the same as in CEN/TR 17223. 

For the preview on the toolkit, please use the following link: 

ISO 13485 & MDR Integrated Documentation Toolkit https://advisera.com/13485academy/iso-13485-eu-mdr-documentation-toolkit/

State of validation

We just yesterday have published new version of our Toolkit for ISO 13485:2016 where documentation for risk assesment is in accordance with the new ISO 14971:2019. 

On this link you can see the preview of documents in our toolkit ISO 13485 & MDR Integrated Documentation Toolkit. In this toolkit, risk assesment is prepared according to the ISO 14971:2019. You can check by yourself how does documents from risk assesment are adaot to ISO 14971:2019: https://advisera.com/13485academy/iso-13485-eu-mdr-documentation-toolkit/

 List of notified bodies that are that are in compliance with Medica device regulation (MDR 2017/745) are on the following link: https://ec.europa.eu/growth/tools-databases/nando/index.cfm?fuseaction=directive.notifiedbody&dir_id=34

You can send us questions for anything you do not understand and we will answer. Also you can schedule a phone call with our expert.

Article 12 (3) general data protection

I would like to inquire the reasons why a time extension is required so that I can have access to my information for 3 months. I requested to view my records as a matter of urgency and understood this would take a month. Now it will take until 17th May 2020. Thank you for your help

You should not wait for three months unless the data controller explained the reasons for such a time frame.

In fact, the GDPR in the preamble at paragraph 59 states that: "The controller should be obliged to respond to requests from the data subject without undue delay and at the latest within one month and to give reasons where the controller does not intend to comply with any such requests."

The regulation requires that the rights of access and/or erasure must be guaranteed "without undue delay", which means as soon as possible and at the least within one month.

You can find more information here:

Article 15 GDPR: https://advisera.com/eugdpracademy/gdpr/right-of-access-by-the-data-subject/

Everything you need to know about the GDPR Privacy Notice: https://advisera.com/articles/gdpr-privacy-notice-6-key-elements-to-include/

This course can also be of help:

EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

ISO 13485 planning related query

Yes, you can do this records now, but please implement also PQ (performance qualification).

For more detailes how to manage process validation in the medical device manufacturing industry, please read article in the following link: https://advisera.com/13485academy/blog/2017/09/07/using-iso-13485-to-manage-process-validation-in-the-medical-device-manufacturing-industry/

ISMS performance indicators

I am looking for some references to prepare a document where it will be used as a guide for managing performance indicators, but with an information security bias. They would be indicators for:
Availability: links, servers, services, etc ...
Confidentiality: Theft, Fraud, etc ...
Integrity: Bkp, viruses, etc ...

If you have material that can support me in the creation of this standard, thank you, also if you have more practical examples of these indicators it helps a lot.

To build information security indicators I suggest you to see these materials:

• Key performance indicators for an ISO 27001 ISMS https://advisera.com/27001academy/blog/2016/02/01/key-performance-indicators-for-an-iso-27001-isms/
• Measurement Report https://advisera.com/27001academy/documentation/measurement-report/

These articles will also help you:

• How to perform monitoring and measurement in ISO 27001 https://advisera.com/27001academy/blog/2015/06/08/how-to-perform-monitoring-and-measurement-in-iso-27001/
• ISO 27001 control objectives – Why are they important? https://advisera.com/27001academy/blog/2012/04/10/iso-27001-control-objectives-why-are-they-important/

Business Continuity Plan for ISO 27001

ISO 27001 aspects on business continuity process (section A.17 from ISO 27001 Annex A) are related to ensuring the availability of information and information systems during either crisis or disaster situations, so a full Business Continuity Plan is not mandatory for this standard, and you will only need the DRP template included in your toolkit.

This article will provide you a further explanation about DRP and BCP:

• Disaster recovery vs Business continuity https://advisera.com/27001academy/blog/2010/11/04/disaster-recovery-vs-business-continuity/