Search results

Quality in the automotive field

Safety is a priority and quality also should be a priority. Automotive companies follow the good practice of starting production with smaller orders and lower speed lines and increasing speed with learning and optimization in order to fine tune the whole production in order to minimize quality problems.

I remember working with wiring harnesses companies and I can testify their work in order to increase process and product capability and their work to improve supplier’s performance. Since then, I am a big fan of statistical process control - How to establish QMS Statistical Process Control according to IATF 16949 - https://advisera.com/16949academy/blog/2017/08/30/how-to-establish-qms-statistical-process-control-according-to-iatf-16949/

ISO 14001 and ISO 45001 certification process using Advisera Toolkits

The toolkits are designed to be modified by the company for your unique organizational needs, so adapting to different locations is not difficult to do. You have a couple of options from the information you provided:

1- You could have different management systems for the different locations, providing documentation with different information only as it applies to the location that the management system is intended for.

2- You could have one common management system, with certain records that were specific for each location. For instance, the procedure for identification of compliance obligations would be the same, but you would have a listing of the identified compliance obligations (including legal obligations) for each location.

If you are looking to integrate your managmenet systems into one, you can find out more information in our whitepaper: How to integrate ISO 9001, ISO 14001 and ISO 45001, https://info.advisera.com/9001academy/free-download/how-to-integrate-iso-9001-iso-14001-and-iso-45001

ITIL&ISO 20000 over ISO 9001 in the IT area

If a company implemented ISO 9001 - that's excellent foundation to add other management systems, like Service Management System (SMS) based on ISO 20000-1.

SMS (through required processes) goes deep in daily activities of the IT Service Management team, it covers whole lifecycle of the IT service(s) and requires good governance practicies. That's IT service specifics (although it could be applied to almost any kind of the service). Additionally to the processes ISO 20000 requires management system to be established. And that's where QMS (if already implemented) has many common elements with ISO 20000.

So, if there is ISO 9001 already in place, ISO 20000 implementation will enable better management of IT services as well as better integration in overall business activities of the company.

ISO 9001 / The needs for and benefits of ISO 9001

Your general approach sounds good.

Starting with management commitment is of paramount importance, they signal what is important and they command access to resources. Please check these articles:

How can a startup benefit from ISO 9001? - https://advisera.com/9001academy/blog/2017/05/23/how-can-a-startup-benefit-from-iso-9001/
Benefits of ISO 9001 implementation for small businesses - https://advisera.com/9001academy/blog/2018/09/17/benefits-of-iso-9001-implementation-for-small-businesses/
Six Key Benefits of ISO 9001 Implementation - https://advisera.com/9001academy/knowledgebase/six-key-benefits-of-iso-9001-implementation/
Once settled the importance of implementing a quality management system, I recommend performing a Gap Analysis - 
Should you use a gap analysis in your ISO 9001 implementation? - https://advisera.com/9001academy/17/use-gap-analysis-iso-9001-implementation/ you can try our free online tool - Free ISO 9001:2015 Gap Analysis Tool - https://advisera.com/9001academy/iso-9001-gap-analysis-tool/

After performing a Gap Analysis we have an idea of what needs to be done, and we can start planning the implementation project:

Checklist of ISO 9001 implementation & certification steps - https://advisera.com/9001academy/knowledgebase/checklist-of-iso-9001-implementation-certification-steps/
A free downloadable template - Project Plan for ISO 9001 implementation - https://info.advisera.com/9001academy/free-download/project-plan-for-iso-9001-implementation-ms-word
The quality policy and quality objectives will be outcomes of the implementation project.

We are glad that you bought the Toolkit. Please consider this reflection - ISO 27001 documents – Why the templates are not enough? - https://advisera.com/27001academy/blog/2012/04/24/the-documentation-myth-why-the-templates-are-not-enough/

EU GDPR questions

"I run a small "haute" couture shop and I have some questions regarding sole GDPR aspects.Are the measurements taken for custom suites considered biometric data?” 

Measurements taken for custom suites are not considered biometric data because biometric data is defined as personal data acquired through biometric process like fingerprints, samples, facial recognition as stated at paragraph 51 of the Preamble of GDPR. 

Clothes size and physical measurement (like weight and height) belong instead to demographics and so they are personal data under article 5 of GDPR. 

In this article, you can find some useful resources for small companies and GDPR:- GDPR challenges for small companies  https://advisera.com/articles/gdpr-for-small-businesses-the-most-common-challenges/ 

“If we collect the measurements and name and surname is there any information we need to provide the customers?” 

You must inform your customers in the privacy notice. In fact, according to article 5 GDPR, the processing of personal data requires to inform the data subject.

In this article, you can find all the information you need to convey to your customer, in order to provide a GDPR compliant privacy notice:Everything you need to know about the GDPR Privacy Notice https://advisera.com/articles/gdpr-privacy-notice-6-key-elements-to-include/ 

“We use CCTV in our shop are there any specific requirements?” 

CCTV is among the main privacy issues. Most national laws set legal requirements in order to protect the privacy and avoid workers’ surveillance. Under GDPR the images of CCTV are personal data processed so you need to follow the principle of data processing illustrated in article 5.

Here you can find some useful resources about privacy issues:

- GDPR one year on: Why it should still be your top priority if you care about profit, clientele and reputation: https://advisera.com/articles/gdpr-one-year-on-does-it-still-matter-interview/

"We use a contractor on XYZ where we sent the measurements to cut the clothes is this a transfer of personal data?”

Measurement can be considered personal data if they can indicate directly or indirectly to a natural person (data subject), as illustrated in article 4 n. 1 GDPR. Consequently, if measurement is transferred with reference to a natural person (i.e. name of the customer) all the rules on data transfer will apply. Otherwise, if the measurement is transferred anonymized or pseudonymized (i.e. order number) it is not considered a transfer of personal data. 

Here you can find a free registered webinar about the transfer of personal data under GDPR:How to make personal data transfers to other countries compliant with GDPR https://advisera.com/webinars/how-to-make-personal-data-transfers-compliant-with-gdpr-free-webinar-on-demand/

Here is an article about the first three steps to take into account when transferring personal data:3 steps for data transfers according to GDPR https://advisera.com/articles/3-steps-for-data-transfers-according-to-gdpr/

Do we need to keep records for our activities?

According to the last paragraph of Article 5 GDPR, you shall comply with the principle of accountability. In other words, you must be able to demonstrate that in your company process personal data are processed complying with GDPR requirements. As a consequence, it is better to keep track of your activities. 

Here you can find a list of mandatory documents to implement in order to comply with GDPR:- List of mandatory documents required by EU GDPR https://advisera.com/articles/list-of-mandatory-documents-required-by-eu-gdpr/  

We also do marketing campaigns for our customers by telephone. Do we need consent?

Yes. Marketing activity and lack of consent is one of the main cause of GDPR fines by Supervisory Authorities. 

Here you can find an article on GDPR impact on marketing activities- How does GDPR impact marketing activities? https://advisera.com/eugdpracademy/blog/2018/02/08/how-does-gdpr-impact-marketing-activities/  

Can we collect the consent via telephone?

Consent can be acquired in written or oral form and so also via telephone. In fact, it is defined by paragraph 11 of Article 4 GDPR as “any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by clear affirmative action, signifies agreement to the processing of personal data relating to him or her”. 

Are we allowed to record the calls?

Recording calls is a form of processing personal data, so you need to inform your customer that you are about to record the call and inform the customer about the location of privacy notice. 

Here you can find the information on how to write a privacy notice:- Everything you need to know about the GDPR Privacy Notice https://advisera.com/articles/gdpr-privacy-notice-6-key-elements-to-include/  

Can we buy potential clients' databases?

If you are considering buying potential clients' database, you should verify if the seller acquired the clients' consent to transfer and sale of data in order to avoid fines for unlawful processing. In fact, as a data controller, you will be liable for the entire data processing (from acquisition to retention until the very end of the dismission). 

ISO 9001 and the training matrix

I start with clause 5.3 about roles, responsibilities and authorities.

For each role I list the relevant activities performed. Then, for each activity I ask:

What kind of training is needed to be able to be competent?
What kind of experience is needed to be able to be competent?
Now, I’m prepared to build a training matrix

Then, for each role I ask direct manager or supervisor to evaluate present competency based on opinion, process performance, costs, complaints and internal audits. Any lack of competence must be treated through an action that can be included in the annual training plan. That plan can be updated following decisions made after monthly or quarterly performance monitoring reviews.

The following material will provide you more information about training and competence:

- Article - How to ensure competence and awareness in ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/how-to-ensure-competence-and-awareness-in-iso-90012015/
- Please check in this free webinar on demand how the process approach can be used to determine training needs - The Process Approach - What it is, why it is important, and how to do it - https://advisera.com/9001academy/webinar/iso-9001-process-approach-free-webinar-on-demand/
- Free online training ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- Book – (where I use the process approach and explain the development of competence requirements) - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
 

Environmental management system and internal audits

An internal auditor must have knowledge about good auditing practices. Normally, that can be evidenced through a training certificate.

An internal auditor compares reality with audit criteria. What are audit criteria? The standard, ISO 14001:2015, and internal procedures, instructions and rules. Normally, that can be evidenced through a training certificate about the standard and through the preparation of a checklist about the internal rules.

Organizations have authority to determine their particular requirements for internal auditors. So, they can add other requirements like experience, knowledge about a particular economic sector, like legislation, or other.

- What competences should an ISO 14001 internal auditor have? - https://advisera.com/14001academy/blog/2016/07/04/what-competences-should-an-iso-14001-internal-auditor-have/
- Enroll for free in ISO 14001:2015 Internal Auditor Course - https://advisera.com/training/iso-14001-internal-auditor-course/
- Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
- Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/

ISO 14001 / Paper Recycling in ISO 14001 - Is it a requirement?

You will not find an explicit requirement in ISO 14001:2015 to recycle paper. Your organization generates paper as a residue, an environmental aspect. Then, your organization should determine the environmental impact resulting from present destination of that paper as a residue. According to your organization’s assessment of the relevance of that environmental impact, a decision has to be made about the need to improve, or not, that environmental impact.

An auditor can always argue that not recycling paper will be against the pollution prevention commitment in the environmental policy (please see definition 3.2.7 in ISO 14001:2015 and this article - How ISO 14001 can improve recycling performance - https://advisera.com/14001academy/blog/2019/03/27/how-iso-14001-can-improve-recycling-performance/ ).

The following material will provide you more information about environmental aspects and impacts:

- Environmental aspect identification and classification - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/environmental-aspect-identification-and-classification/
- Free webinar - Free webinar - ISO 14001: Identification and evaluation of environmental aspects - https://advisera.com/14001academy/webinar/iso-14001-identification-and-evaluation-of-environmental-aspects-free-webinar-on-demand/
- Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
- Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/
 

Course supporting material

First of all, sorry for this inconvenience.

The corresponding article for ISMS is "8 criteria to decide which ISO 27001 policies and procedures to write" https://advisera.com/27001academy/blog/2014/07/28/8-criteria-to-decide-which-iso-27001-policies-and-procedures-to-write/

Supporting documents are:
-  List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision
- Seven steps for implementing policies and procedures https://advisera.com/27001academy/knowledgebase/seven-steps-for-implementing-policies-and-procedures/

Emergency Response Procedure Training

ISO 14001:2015 does not prescribe storage / archive time for training records. Unless legislation or contracts with customers or other interested parties (like insurance companies) prescribes a specific time, I recommend organizations to keep records for a minimum of four years to ensure that relevant records are kept during a certification three-year cycle.

The following material will provide you more information about records:

- Article - ISO 14001 Control of Records - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/iso-14001-control-of-records/
- Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
- Book – Managing ISO Documentation: A Plain English Guide - https://advisera.com/books/managing-iso-documentation-plain-english-guide/