Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Guest
Normally, organizations keep a risk register that list risks and opportunities without mentioning related internal and external issues.
Some organizations use a column in the risk register where they include the trigger events that can contribute to a risk or an opportunity.
The following material will provide you more information about risks and opportunities:
- How to address risks and opportunities in ISO 9001 - https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
- Please check this free webinar on demand - Free webinar – How to implement risk management in ISO 9001:2015 - https://advisera.com/9001academy/webinar/how-to-implement-risk-management-in-iso-90012015-free-webinar/
- Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
Consider the lifecycle of your products and services. For example, I worked with a company manufacturing machines and equipment. They outsourced metal surface treatment and painting. Those are examples of outsourced processes that the organization considered having relevant environmental impacts.
Identify your organization’s outsourced processes and determine environmental aspects and impacts and assess them.
The following material will provide you more information about aspects and impacts:
- Article - 4 steps in identification and evaluation of environmental aspects - https://advisera.com/14001academy/knowledgebase/4-steps-in-identification-and-evaluation-of-environmental-aspects/
- Environmental aspect identification and classification - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/environmental-aspect-identification-and-classification/
- Free webinar - Free webinar - ISO 14001: Identification and evaluation of environmental aspects - https://advisera.com/14001academy/webinar/iso-14001-identification-and-evaluation-of-environmental-aspects-free-webinar-on-demand/
- Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
- Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/
You wrote that quality and safety exist in a previous version. If you check the last version of each standard you will see that they have the same structure, High-Level Structure, something that helps a lot management systems integration.
The following material will provide you information about management systems integration:
- How to integrate ISO 45001 with ISO 9001 and ISO 14001 - https://advisera.com/45001academy/blog/2018/09/12/how-to-integrate-iso-45001-with-iso-9001-and-iso-14001/- How to integrate ISO 14001 and ISO 9001 - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/how-to-integrate-iso-14001-and-iso-9001/- Free webinar – How to integrate ISO 9001:2015 and ISO 14001:2015 - https://advisera.com/9001academy/webinar/how-to-integrate-iso-90012015-and-iso-140012015-free-webinar-on-demand/
The new ISO 45001 standard does not have many mandatory procedures, and in fact most of the documented information required for the standard is composed of records. That being said, if you find a procedure that you have in place to be useful, even if it is not required for the new ISO 45001 standard, then you should keep that procedure. What is a valuable activity is to go through any procedures that are not required and determine fi they are of value; if not then get rid of them.
One other thing to note, although the standard uses the term documented information to mean both procedures and records it is not mandatory for you to change your terminology. Don’t confuse people by changing from the terms procedure and records if that is what they understand.
You can find out more about the required documentation in the whitepaper: Checklist of Mandatory Documentation Required by ISO 45001, https://info.advisera.com/45001academy/free-download/checklist-of-mandatory-documentation-required-by-iso-45001
If the machine was programmed to reject bad parts, we can conclude that the machine is a monitoring and measuring resource. Is that resource calibrated? Was that resource tested for suitability? If the problem is about calibration, I would use clause 7.1.5. If the problem is about not testing suitability, is about not validating the use of the machine, I would use clause 8.5.1 b).
- Article - Seven Steps for Corrective and Preventive Actions to support Continual Improvement - https://advisera.com/9001academy/blog/2013/10/27/seven-steps-corrective-preventive-actions-support-continual-improvement/
- Article - How to use root cause analysis to support corrective actions in your QMS - https://advisera.com/9001academy/blog/2016/03/01/how-to-use-root-cause-analysis-to-support-corrective-actions-in-your-qms/
- Enroll for free in ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-9001-internal-auditor-course/
- Book – Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
Thank you for your comments. You said:
From my point of view, one item which is not fully covered in the suite of templates is a procedure to define how impartiality is dealt with (reference 17025:4.1.4).
To reply to the above, note that the structure of the toolkit includes the Quality Policy and Quality Manual. The Quality Policy documents the commitment to ensuring impartiality, through the process of continually identifying risks to its impartiality and taking appropriate action to mitigate them. As there is no mandatory requirement for an Impartiality procedure, the requirements of impartiality are covered in the Quality Manual. Safeguarding impartiality is approached the same way as other risks and opportunities related to the Quality Management System, documented in the procedure Addressing Risks and Opportunities. It is important that it is integrated there, as impartiality and confidentially are key components of all laboratory risks. The procedure states that the following question should be asked during each risk assessment - Is confidentiality and impartiality safeguarded?
You asked:
I guess that the procedural steps would be something like:
- Document anticipated risks which compromise the effective management of impartiality
- Develop counter-measures to those mitigate risks which are currently unacceptable
- Monitor and improve as time goes by, especially by making this an agenda item for management review
Do you have a draft procedure which I could use as a starting point for this area?"
Yes, that is correct. The procedural steps are detailed in the procedure Addressing Risks and Opportunities. This covers Identification, determining the risk level, actions to address risks; and the evaluation of the effectiveness of actions.
The procedure states that the activity takes place on an ongoing basis and identifies the person responsible for identifying risks to impartiality and taking action to safeguard impartiality. The Registry of Key Risks and Opportunities is provided to record the evaluation and monitoring of key risks. You can also customize the procedure and record as suites your laboratory. There are many tools for assessing and evaluating risks and opportunities, so you can add them to your documentation and list them in the table of records in the procedure.
The following ISO 17025 article provides further insight on how to manage risks, applicable to impartiality as well: Five-step laboratory risk management according to ISO 17025:2017 https://advisera.com/17025academy/blog/2019/12/05/iso-17025-risk-management-in-five-steps/
The following may also be of interest: Compliance with the ISO/IEC 17025:2017 requirement for Impartiality https://community.advisera.com/topic/compliance-with-the-isoiec-170252017-requirement-for-impartiality/
A data processor and any authorized person is allowed to access to personal data stored in CRM only limited to the purpose of the processing established in the privacy notice.
For more information about data processor and data controller, please read the article:EU GDPR controller vs. processor – What are the differences? https://advisera.com/eugdpracademy/knowledgebase/eu-gdpr-controller-vs-processor-what-are-the-differences/.
The principle of purpose limitation is one of the key principles of GDPR to keep in mind.Therefore, you cannot access for purposes outside the ones illustrated in the privacy notice. As a consequence, if the reason for accessing customer data stored in CRM is in line with the purpose of collection and storage (i.e. verifying payments) the access will be compliant with GDPR provision. If the purpose of accessing personal data is not covered by your privacy policy you may consider to amend it in order to inform your customers that you will access their data for that purpose.
Depending on the purpose you may also need to verify the legal ground of such processing and verify if you need customer consent or you can process under another legal ground.
For more information, please read the following articles: Understanding 6 key GDPR principles https://advisera.com/eugdpracademy/knowledgebase/understanding-6-key-gdpr-principles/
Article 7 – Conditions for consent https://advisera.com/eugdpracademy/gdpr/conditions-for-consent/ Article 6 – Lawfulness of processing https://advisera.com/eugdpracademy/gdpr/lawfulness-of-processing/
The requirement for accreditation is to ensure the validity of results, by monitoring the performance of your laboratory’s results through comparison to that of other laboratories. Participation in Proficiency testing (PT) is one of the ways to demonstrate technical competence. As in your case, this is a challenge that a number of laboratories are faced with, where PT is not suitable, not practical or does not exist. It is then important to find the best means possible, to assess and monitor the performance of a method. Where no suitable PT scheme is available, your laboratory should compare results between yourselves and one or more laboratories (interlaboratory comparison). If such an option does not exist, you could evaluate a method by analysing matrix matched reference material, if available. If such materials are not available, packaging material can be spiked with certified Extractables and Leachable compounds of interest and recovery evaluated against certified values. Either way, all PT and related activities must be planned, documented and evaluated for suitability. The performance of an accredited method must be demonstrated on an ongoing basis, as part of you documented PT Plan.
The following ISO 17025 document templates, available for purchase, may be of interest:
Proficiency Testing Record https://advisera.com/17025academy/documentation/proficiency-testing-record/
Quality Assurance Procedure https://advisera.com/17025academy/documentation/quality-assurance-procedure/
You can also download the free demo: ISO 17025 Documentation Toolkit https://advisera.com/17025academy/iso-17025-documentation-toolkit/
Please find in this article - List of mandatory documents required by ISO 14001:2015 - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/list-of-mandatory-documents-required-by-iso-140012015/ - a very precise answer to your question.
Perhaps these other sources could be useful for you:
- Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
- Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/
As you know, before IATF audits, you fill out forms to certification body companies.
In this form, you specify the remote locations you receive support from and the locations you provide support for.
In your IATF certificate, only the name and address of the remote locations you receive support for and the functions for which you receive support appear.
The places and functions you support will not appear on your IATF certificate.
But the functions you support are; It should appear on page 2 of other companies' IATF certificates.
If there are any innovations or changes in the remote functions you receive or the support functions you provide; Both the relevant forms should be updated and these should be noted in the IATF report.
If anything is missing here; It is written in the audit report and added to the form you previously filled out to Certification Body.
Apart from that, there should be no disagreement between you and the auditor.