Search results

IATF 16949 clause 9.1.1.1

Hi Paulo Salgueiro, Thanks for your explaination. Actually we already get Major NCR during CB audit. The Finding is No evidence to show that the manufacturing process capability or performance for part ######## has been maintained as specified by the customer’s part approval process Initial process capability (i.e during trial run) showed the Cpk result was 1.995 but during the mass production, the Cpk result was 1.424.

OHS documents, criteria and requirements

In answer to your questions regarding the ISO 45001 standard:

1. The ISO 45001 standard does not require a management representative, but also does not demand that you change your terminology. You can keep a management rep if you want, as long as all of the responsibilities in clause 5.3 are fulfilled by someone.

2. Clause 8.1.4 on procurement only requires that you establish a process to ensure that your procurement, including contractors and outsourcing, conforms to your OHSMS. How you do this is up to you, so including OH&S information into your standard contracts would be acceptable, as would an separate annex with this information; whichever works best for you. The idea of an annex that is only used for procurement where OH&S criteria needs to be flowed down might be the best approach.

3. Clause 8.1.4.2, Contractors, requires that you coordinate with contractors to identify hazards so that you can access and control the OH&S risks arising from the activities. So yes, you need to assess the risks of contractors to control the risks.

You can find out more about the requirements of ISO 45001 in out whitepaper:  Clause-by-clause explanation of ISO 45001:2018, https://info.advisera.com/45001academy/free-download/clause-by-clause-explanation-of-iso-45001

ISO 17025 for Laboratory equipment

Both ISO 17025 and ISO 13485 standards have the same objectives when it comes to equipment - to ensure that monitoring and measuring equipment is fit for purpose through the control of identification, maintenance, calibration, and metrological traceability. The standards are separate however, as the overall purpose and scopes are different. ISO/IEC 17025, General requirements for the competence of testing and calibration laboratories addresses a number of requirements, including requirements for equipment used by testing and calibration laboratories so that competency can be demonstrated to deliver reliable results.

ISO 13485 Medical devices - Quality management system, Requirements for regulatory purposes addresses a number of requirements, including requirements for equipment where an organization providing medical devices or related services needs to demonstrate its ability to consistently meet applicable regulatory and customer requirements. The overlap between the standards come about because of common activities - the need for testing and calibration of medical device equipment. ISO 13485 is therefore also applicable for external providers of products and services to medical-device organizations, including calibration and maintenance services. It is therefore recommended that ISO 17025 laboratories that provide services or products to medical device organizations have a thorough understanding of ISO 13485 in order to meet necessary customer and regulatory requirements. Likewise, an ISO 13485 organization requiring testing or calibration services, or performing those activities themselves inhouse, should have thorough knowledge of ISO 17025.   

For more information have a look at the articles:

• What does ISO 17025:2017 require for laboratory measurement equipment and related procedures? https://advisera.com/17025academy/blog/2019/07/25/iso-17025-measurement-requirements-of-the-standard/" href="https://advisera.com/17025academy/blog/2019/07/25/iso-17025-measurement-requirements-of-the-standard/" target="_blank" >https://advisera.com/17025academy/blog/2019/07/25/iso-17025-measurement-requirements-of-the-standard/
• Calibration requirements in ISO 13485 https://advisera.com/13485academy/blog/2019/03/08/calibration-requirements-in-iso-13485/

ISO 9001 Procedure for Doc Control - "Code"

A “Code” is a sort of a nickname a short identification of a document. Sometimes it is also useful for organizing documentation. For example, I may have a process called “Buy materials” code it as P6 and then refer work instructions as WI6.x as forms as F6.x and we will immediately recognize a relationship with the process where they are used.

ISO 9001: 2015

Yes, the article “Understanding Resource Management in ISO 9001” - https://advisera.com/9001academy/blog/2014/02/11/understanding-resource-management-iso-9001/ applies to ISO 9001:2015. Although certain changes took place, instead of “Human Resources” now the standard mentions “People” and Section 6.2.2. Human Resources in ISO 9001:2008 dealt with the definition of competencies, a topic that is now dealt with in 7.2.

7.1.3 and 7.1.4 are very similar to previous 6.3 and 6.4.

7.1.5 is very similar to previous 7.6, with certain differences concerning traceability of standards and customer requirements.

7.1.6 is new content.

Duties of Environment Engineer

I can only speak about the key roles and responsibilities in the EMS. And within an EMS what can be closer to your question is the management representative role.

ISO 14001:2015 no longer mandates the appointment of a management representative. However, organizations are free to keep that role.

The following material will provide you more information about the management representative:

- What are the key roles and responsibilities in the EMS? - https://advisera.com/14001academy/blog/2016/11/21/what-are-the-key-roles-and-responsibilities-in-the-ems/
- ISO 14001: What is the Role of the Management Representative? - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/iso-14001-what-is-the-role-of-the-management-representative/
- Is the management representative still the best option to coordinate EMS according to ISO 14001:2015? - https://advisera.com/14001academy/blog/2016/02/08/is-the-management-representative-still-the-best-option-to-coordinate-ems-according-to-iso-140012015/
- Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
- Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/
 

Annex A Policies list

I assume your question is related to our ISO 27001 Documentation Toolkit - the reason why these security policies are not listed in the Project plan is because first you have to complete your risk assessment in order to decide which of these policies will be needed. 

In other words, not all of these security documents are needed - you should apply only the ones that are really needed to decrease your risks. 

This article explains the logic: The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/

These materials will also help you regarding the flow of the implementation:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your
Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course
https://advisera.com/training/iso-27001-foundations-course/

Lab equipment and instruments

I was wondering if you know if the ISO 13485 also covers lab equipment and instrumentation?

If I understand you correctly, you are asking if the requirements of ISO 13485: 2016 cover the maintenance of laboratory equipment and validation of the methodology in which that equipment is used. Yes, there are requirements in ISO 13485: 2016 for maintenance of the equipment (6.3 Infrastructure), how to define the work environment (6.4 Work environment and contamination control), and how to validate certain processes (7.5.6 Validation of processes for production and service provision).

If you need more information how requirements from ISO 13485:2016 are applicable, please read following free download Clause-by-clause explanation of ISO 13485:2016

https://info.advisera.com/13485academy/free-download/clause-by-clause-explanation-of-iso-13485

Should we have to have the lab equipment at the same QMS standard do you know? under the 13485

I am apologizing, but I do not understand your question. Can you please clarify it?

Quality Manual requirements

ISO 9001:2015 does not require a Quality Manual. You can confirm that in this article - List of mandatory documents required by ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/

So, you are free to have a Quality Manual designed according to your own organization’s requirements. I recommend that organizations develop a Quality Manual around these topics:

• Who we are
• What do we believe and value
• What are our strategic priorities
• To whom do we work
• Main products and/or services
• What are our processes and how do they interact 

The following material will provide you information about the quality manual:

- ISO 9001 – The future of the Quality Manual in ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/the-future-of-the-quality-manual-in-iso-90012015/
- free online training ISO 9001:2015 ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-14001-internal-auditor-course/ nal-auditor-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

Incident and problem tracking and recording

Tools are great help while implementing ISO 20000 and/or ITIL. Use them to automate your procedures, record activities and create documents and records required by the standard. Here is an article that can help you with this topic: 5 things to beware of when selecting an ITSM tool https://advisera.com/20000academy/blog/2016/03/08/5-things-to-beware-of-when-selecting-an-itsm-tool/

But, there is no requirement that tools need to be "certified" on the standard or the framework (which is very arguable topic, anyways). Also, using two tools (for IT Service Management and/or ISO 20000 based SMS implementation) is counterproductive. Quite contrary, such approach will cause more problems than it will help.