Search results

ITIL/ISO 20000 Documenting IT devices

#1 If this list includes items you need to manage in order to deliver a service(s) - then you need to document them.

#2 Partially SDP can be seen as a functional specification (with extended content). But, that also depends on what kind of services you are delivering, how deteiled your functional specification is, etc. 

Here is the article with more details: ITIL Service Design Package – everything under one roof https://advisera.com/20000academy/blog/2014/10/07/itil-service-design-package-everything-under-one-roof/

Capacity Management - well, part of the Capacity Plan relates to business requirements. But you have to, also, plan how to answer (with technology) those requirements. And you have to define how to monitor usage of these resources, react when you need, etc. 

This article can help you further: ITIL Capacity Plan – A document you need, but probably don’t have https://advisera.com/20000academy/knowledgebase/itil-capacity-plan-a-document-you-need-but-probably-dont-have/

Difference between AS 9100 and EN 9100

There's is no real difference between AS9100 and EN9100. These are just the different publishing titles for North America and Europe, however,  the requirements are thre same. 

Current revision of ISO 9001:2015

No. The current version of ISO 9001 is the one published in September 2015 and there is no revision since then.

In this article you can check the history of ISO 9001 revisions - The history and future of the ISO 9000 series of standards - https://advisera.com/9001academy/blog/2019/04/15/history-of-the-iso-9000-series-of-standards-and-what-to-expect-next/

Additional benefits of ISO 9001 for Testing & Calibration labs

Truth is that ISO 9001 and ISO 17025 have different purposes. ISO 9001 is about implementing a quality management system and is applicable to any kind of organization. Quality management systems can be certified by a certification body.

ISO 17025 is about “General laboratory competency of testing calibration requirements” and is applicable to laboratories that produce results, like composition of a sample, that can be used in a court of law. ISO 17025 main concern is competent, impartial, and consistent operation of laboratories. ISO 17025 is mainly used by calibration laboratories. Laboratories are accredited by an accreditation body.

The following material will provide you more information about ISO 17025:

- ISO 17025 vs. ISO 9001 – Main differences and similarities - https://advisera.com/17025academy/blog/2019/07/11/iso-17025-vs-iso-9001-main-differences-and-similarities// 

- Six key benefits of ISO 17025 implementation - https://advisera.com/17025academy/blog/2019/10/18/six-key-benefits-of-iso-17025-implementation/

- Diagram of ISO 17025 Implementation Process - https://info.advisera.com/17025academy/free-download/diagram-of-iso-17025-implementation-process

- What is ISO 17025? - https://advisera.com/17025academy/what-is-iso-17025/ 

- Please check our ISO/IEC 17025 Blog - https://advisera.com/17025academy/blog/ 

- Download free ISO/IEC 17025 materials - https://advisera.com/17025academy/free-downloads/

Maintaining quality documentation

Whenever ISO 9001:2015 uses the formula “maintain documented information” it is about keeping documents approved, distributed and updated. Whenever ISO 9001:2015 uses the formula “retain documented information” it is about keeping records. This article List of mandatory documents required by ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/ gives an idea about documents and records relevant for an ISO 9001:2015 quality management system.

Advisera developed an ISO 9001:2015 Documentation Toolkit - https://advisera.com/9001academy/iso-9001-documentation-toolkit/ with live expert support. A tool to accelerate the design of quality system documentation. Please check also this free webinar on demand - How to use a Documentation Toolkit for the implementation of ISO 9001 - https://advisera.com/9001academy/webinar/how-to-use-a-documentation-toolkit-for-the-implementation-of-iso-9001-free-webinar-on-demand/

You can enroll for free in this course - Free online training ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- Book – (where I use the process approach this way) - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

Environmental aspects and impact procedure requirements

Please check this article - List of mandatory documents required by ISO 14001:2015 - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/list-of-mandatory-documents-required-by-iso-140012015/ There you can see that a procedure for identification and evaluation of environmental aspects and impacts is not mandatory. What is mandatory is having one or more documents stating:

• Criteria for evaluation of significant environmental aspects;
• Environmental aspects with associated environmental impacts;
• Significant environmental aspects;
• What some organizations do is to create a procedure to standardize the internal practice of determining, assessing and classifying environmental aspects and impacts as significant.

The following material will provide you more information about aspects and impacts:

- Article - 4 steps in identification and evaluation of environmental aspects - https://advisera.com/14001academy/knowledgebase/4-steps-in-identification-and-evaluation-of-environmental-aspects/
- Environmental aspect identification and classification - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/environmental-aspect-identification-and-classification/
- Free webinar - Free webinar - ISO 14001: Identification and evaluation of environmental aspects - https://advisera.com/14001academy/webinar/iso-14001-identification-and-evaluation-of-environmental-aspects-free-webinar-on-demand/
- Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
- Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/
 

Filling templates

Here are the answers:

Document Owner, Document Approver, and Document Reviewer: are they normally the same person?

They could be the same person in a very small company, but in large companies you should try to have different persons for these roles. Even for a very small company you should try to have a different person for a reviewer, in order to create better documents. 

When should the name be noted and when the role/dept. ?

When you describe roles and responsibilities, you should write job titles - this way when a person leaves the company or changes the position you do not need to change the policy. You can use person's name in the Change history of the document to have a record who exactly has made which changes; you can also use person's name when you make a record of who has approved the document. 

Should Owner, Approver, Reviewer… all be on de Document? Or only author and owner?

ISO 27001 does not prescribe such things - best practice is to have author and approver of the document. 

See also: 

• Document management in ISO 27001 https://advisera.com/27001academy/blog/2010/03/30/document-management-within-iso-27001-bs-25999-2/
• Seven steps for implementing policies and procedures https://advisera.com/27001academy/knowledgebase/seven-steps-for-implementing-policies-and-procedures//

These materials will also help you regarding document management:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your
Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course
https://advisera.com/training/iso-27001-foundations-course/

Software validation process and Risk Management procedure

1. 4.1.6 What software needs to follow the software validation process? Would smartsheet or excel have to be validated?

You need to perform validation for any software that is being used in the quality system together with evaluation the risk of each of those applicable pieces of software. This assessment can include databases, Solidworks/CAD files for design activities, issue tracking software, complaint management software or CRM systems, ERP systems, and/or distribution software programs. The evaluation process should be documented, and the results should be tied to actions. You do not need to perform validation of smartsheets and excel. 

For more information, please read the following articles:

How to establish process validation in the QMS https://advisera.com/9001academy/blog/2017/01/31/how-to-establish-process-validation-in-the-qms/Using ISO 13485 to manage process validation in the medical device manufacturing industry https://advisera.com/13485academy/blog/2017/09/07/using-iso-13485-to-manage-process-validation-in-the-medical-device-manufacturing-industry/

2. We do not only manufacture medical-related products. We produce thermoplastics. Is it ok for us not to use a risk management procedure on non-medical if specifically called out in the procedure?

Yes, it is ok not to use risk management procedure on non-medical devices.

Accepting cookies with banners

 Hi, I would like to know in which cases it is mandatory to use a banner that allows visitors to my site to choose the type of cookies to accept (necessary, marketing and statistical)?

Necessary cookies or technical cookies do not require any kind of consent you just need to make aware the user that you are using such cookies. This can be achieved by using a banner (without the need for the visitor to accept anything). You also need to ensure that your Cookie Policy details the use of the necessary/technical cookies.

In which cases instead of the classic banner where "continue browsing" is sufficiently interpreted as consent to all cookies?

Regarding statistical and marketing cookies these should only be placed on the visitor`s browser based on consent. Consent can be obtained through the cookie banner. You also need to ensure that your Cookie Policy details the use of the statistical/marketing cookie as well as an easy way for the visitor to withdraw its consent.

You can find readily available Cookie Policy in our EU GDPR Mini Toolkit for websites (https://advisera.com/eugdpracademy/eu-gdpr-mini-toolkit-for-websites/).