Search results

Root cause analysis

Let us suppose that an organization is not satisfied with the level of non-conformities on product X. So, the first step is to focus the effort of improvement, by performing a symptom diagnosis using, for example, a Pareto chart.

After this initial screening the organization needs:
a) to determine probable causes;
b) make some tests or investigations to find root-cause(s);
c) develop alternative solutions;
d) select the best one;
e) implement the solution;
f) check the effectiveness of that solution

The five whys technique is used on step a). Normally, root causes are deeply hidden in the way an organization works and decides how to act. So, when looking into the cause of a problem an organization someone asks:

- Why is this problem happening?

A answer can be:

- That happens because people have no training

That is a first why, a first cause for a problem. After that someone might ask:

- And why do people have no training?

- Because they are new employees and they did not receive any initial training

- And why did they not receive any initial training?

- Because the training department was not informed of their arrival

- And why was the training department not informed of their arrival?

- Because we did not plan their integration in the company, and they had to be integrated in a hurry to close the gap in people needed to work in the Summer season

- And why did we not plan their integration, the summer season requirements is well known in advance?

- So, if we improve our preparation of the Summer season, we can prepare new employees integration, give them training and avoid future problems.

Asking why five times can lead us to a deep systemic cause with impact on the problem and manageable by those that want to improve the organization.

The following material will provide you with information about root cause analysis:
- Aerticle - ISO 9001 – How to use root cause analysis to support corrective actions in your QMS - https://advisera.com/9001academy/blog/2016/03/01/how-to-use-root-cause-analysis-to-support-corrective-actions-in-your-qms/
- Free webinar – Measurement, analysis, and improvement according to ISO 9001:2015 - https://advisera.com/9001academy/webinar/measurement-analysis-and-improvement-according-to-iso-9001-2015-free-webinar/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

List of Legal Regulatory Contractual and Other Requirements

Unfortunately, we do not have example documents we can disclose due to confidentiality agreements with our customers.

Regarding requirements for employees, an example would be to keep the confidentiality of their personal records kept by the organization.

Requirement for shareholders would be the integrity of financial and performance reports.

About clients' requirements, you should consider clauses in service agreements you have with them.

This article will provide you further explanation about requirements identification:
- How to identify ISMS requirements of interested parties in ISO 27001 https://advisera.com/27001academy/blog/2017/02/06/how-to-identify-isms-requirements-of-interested-parties-in-iso-27001/

Establishing the context of an organization

When thinking about context, consider both internal and external topics. As internal topics think about weaknesses and strengths of your organization, things like experience, difficulties, successes.

As external topics think about opportunities or threats in the market, things like economic trends, technological evolution, legislation trends, social evolution. Check particularly the first link below.

The following material will provide you more information about context and interested parties:

- Article - Case study for ISO 9001:2015 transition in a construction company - https://info.advisera.com/hubfs/9001Academy/9001Academy_FreeDownloads/Case_study_for_ISO_9001_2015_transition_in_construction_company_EN.pdf
- Article - How to identify the context of the organization in ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/how-to-identify-the-context-of-the-organization-in-iso-90012015/
- How to determine interested parties and their requirements according to ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/11/10/how-to-determine-interested-parties-and-their-requirements-according-to-iso-90012015/
- Free webinar - ISO 9001:2015 clause 4 - Context of the organization, interested parties, and scope - https://advisera.com/9001academy/webinar/iso-90012015-clause-4-context-of-the-organization-interested-parties-and-scope-free-webinar-on-demand/
- Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- Book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
 

Internal audit report

Audit trail is part of the audit method. Audit method covers the definition of the audit scope, audit planning, audit execution, audit report, and audit follow up. The audit trail is created during audit execution (based on the item you mentioned, defined during audit planning). 

This article will provide you further explanation about internal audit: 
- How to make an Internal Audit checklist for ISO 27001 / ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/

SOP approval signature needed or not

On company letterhead I would only add the logo of the organization to your list.

Normally, when I work with organizations, if they keep paper versions of the documentation, I just ask them to sign an original that will be kept as a record. Other paper versions aren’t signed, but they have to match version # and content with the original approved. 

I recommend that the signing, on paper or digital, should be done by the person with authority to make the content of the document an internal rule.

The following material will provide you with information about document control:
- Article - New approach to document and record control in ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/

- Article - Some Tips to make Document Control more useful for your QMS - https://advisera.com/9001academy/blog/2014/05/20/tips-make-document-control-useful-qms/

- Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/

- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

Business rules definition

As far as I understand your question, you are speaking about both ISO 9001:2015 clauses 4.4.1 c) and 9.1.1.

Organizations should define performance indicators for their processes. Those performance indicators can be presented in documents that describe each process or in tables that gather all performance indicators from all processes.

The following material will provide you more information about monitoring and measurement:

- Article - Practical tips for measuring your QMS according to ISO 9001:2015 clause 9.1 - https://advisera.com/9001academy/blog/2017/08/29/practical-tips-for-measuring-your-qms-according-to-iso-90012015-clause-9-1/
- Article - How to define Key Performance Indicators for a QMS based on ISO 9001 - https://advisera.com/9001academy/24/define-key-performance-indicators-qms-based-iso-9001/-iso-9001/
- Free webinar - Measurement, analysis, and improvement according to ISO 9001:2015 - https://advisera.com/9001academy/webinar/measurement-analysis-and-improvement-according-to-iso-9001-2015-free-webinar/
- Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

Differences in Risk Analysis

In terms of the requirements and purpose, there is no difference. Both ISO 9001 and ISO 17025 Standards require that organizations address risks and opportunities as relate to the organization achieving its objectives. The same or similar approaches can also be taken when performing risk analysis. In both cases, organizations are required to perform risk analysis by identifying risks and planning responses. Neither standard prescribes a specific approach or methodology.

For more information on the topic, have a look at these articles:

• Similarities and differences in risk management in ISO 9001, ISO 31000, and ISO 27001
  https://advisera.com/9001academy/blog/2016/10/25/similarities-and-differences-in-risk-management-in-iso-9001-iso-31000-and-iso-27001/
• How to address risks and opportunities in ISO 9001
  https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
• Risk-based thinking replacing preventive action in ISO 9001:2015 – The benefits https://advisera.com/9001academy/knowledgebase/risk-based-thinking-replacing-preventive-action-in-iso-90012015-the-benefits/
• How to identify risk significance in ISO 9001:2015
  https://advisera.com/9001academy/blog/2019/01/14/how-to-identify-risk-significance-in-iso-90012015/

Intricate process for movement of documents

No, ISO 9001 does not include any intricate process for movement of documents. It is up to each organization to design the most useful, the most effective flow of documentation, both inside and with any outside interested parties, unless that flow is ruled by legislation or regulation. Please check this article - List of mandatory documents required by ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/ . You can see that mandatory documents are very few.

The following material will provide you more information about ISO 9001:2015:

- Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
 

Plan for Training and Awareness

You can consider these documents in the context of awareness and training in two ways:
- as individual documents, where you explain their purpose and how to fill them in
- as part of processes where they are required (e.g., new employee onboarding, and information exchange between an organization's employees and external parts).

As part of a process examples, in the first case, the new employees need to be aware of documents they need to sign. In the second case, employees working with third parties need to be aware of which documents they have to require from the third parties to sign before the organization's information be sent to them.

This article will also help you regarding awareness and training:
- How to perform training & awareness for ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/05/19/how-to-perform-training-awareness-for-iso-27001-and-iso-22301/

This material will also help you regarding awareness and training:
- Free Security Awareness Training: https://advisera.com/training/awareness-session/security-awareness-training/ - this is a series of 25 videos that cover various topics related to security.

Retention period - Training and awareness plan

If there are no legal or contractual requirements for defining retention period for evidence of training and awareness activities, you can consider a three-year period aligned to the certification validity cycle.

This article will provide you further explanation about records management:
- Records management in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/11/24/records-management-in-iso-27001-and-iso-22301/