Search results

Documents and records management

The first important tip for you is to review your current rules defined to comply with clause 7.5.3 (control of documented information). Since you seem to be having a problem with these issues they may be not properly adjusted to your context.

Considering electronic documents and records, if the quantity of them is not so big you can consider organizing them in folders identified by each section of the standard which requires them (e.g., in folder named "Information Security Policy" you can store the Information security policy, in folder "Risk assessment and Treatment" you can store documents and records related to the risk management process, etc.)

If the quantity of documents is big, you should consider a document management solution (you can see an example of such solution in our platform Conformio at this link: https://advisera.com/conformio/)

For physical records, you should consider a central cabinet to store them, adopting a folder structure similar to the electronic documents.

This article will provide you further explanation about document management:
- Document management in ISO 27001 & BS 25999-2 https://advisera.com/27001academy/blog/2010/03/30/document-management-within-iso-27001-bs-25999-2/

This material will also help you regarding document management:
- Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/ 

Review of information systems

I'm assuming you are referring to ISO 27001 Annex A section A.18.2 Information security reviews. Considering that, the internal audit is the process which covers the controls from this section. Considering that, the steps you must consider regarding ISO 27001 requirements are:
- Document review: to (1) become acquainted with the processes in the ISMS, and (2) to find out if there are nonconformities in the documentation with regard to the standard
- Creating the checklist: write requirements you must check during the audit
- Planning the audit: plan which departments and/or locations to visit and when
- Performing the audit: execute what was planned
- Reporting: to summarize all the nonconformities and relevant information you found
- Follow-up: to check whether all the corrective actions raised during the internal audit are closed

To see how an internal audit documentation looks like, please take a look at the free demo of our ISO 27001/ISO 22301 Internal Audit Toolkit at this link: https://advisera.com/27001academy/iso-27001-22301-internal-audit-documentation-toolkit/

For further information also see:
- How to prepare for an ISO 27001 internal audit https://advisera.com/27001academy/blog/2016/07/11/how-to-prepare-for-an-iso-27001-internal-audit/
- How to make an Internal Audit checklist for ISO 27001 / ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/
- ISO 27001:2013 Internal auditor course https://advisera.com/training/iso-27001-internal-auditor-course/

Effectiveness of QMS and Product Recall

1. How can you measure the effectiveness of QMS?

Measuring effectiveness of QMS depends on the organization's processes as well as Policy/quality objectives. Most companies compared results to the goals for the KPI (Key Performance Indicators) defined for the organization. For example, it can be:- Number of major non-conformities coming from second/third party audit- Customer satisfaction improvement- Confirmed certification from Registrar- Obtain new certifications to improve your business- Increasing the number of orders from Customers- Cost reduction improvement ( including cost of poor quality)- Time to market reduction for new products- Zero defects achievement- Compliance to law and regulation

 For more information please read the following article: 

Practical tips for measuring your QMS according to ISO 9001:2015 clause 9.1: https://advisera.com/9001academy/blog/2017/08/29/practical-tips-for-measuring-your-qms-according-to-iso-90012015-clause-9-1/

2. Do every product recall will require an advisory notice? Is there any advisory notice which will not required a product recall?

No, every product recall does not require an advisory notice. Removals from the market for purely commercial non-safety related reasons do not require advisory notice.

For more information on how to handle recalls, what are the synonyms and meaning of wording iin EU market, please find MEDDEV 2.12/1, revision 8 (January 2013) and Additional guidelines for MEDDEV 2.12/1 (published July 2019). Both documents can be found on the following link in section 2.12 PostMarket surveillance: https://ec.europa.eu/growth/sectors/medical-devices/current-directives/guidance_en 

For more information on recalls, corrections and removals under FDA, please look in the following link: https://www.fda.gov/medical-devices/postmarket-requirements-devices/recalls-corrections-and-removals-devices

For more information on recalls and advisory notices for medical devices, please read the following article:

How to manage recalls and advisory notices for medical devices according to ISO 13485 https://advisera.com/13485academy/blog/2017/08/31/how-to-manage-recalls-and-advisory-notices-for-medical-devices-according-to-iso-13485/

Evaluation of training effectiveness

According to ISO 9000:2015 effectiveness is about measuring the extent to which planned results are met. What are the planned results of training? Training is given with a purpose; training is given to meet an objective. An effective training is a training that meets its objective.

For example, we train people to learn how to use our company software. And we set as our objective that one week after training, people already know how to use the software and are autonomous, they don’t need more than one help per day.

If after that one week we meet our objective, we can say that the training was effective. Please note that each training has a different purpose and a different objective, and different timings to check effectiveness. So, evaluating training effectiveness requires predetermining training objectives and timing to check effectiveness.

The following material will provide you more information about effectiveness:

- Article – How to measure training effectiveness according to ISO 9001 - https://advisera.com/9001academy/blog/2016/03/29/how-to-measure-training-effectiveness-according-to-iso-9001/
- Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

Measuring the effectiveness of QMS

What is the difference between measuring effectiveness of QMS and measuring effectiveness of a process?

Answer:

We wrote “one can measure the effectiveness of a QMS by evaluating the extent to which the quality objectives are achieved.” 

The same approach can be used to measure process effectiveness. Each process has one or more indicators that allow measuring its performance against its purpose. So, one can measure the effectiveness of a process by evaluating the extent to which the process indicators’ targets are achieved.

QMS can be effective without all processes being effective?

Answer:

A QMS is the result of the sum of its processes. When we go from the individual (process) into the global (system) there is one thing that we call emergence, because a system is more than just summing its individual parts. So, we have to be careful about emergence and thinking about linear relationships between the sum of the individuals and the whole. Having said that I can agree that a QMS can be effective even if some of its processes are not effective. Please consider that not all processes have the same impact on QMS objectives. In my consulting work it is normal to find processes that must exist but don’t contribute to strategy execution, for example.

QMS Turtle Diagram

If I have understood you correctly, the size of your subgroup will be 1. If you have only 1 piece, you cannot calculate standard deviation because there is no standard deviation if there is no more than 1 piece. You will need to have a sample of more than 30 to get valid statistical data.

Customer feedback

Yes you are right. If you receive return product for investigation that is customer property, and you need to handle it in accordance with the requirement 7.5.10 of ISO 13485:2016. 

ISO 9001 main clauses

I’m afraid I cannot help you. ISO 9001 is a standard for quality management systems, and a system is more than just the sum of its individual parts. So, all clauses of ISO 9001 are important because without some the whole would not work.

If an organization competes on innovation, clauses 8.2 and 8.3 are very important.

If an organization competes on service, clauses 8.2 and 8.5 are very important.

If an organization competes on price, clauses 8.4 and 8.5 are very important.

But the context, the interested parties, the process approach, the policy and objectives, the resources, the monitorization and improvement are also very important.

The following material will provide you more information about ISO 9001:

- Article – Six Key Benefits of ISO 9001 Implementation - https://advisera.com/9001academy/knowledgebase/six-key-benefits-of-iso-9001-implementation/
- Free webinar on demand - Overview of ISO 9001 implementation steps - https://advisera.com/9001academy/webinar/overview-of-iso-9001-implementation-steps-free-webinar-on-demand/
- Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- ISO 9001:2015 Documentation Toolkit - https://advisera.com/9001academy/iso-9001-documentation-toolkit/
- Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
 

Aspect VS Impact

How does an organization interact with the environment?
Through its activities and products or services.

An organization’s environmental aspects are all those elements that interact with the environment through its activities, products or services. For example, an organization during production consumes energy, generates waste, generates noise, can generate air emissions and/or wastewater discharges.

Environmental impacts are the changes, actual or potential, to the organization’s environment resulting from its environmental aspects.

ISO 14001:2015 clause 6.1.2 is about determining environmental aspects and impacts. I would say that determining environmental aspects and impacts is the cornerstone of any Environmental Management System.

The following material will provide you more information about aspects and impacts:

- Article - 4 steps in identification and evaluation of environmental aspects - https://advisera.com/14001academy/knowledgebase/4-steps-in-identification-and-evaluation-of-environmental-aspects/
- Article - Environmental aspect identification and classification - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/environmental-aspect-identification-and-classification/
- Free webinar - Free webinar - ISO 14001: Identification and evaluation of environmental aspects - https://advisera.com/14001academy/webinar/iso-14001-identification-and-evaluation-of-environmental-aspects-free-webinar-on-demand/
- Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
- Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/

ISO 14001 and organization context

No, internal and external issues are determined independently. Relevant internal issues are a function of an organization’s past and strategy. Relevant external issues are a function of an organization’s macro and micro neighborhood and strategy.

The following material will provide you more information about context and interested parties:

- Article - Determining the context of the organization in ISO 14001 -https://advisera.com/14001academy/knowledgebase/determining-the-context-of-the-organization-in-iso-14001/
- White paper - Case study for ISO 14001:2015 transition in a construction company - https://info.advisera.com/14001academy/free-download/case-study-for-iso-14001-2015-transition-in-a-construction-company
- Enroll for free in the course - ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
- Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/