Search results

Necessity of ISO 9001 for ISO 17025

ISO 9001 certification is not needed by a laboratory before achieving accreditation to ISO 17025.

For an easy-to-understand explanation of the ISO/IEC 17025:2017 standard, please read the following article:
What is ISO 17025? - https://advisera.com/17025academy/what-is-iso-17025/

Please check our ISO/IEC 17025 Blog for useful articles https://advisera.com/17025academy/blog/, including:
Checklist of ISO 17025 implementation steps - https://advisera.com/17025academy/blog/2019/08/28/checklist-of-iso-17025-implementation-steps/

Medical Device File

Medical device file is a set of documents that describe a product and can prove that the product was designed and manufactured in accordance with ISO 13485 requirements and other applicable requirements. On the European market, all medical devices must have the Technical file under 93/42/EEC of the Medical Devices Directive (MDD). This technical file is in accordance with the medical device file. On the US market, medical devices must have a Desing master record according to the FDA, which also matches the medical device file. So for guidelines on how to prepare a medical device file, please search in the mentioned regulations.

For more information on ISO 13485:2016 requirements for medical device files, please read the following article: 

ISO 13485:2016 requirements for medical device files https://advisera.com/13485academy/blog/2017/06/28/how-to-meet-iso-13485-requirements-for-medical-device-files/

SOA and Control Objectives

Common practice is that the names of controls and text of control objectives can be used, ISO organization does not seem to have a problem with such an approach. However, you should not copy anything else from the standard.

To see how a Statement of Applicability looks like, I suggest you take a look at the demo of our Statement of Applicability at this link: https://advisera.com/27001academy/documentation/statement-of-applicability/

This article will provide you further explanation about Statement of Applicability:
- The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/

ISO 9001 mandatory documents

Mandatory documents are important, they are the minimum required by the standard. However, you should also think about the complexity of your organization, the amount of training given and the people turnover. Organizations use those variables to evaluate the need to develop other kind of documentation, besides the minimum required, according to ISO 9001:2015 clause 4.4.2.

The following material will provide you more information about required documentation:

- List of mandatory documents required by ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/
- Please check this warning about documentation and implementation - ISO 27001 documents – Why the templates are not enough? - https://advisera.com/27001academy/blog/2012/04/24/the-documentation-myth-why-the-templates-are-not-enough/
- Documentation Toolkit - Product Tour: ISO 9001 Documentation Toolkits - https://advisera.com/9001academy/product-tour/
- Free webinar - ISO 9001:2015 clause 4 - Context of the organization, interested parties, and scope - https://advisera.com/9001academy/webinar/iso-90012015-clause-4-context-of-the-organization-interested-parties-and-scope-free-webinar-on-demand/
- Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
 

Documents for Welding and Fabrication company

Mandatory documents are important, they are the minimum required by the standard. However, you should also think about the complexity of your organization, the amount of training given and the people turnover. Organizations use those variables to evaluate the need to develop other kind of documentation, besides the minimum required, according to ISO 9001:2015 clause 4.4.2.

The following material will provide you more information about required documentation:

- Article - List of mandatory documents required by ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/
- Please check this warning about documentation and implementation - ISO 27001 documents – Why the templates are not enough? - https://advisera.com/27001academy/blog/2012/04/24/the-documentation-myth-why-the-templates-are-not-enough/
- Documentation Toolkit - Product Tour: ISO 9001 Documentation Toolkits - https://advisera.com/9001academy/product-tour/
- Free webinar - ISO 9001:2015 clause 4 - Context of the organization, interested parties, and scope - https://advisera.com/9001academy/webinar/iso-90012015-clause-4-context-of-the-organization-interested-parties-and-scope-free-webinar-on-demand/
- Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

Multiple suppliers

ISO 9001:2015 has no requirements about the number of suppliers. So, your organization can decide to have a sole supplier. If there are risks from that situation it is up to your organization to determine them, evaluate them and act preventively.

The following material will provide you more information about suppliers and risks:

- Article - How to evaluate supplier performance according to ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/10/27/how-to-evaluate-supplier-performance-according-to-iso-90012015/
- Article - Risk-based thinking replacing preventive action in ISO 9001:2015 – The benefits - https://advisera.com/9001academy/knowledgebase/risk-based-thinking-replacing-preventive-action-in-iso-90012015-the-benefits/
- Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- Book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

Documents for ISO 27001 controls

Advisera's ISO 27001 Documentation Toolkit does not have a document for each and every control from ISO 27001 because of the following reasons:

• 1) ISO 27001 does not require each and every control to be documented
• 2) If the toolkit had a document for each control, there would be too many documents, and this would be an overkill for smaller and mid-size companies.

Since our target are SMEs, we have decided to include an optimum amount of documents for companies of this size - the toolkit includes:

• All the mandatory documents - e.g. Information Security Policy, Statement of Applicability, Risk Assessment Methodology, Access Control Policy, etc.
• Documents that are not mandatory, but are commonly used - e.g. BYOD Policy, Classification Policy, Password Policy, Backup Policy, etc.

You can see a full list of documents included in the toolkit in this page: https://advisera.com/27001academy/iso-27001-documentation-toolkit/

Quality management

In ISO 9001:2015 there is no direct requirement for Quality manager, while ISO 13485:2016 have a requirement for person called Management representative (requirement 5.5.2). The management representative is usually the same person as the quality manager because he or she is responsible for implementing and maintaining quality in the organization.

For more detailes, please read following articles: 

How to define roles and responsibilities within an ISO 13485-based QMS

https://advisera.com/13485academy/blog/2017/11/16/how-to-define-roles-and-responsibilities-within-an-iso-13485-based-qms/

What is the job of the Quality Manager according to ISO 9001?

https://advisera.com/9001academy/blog/2016/08/23/what-is-the-job-of-the-quality-manager-according-to-iso9001/

Disaster recovery plan template

Please note that ISO 27001 does not prescribe the sections a document must contain, so organizations are free to develop them the way it best fits their needs. 

Considering that, the DRP structure does not contain a reference documents section, and it is different from other documents in the toolkit, like policies and procedures, because it needs to contain only the most necessary information in order not to confuse its users during a very stressful situation (disruption). 

Regarding controls A.17.1.2 and A.17.2.1, the needed documents for implementing the Disaster Recovery Plan must be referenced in section 10 (Additional documents).

GR&R frequency requirement

GR&R (Gage Repeatability & Reproducibility) requirement in "IATF 16949" is requested by clause 7.1.5.1.1 Measurement System Analysis, there is no direct requirement for frequency. In the Control plan, you should set the frequency. It can be given by customer-specific requirements or set by the company if there is a high risk for some process for potential measurement errors.

An example can be a customer-specific requirement for GR&R that can be requested for every shipment if it is OEM (Original Equipment Manufacturing) or it can be requested if there were non-conformities.

For more information on Measurement System Analysis, please read our article: How to establish Measurement System Analysis: https://advisera.com/16949academy/blog/2017/11/08/how-to-establish-measurement-system-analysis-according-to-iatf-16949/