Search results

ISO 9001:2015 Questions

Thank you, verymuch sir  for enlighting

Intergación de procedimientos

Considero que es mejor tratar los procedimientos por separado, de hecho en nuestro paquete de documentos que integra las tres normas abordamos las cuestiones de forma separada, ya que se trata de una parte muy importante del sistema de gestión. Si se combinan los requisitos de las tres normas puede llevar a dejarse algo en el tintero. Por ejemplo, en el caso de la identificación de los aspectos ambientales y sus riesgos, es necesario llevar a cabo previamente un análisis sencillo del ciclo de vida del producto o servicio, para posteriormente identificar los aspectos ambientales significativo de los procesos que controla o influye la organización y los riesgos asocuados. En el caso del sistema de gestión de calidad simplemente se puede realizar un análisis DOFA (debilidades, oportunidades, fortalezas y amenazas) en el que se identifican los riesgos y las oportunidades y posteriormente son abordados aquellos que se consideran significativos. 

La ventaja de hacerlo de forma conjunta es que la organización ahorra documentación, pero como menciono anteriormente puede llevar a la falta de identificación de algún riesgo, aspecto ambiental, o peligro para la salud y seguridad en el trabajo, con las consecuencias que conlleva. 

Estos materiales pueden ayudarle con la identificación de los riesgos y oportunidades en ISO 9001

- Artículo - How to identify risk significance in ISO 9001:2015: https://advisera.com/9001academy/blog/2019/01/14/how-to-identify-risk-significance-in-iso-90012015/

- Artículo - How to identify risk controls in ISO 9001:2015: https://advisera.com/9001academy/blog/2019/01/21/how-to-identify-risk-controls-in-iso-90012015/

- ISO 14001 - ISO 14001 risks and opportunities vs environmental aspects: https://advisera.com/14001academy/blog/2016/06/06/iso-14001-risks-and-opportunities-vs-environmental-aspects/

- Artículo - Hazards vs risks: what is the difference according to ISO 45001: https://advisera.com/45001academy/blog/2016/03/23/hazards-vs-risks-what-is-the-difference-according-to-disiso-45001/

- Libro - Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

- Libro – The ISO 14001:2015 companion: https://advisera.com/books/the-iso-14001-2015-companion/

"Shall" statement

This is a question that often comes up during webinars. How to evidence something that ISO 9001:2015 does not compel to document?

This is why I believe ISO 9001:2015 is better understood from the point of view of an organization that had never implemented a quality system and is starting from scratch. Let me answer with an example. Consider an organization that has nothing written about risks. How can they evidence that risks were determined, evaluated and actions were taken?

Let us consider the process “Buy material”.

Can anyone order materials to a supplier? 

- No, only authorized functions
- Can you order a material from any supplier? 

No, only suppliers included in the Suppliers Approved List
- Can delivered materials be sent directly to production? 

No, only after a quality control done by the warehouse.
- Can non-conforming material be sent to production inadvertently? 

No, non-conforming material is labeled as non-conforming as is segregated to a special space.
- Come on people operate your process they can fail. 

Yes, they can fail but yo minimize that we defined competencies for each function, we select and train people according to those competencies

You see, these are things that an organization with a quality management system already implemented is already doing to avoid or reduce risks, without using that terminology. So, search for evidences like these. I’m sure you can find them if you put another kind of lenses.

The following material will provide you more information about auditing:

- Article - List of mandatory documents required by ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/ (there is no shortage of mandatory records that can be used to check evidences by “triangulation”)
- Free webinar on demand – How to implement risk management in ISO 9001:2015 - https://advisera.com/9001academy/webinar/how-to-implement-risk-management-in-iso-90012015-free-webinar-on-demand/
- Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

IT Auditor Skills improvement

Job security and career growth depends on many parameters. Some of them are influenced by your efficiency and results and others are business/economic related. Here are a few examples:

• Your expertise
• Your efficiency/results you'll achieve
• Customer feedback
• Professional approach
• Market (and conditions on the market)
• Number of customers
• Etc.

This article (although written for ISMS, it's completely applicable to other standards as well) will help you understand how to become Lead Auditor:
How to become ISO 27001 Lead Auditor https://advisera.com/27001academy/knowledgebase/how-to-become-iso-27001-lead-auditor/
You can Enroll for free to our ISO 27001:2013 Lead Auditor Course https://advisera.com/training/iso-27001-lead-auditor-course/

Applicability of EU GDPR

The key to understanding when EU GDPR is applicable is understanding the meaning of “in the Union.” The EU GDPR will only apply to personal data regarding individuals within the Union, while the nationality or habitual residence of those individuals is irrelevant. For example, a company based in the EU which is processing the data of Japanese individuals located in Japan will still need to comply with the EU GDPR. Consequently, the Japanese individuals will be benefiting from all rights according to the EU GDPR, even if these rights do not exist in their own nation’s laws.

When the data of EU citizens is processed outside of the EU by companies which are also outside the EU, then this is not considered to be “in the Union”. For example, the EU GDPR will not be applicable for a school which is based in the United States just because there is a possibility that one or several of its students would be EU citizens. In this case the processing does not take place “in the Union,” nor is the individual “in the Union”.

If you want to find out more about the EU GDPR check out this EU GDPR Foundations Course (https://advisera.com/training/eu-gdpr-foundations-course//).

Guidelines for implementation

To start your implementation of AS9100 Rev D there are three things that are important to know. The first is the overall process that will need to be followed, which you can see in this downloadable diagram: AD9100 Rev D implementation diagram, https://info.advisera.com/9100academy/free-download/as9100-rev-d-implementation-diagram. The second thing to learn is the requirements of the standard, which you can find an overview at this link: Clause-by-clause explanation of AS9100 Rev D, https://info.advisera.com/9100academy/free-download/clause-by-clause-explanation-of-as9100-rev-d Finally, it is important to understand what necessary documentation is needed, which you can find here: AS9100 Rev D List of Mandatory Documents, https://info.advisera.com/9100academy/free-download/as9100-rev-d-list-of-mandatory-documents

The Auditing Process

In the certification audit it was established that your organization’s quality management system (QMS) complied with the requirements of ISO 9001:2015.

In the surveillance audit, auditors will be less concerned with the design of the QMS and much more focused in getting evidences about:

• Is the system still implemented?
• Is the system effective?

That way, the approach that you designed is valid.

The following material will provide you more information about the surveillance audit:

- What is an ISO 9001 surveillance audit? - https://advisera.com/9001academy/blog/2016/10/18/what-is-an-iso-9001-surveillance-audit/
- Surveillance visits vs. certification audits - https://advisera.com/27001academy/knowledgebase/surveillance-visits-vs-certification-audits/
- Enroll for free course - ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-9001-internal-auditor-course/
- book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

Input and output processes in manufacturing electronics processes

ISO 9001:2015 is very general and applicable to all economic sectors. So, it has no specific suggestions for the manufacturing of electronic processes.

Every organization is different but perhaps you can customize this general example that I use in the webinar about the process approach:

P&S stands for Products and Services

The following material will provide you more information about the process approach:

- Article - ISO 9001: The importance of the process approach - https://advisera.com/9001academy/blog/2015/12/01/iso-9001-the-importance-of-the-process-approach/
- Free webinar on demand – The Process Approach - What it is, why it is important, and how to do it -https://advisera.com/9001academy/webinar/iso-9001-process-approach-free-webinar-on-demand/
- Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ (see the list of figures inside the book, a detailed development of the process approach)

ISO 17025 Auditing

I assume your question is about performing the internal audit 

The main purpose for performing internal audits of your Company’s ISO 17025 management system is to check how effective the system is, by checking if the right things have been implemented and if they are adequately maintained.

The role of ISO 17025 internal auditors is to look at the laboratory’s processes (both management and technical) and check for:

• conformity to ISO 17025 (where the requirements of ISO 17025 were correctly identified during implementation?)
• conformity to your laboratory’s own requirements (is there evidence that the implemented processes compare to what was planned in your management system?).

Internal auditing is also a great tool to find opportunities for making improvements to processes.

The auditing process starts with auditors having a good understanding of the requirements and purpose of  the ISO/IEC 17025:2017 standard (see the all-new 17025 Academy https://advisera.com/17025academy/). 
The next step is the planning, followed by performing the audit and producing the audit report, where you will include the list of nonconformances raised.

Look at our ISO 9001 Internal Auditor Course (https://advisera.com/training/iso-9001-internal-auditor-course/) modules 5 to 8 that provide the details, also applicable to ISO 17025:

The following material will provide you more information about internal audits:

ISO Internal Audit: A Plain English Guide - https://advisera.com/books/iso-internal-audit-plain-english-guide/

13 Steps for ISO 9001 Internal Auditing using ISO 19011 - https://advisera.com/9001academy/knowledgebase/13-steps-for-iso-9001-internal-auditing-using-iso-19011/

ISO/IEC 19011 is an international standard that provides guidelines for auditing any management system and is applicable to ISO 17025 auditing as well.

Risk and opportunities in the laboratories

The steps and measures taken to address risks and opportunities will vary depending on the context of the laboratory. Although ISO/IEC 17025:2017 does not require a documented risk management process or formal risk management program, laboratories must consider and address risks that may impact on its activities and objectives. At the same time, laboratories must actively seek opportunities for improvement. Methods to identify risks and opportunities include subjective and objective techniques and can include brainstorming, common professional sense, historical events and use of analysis tools like SWOT analysis (process to identify strengths, weaknesses, opportunities, and threats.). As a minimum, a laboratory must perform risk assessment by identifying risks and opportunities, considering the potential impact on the validity of results, and treating the risks to the extent considered necessary. This can be recorded in a Risk Index.

Here the thinking must be extended beyond internal risks such as risks to your own customers, to an external context where you consider your customer’s customer or other external parties.  For example, a calibration laboratory that performs calibrations for testing laboratories needs to consider the impact of inaccurate results or incomplete reports on the testing laboratory’s use of those results. This is because any errors generated by the calibration laboratory will be incorporated into the work of the testing laboratory, with a knock-on impact on the customers of the testing laboratory.

For more information, see these ISO 9001 materials that are relevant also for ISO 17025:

How to identify the context of the organization in ISO 9001:2015 https://advisera.com/9001academy/blog/2015/05/26/how-to-identify-the-context-of-the-organization-in-iso-90012015/

How to address risks and opportunities in ISO 9001 https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/

Methodology for ISO 9001 Risk Analysis https://advisera.com/9001academy/blog/2015/09/01/methodology-for-iso-9001-risk-analysis/

The Role of Risk Assessment in the QMS https://advisera.com/9001academy/blog/2014/01/07/role-risk-assessment-qms/