Search results

Elaboración de un procedimiento

No existe la obligación de escribir un procedimiento documentado para la realización de auditorías internas. De hecho, la última versión de la norma IS 9001:2015 no requiere de la creación de ningún tipo de procedimiento de manera obligatoria, sino que es la organización la que debe de decidir qué es lo que más útil para cumplir con un determinado requisito. A veces puede resultar lo más recomendable escribir un procedimiento, ya que se establecen responsabilidades y un método de realización de la auditoría que va a ayudar a que se realice el proceso de forma sistemática, es decir, que siempre se sigan los mismos pasos a la hora de llevar a cabo una auditoría interna.

Aquí puede ver una lista de los documentos obligatorios de ISO 9001:2015 así como los documentos más comúnmente utilizados - Lista de documentos obligatorios requeridos por la ISO 9001:2015: https://advisera.com/9001academy/pt-br/kit-de-documentacao-da-iso-9001/nowledgebase/lista-de-documentos-obligatorios-requeridos-por-la-iso-90012015/

Lo que le recomiendo es tener una lista de verificación o checklist que abarque todos los requisitos de la norma, e incluso procesos específicos como el de producción. Aquí puede descargar un checklist para la auditoría interna del proceso de fabricación de forma gratuita - ISO 9001 internal audit checklist for manufacturing companies: https://info.advisera.com/9001academy/free-download/iso-9001-internal-audit-checklist-for-manufacturing-companies

Vea estos materiales para obtener más información sobre los procedimientos para auditorías internas en ISO 9001:2015:

- Artículo https://advisera.com/9001academy/blog/2015/03/10/7-steps-in-writing-qms-policies-and-procedures-for-iso-9001/

- Libro - Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

- Curso gratuito en línea - Curso de fundamentos de la norma ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/

Documentación obligatoria

Los procedimientos no son obligatorios en la norma ISO 9001:2015, luego ninguno de los procesimientos que menciona son obligatorios para cumplir con la norma. En realidad, corresponde a la organización decidir si opta por desarrollar un procedimiento o no, dependiendo de si lo considera de utilidad para cumplir con los requisitos de ISO 9001. Por otro lado, cada empresa tiene sus propios procesos y debe aplicar los requisitos de la norma a los procesos existentes, es decir, si por ejemplo una empresa no cuenta con un determinado proceso como el de diseño y desarrollo, deberá especificarlo en el alcance para poder excluir los requisitos correspondientes a la cláusula de diseño y desarrollo, que es la cláusula 8.3 de la norma. 

Aquí puede ver una lista de los documentos obligatorios de ISO 9001:2015 así como los documentos más comúnmente utilizados - Lista de documentos obligatorios requeridos por la ISO 9001:2015: https://advisera.com/9001academy/pt-br/kit-de-documentacao-da-iso-9001/nowledgebase/lista-de-documentos-obligatorios-requeridos-por-la-iso-90012015/

Además estos materiales pueden serle de utilidad a la hora de determinar qué documentos son obligatorios en ISO 9001:2015:

- Libro - Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

- Curso gratuito en línea - Curso de fundamentos de la norma ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/

ISO 9001:2015 clause 7.1.5

Since the 1987 version, ISO 9001 has been changing the designation of what is used to ensure the validity of results. I remember that the first one was something like “Inspection, Measuring and Test Equipment”, in the 2000 version became “Control of Monitoring and Measuring Devices”. Both ISO 9001:2015 and ISO 9001:2008 only include the definition of measuring equipment. Measuring equipment is a general designation that includes things like measuring instruments, software, reference materials (it can be a picture or an oil with a certain viscosity). According to the dictionary, a device can be a measuring instrument or combination of instruments among other things. I believe that the ISO 9001:2015 adoption of the term “resources” was a way of using a general designation that can be applied in several fields. For example, people use masks to check results of psychological tests more easily. Is it a piece of equipment? A device? An instrument? I cannot give you a definite answer because in these cases I just want to work with ISO 9001 definitions. 

The following material will provide you more information monitoring resources:

Articles – Monitoring and Measurement: The basis for evidence-based decisions - https://advisera.com/9001academy/blog/2020/09/21/how-to-perform-monitoring-and-measurement-according-to-iso-9001/- Enroll for free courses - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/- books – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ 

ISO Certification Steps

A waste management company may want to get ISO 9001 to improve efficiency, reduce costs and increase relevant interested parties satisfaction. A waste management company may want to get ISO 14001 to improve its image and credibility among relevant interested parties. A waste management company may apply simultaneously to both certifications through an integrated management system. So, this is a management decision, not a technical decision.

The following material will provide you more information about how Advisera can help you either with ISO 9001 or with ISO 14001 certification:

Articles - Please look for information in our blogs – https://advisera.com/9001academy/blog/ and https://advisera.com/14001academy/blog/

- Free webinars on demand - https://advisera.com/9001academy/webinars/ and https://advisera.com/14001academy/webinars/

- Free downloadable resources and tools - https://advisera.com/9001academy/free-downloads// and https://advisera.com/14001academy/free-downloads/

- Toolkits that can help you right away and reduce the implementation time - ISO 14001:2015 Documentation Toolkit - https://advisera.com/14001academy/iso-14001-documentation-toolkit/ and ISO 9001:2015 Documentation Toolkit - https://advisera.com/9001academy/iso-9001-documentation-toolkit/ or for an integrated system - ISO 9001:2015 & ISO 14001:2015 Integrated Documentation Toolkit - https://advisera.com/14001academy/iso-9001-iso-14001-integrated-toolkit/

- Enroll for free courses - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/ and ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/

- Books – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ and The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/

Requirements for the certification-process

I cannot fool you and write that. Certification is not just the output of a paper filling operation. So, before buying any document I invite you to enroll for free in our ISO 9001:2015 Foundations Course, that way you will plunge into the standard and get an idea about what is and what is needed. And you will not lose your time because you will learn the basics to interact with certification auditors in the future. Implementing a quality management system according to ISO 9001:2015 is about following some rules, satisfying customers, and meeting important objectives.

Health information

1. Do we need to get the consent before?

My assumption is that you have a legal obligation to send the health information to the Ministry of Health and if this is the case you don`t need to ask the data subjects for consent. However, in the privacy notice addressed to them you would need to mention that their personal data, as well as health data, will be sent to state authorities based on an existing legal obligation.
If you want to find out more about privacy notices check out this free webinar Privacy Notices under the EU GDPR (https://advisera.com/eugdpracademy/webinar/privacy-notices-under-the-eu-gdpr-free-webinar-on-demand/).

2. Are we allowed to keep copies of their ID cards?

I would advise you to keep copies of IDs only if you have a specific legal obligation to do so. There are quite very limited situations where keeping copies of IDs would be justified.

3. Are there any security requirements on how to protect health data?

The EU GDPR does not impose specific security requirements these need to be decided depending on the types and categories of personal data you are processing. Since you are processing health-related data I would suggest having in place more strict measures such as encryption both in transit and at rest. ISO 27001 can be used as an example of best practices when it comes to security measures.

4. We are sending some health data but only non aggregated/statistical data to some of our producers that are outside the EU are there any specific thing we need to do?

If the data is truly and irreversibly anonymized you can send it without restriction.

IT staff and DPO availability

This is totally up to you. However, it is hard to believe that nobody is available as it is quite important, especially if there is a data breach, so I highly suggest you find either a third party that is permanently involved and knows how your system works or get somebody internal to fill for the IT person and the DPO.

If you want to find out more about what is expected from a DPO check out this free webinar Role of the DPO according to EU GDPR (https://advisera.com/eugdpracademy/webinar/role-of-the-dpo-according-to-eu-gdpr-free-webinar-on-demand/).

How to implement ISO 14001?

You can say that your proposal for implementation starts with a Gap Analysis to establish a baseline, a starting point. Then, you can prepare an implementation plan to determine:

• Context and interested parties 
• Risks and opportunities 
• Aspects and impacts and
• Compliance obligations

From there you can define an environmental policy and objectives, and evaluate priorities and design a set of action plans to act upon:

• Critical risks and opportunities 
• Significant environmental impacts 
• Relevant compliance obligations and 
• Environmental objectives.

While implementing the action plans training will be identified and given, procedures will be written, monitoring plans will be designed and implemented. Then, an internal audit will be done, and a management review will take place to evaluate what was done and prepare the next management cycle iteration.

The following material will provide you more information about aspects and impacts:

- Article - Is a gap analysis desirable for ISO 14001 implementation? - https://advisera.com/14001academy/blog/2016/11/14/is-a-gap-analysis-desirable-for-iso-14001-implementation/

-ISO 14001:2015 Gap Analysis Tool - https://advisera.com/14001academy/iso-14001-gap-analysis-tool/

- Article - 4 steps in identification and evaluation of environmental aspects - https://advisera.com/14001academy/knowledgebase/4-steps-in-identification-and-evaluation-of-environmental-aspects/

- Environmental aspect identification and classification - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/environmental-aspect-identification-and-classification/

- Free webinar - Free webinar - ISO 14001: Identification and evaluation of environmental aspects - https://advisera.com/14001academy/webinar/iso-14001-identification-and-evaluation-of-environmental-aspects-free-webinar-on-demand/

- Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/

- Enroll for free in this course – ISO 14001:2015 Lead Implementer Course - https://advisera.com/training/iso-14001-lead-implementer-course/

- Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/

Methodology for opportunities

The ISO 45001:2018 standard does not dictate any specific process or format to follow for identifying and addressing OH&S opportunities. Many companies will simply do this through a brainstorming session with top management to identify what opportunities exist and what needs to be done about them; the opportunities can then be tracked through a simple spreadsheet or any other tracking mechanism used by the company for planned activities. Other companies may use a more formal SWOT analysis (Strengths, Weaknesses, Opportunities & Threats) to identify the opportunities that are available.

No matter what process you use, it is important to make sure it is a benefit for your organization and not just a complex and confusing process that you think you need to satisfy a requirement which does not provide any advantage to you.

For a better understanding of the requirements for risks and opportunities in ISO 45001:2018, see that article: What are the new requirements for risks and opportunities according to ISO 45001?, https://advisera.com/45001academy/blog/2018/04/25/what-are-the-new-requirements-for-risks-and-opportunities-according-to-iso-45001/

Review of Control A13.1

First of all, you have to check the contract/service agreement your organization has with AWS regarding security clauses. Normally such reviews are performed by means of audits (internal or by AWS certification bodies), or results of penetration tests.

These articles will provide you a further explanation about handling supplier security:
- 6-step process for handling supplier security according to ISO 27001 https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/
- Which security clauses to use for supplier agreements? https://advisera.com/27001academy/blog/2017/06/19/which-security-clauses-to-use-for-supplier-agreements/