Search results

Controlled and uncontrolled copies

They need to be controlled copies in compliance with clause 7.5.2 that talks about the control of documented information of the QMS, and it includes documents of external origin such as supplier product specifications, standards, legislation , etc.. A controlled copy is the latest version of the document and when a change is made the document needs to be retreived and replaced. An uncontrolled copy, is a non controlled copy, meaning that is not replaced when a new version is issued. Usually uncontrolled copies are printed copies,.

To learn more about control of documents in ISO 9001:2015, see this article – New approach to document and record control in ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/

Internal audit questions

I will make my first consultations as part of the purchase of the ISO 271001 implementation package, and my consultations are as follows:

In an ISO 27001 Internal Audit report is it possible to detail the conformities as Major and Minor or only as Non-Conformities? Since if I take the ISO 19001 Guideline, it does not divide it as major and minor, simply as Nonconformity only

ISO 27001 does not prescribe that Non-Conformities must be graded, so you can treat all of them only as Non-Conformities. The use of minor and major Non-Conformities are more used for certification bodies as a best practice.

While an Internal Audit Report is true, it details the Findings (Non-Conformities) and observations, what would happen if the audited organization is all CONFORMITY? Is it possible that in the Internal Audit Report it mentions how many CONFORMITIES did I find?

It is very unusual for an internal audit to be concluded with no non conformities identified, but in such cases the best course of action for the internal auditor is to highlight the good points identified in the internal audit and the observations, which could be considered for opportunities of improvement. Reporting the number of conformities normally won't add value to organization.

Template content about spam e-mail

If the results of your risk assessment support the decision about treating (spear)phishing instead of email spam you can edit the document accordingly. The template is fully editable and the standard does not prescribe the details about controls Implementation.

List for external documents – Non conformance

The control of external documentation includes those documents and records necessary for the planning and operation of the QMS. As you mention this is a requirement of the clause 7.5.3.2 of ISO 9001:2015, and therefore you need to address the following activities in relation to that documentation of external origin as per 7.5.3.1, including:

a) distribution, access, retrieval and use;

b) storage and preservation, (including legibility);

c) control of changes (i.e. version of the document);

d) retention and disposition.

I recommend you to write a procedure containing how you control documents and records, including external a nd internal documented information.

For the external documentation you can, for instance, do the following:

• relevant emails can be saved in an specific folder, for instance client email folder;
• new standards and laws, can be saved in a legal compliance folder;
• government and authorities letters can be stored in a government letters folder.

For each folder you will need to assign the person/s responsible for its updating and maintenance, as well as who will have access and right to edit those documents.

In addition, in the procedure of the control of documents and records you need to stablish a codification for each document and record, so you can easily control any change or update,

You can see these materials to help you with the control of list of external documents and records:

• Article – What does external documents control mean in ISO 9001: https://advisera.com/9001academy/blog/2019/02/04/what-does-external-documents-control-mean-in-iso-9001/
• Book – Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
• Free on-line training – ISO 9001:2015 Foundations: https://advisera.com/training/iso-9001-foundations-course/

Document expiry date and SIC code

1. We aren’t too clear on the following: is having review and expiry dates on our policy documents, is that a must or is having them setting ourselves up for failure, should we have documents displayed past review date

Normally, organizations only include issuing date on their documents. I know that some economic sectors, like pharma, use the expiry dates on documents because some FDA’s requirements state that documents should be reviewed every X years. That way looking for a document with an expiry date is very easy to check if the revision was done or not.

2. In the past, we seem to have different SIC codes on our WTN from different suppliers. My question is should we have one SIC code as a company? Or does it differ with waste? Whatever our waste output per activity the core function of the company is the same. We are a manufacturer of Aluminum façade and soffit systems.

SIC codes provide a framework for collecting and presenting a large range of statistical data according to economic activity. So, co mpanies must have a SIC code and one SIC code is usually sufficient for most companies, but you may select up to four SIC codes to describe the nature of your company’s business activities. It is not unusual for companies more complex or specialized to have more than one SIC code.

SIC codes do not change according to waste streams. So, your WTN should be showing only one SIC code, unless your company has more than one and makes sense to differentiate waste streams per core business.

The following material will provide you more information on waste managing:

7 steps in handling waste according to ISO 14001 – https://advisera.com/14001academy/blog/2016/11/07/7-steps-in-handling-waste-according-to-iso-14001/

Free webinar – Free webinar – ISO 14001: Identification and evaluation of environmental aspects – https://advisera.com/14001academy/webinar/iso-14001-identification-and-evaluation-of-environmental-aspects-free-webinar-on-demand/

Free online training – ISO 14001:2015 Foundations Course – https://advisera.com/training/iso-14001-internal-auditor-course/

Book – The ISO 14001:2015 Companion – https://advisera.com/books/the-iso-14001-2015-companion/

Documentation process

Documentation in ISO 9001:2015 can be divided in two types: documents and records. Basically a record is a form that has been completed. There is some documentation that is mandatory, duch as the quality policy, or the scope of the QMS, and other that is optional, that is, the organization can decide to have it or not, such as the quality manual or procedures.

Here you can find the list of the mandatory documentation and other commonly used – List of mandatory documents required by ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/

I recommend organizations to create at the beginning a procedure for document and record control, stablishing responsibilities, document owners, control of documents, codification , updates, etc. This way the documentation process will work smoothly during the implementation. This procedure is not mandatory but it is very helpful.

In this ar ticle you can read more about the document control in ISO 9001:2015 – New approach to document and record control in ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/

You can also see these materials to help you with the documentation process in ISO 9001:2015 - Book: Discover ISO 9001:2015 through practical examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

- Free on-line training – ISO 9001:2015 Foundations - https://advisera.com/training/iso-9001-foundations-course/

Organization Chart and ISO 9001:2015

The use of a toolkit for a QMS

Life cycle perspective