Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11277 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Document expiry date and SIC code
1. We aren’t too clear on the following: is having review and expiry dates on our policy documents, is that a must or is having them setting ourselves up for failure, should we have documents displayed past review date
Normally, organizations only include issuing date on their documents. I know that some economic sectors, like pharma, use the expiry dates on documents because some FDA’s requirements state that documents should be reviewed every X years. That way looking for a document with an expiry date is very easy to check if the revision was done or not.
2. In the past, we seem to have different SIC codes on our WTN from different suppliers. My question is should we have one SIC code as a company? Or does it differ with waste? Whatever our waste output per activity the core function of the company is the same. We are a manufacturer of Aluminum façade and soffit systems.
SIC codes provide a framework for collecting and presenting a large range of statistical data according to economic activity. So, co mpanies must have a SIC code and one SIC code is usually sufficient for most companies, but you may select up to four SIC codes to describe the nature of your company’s business activities. It is not unusual for companies more complex or specialized to have more than one SIC code.
SIC codes do not change according to waste streams. So, your WTN should be showing only one SIC code, unless your company has more than one and makes sense to differentiate waste streams per core business.
The following material will provide you more information on waste managing:
7 steps in handling waste according to ISO 14001 – https://advisera.com/14001academy/blog/2016/11/07/7-steps-in-handling-waste-according-to-iso-14001/
Free webinar – Free webinar – ISO 14001: Identification and evaluation of environmental aspects – https://advisera.com/14001academy/webinar/iso-14001-identification-and-evaluation-of-environmental-aspects-free-webinar-on-demand/
Free online training – ISO 14001:2015 Foundations Course – https://advisera.com/training/iso-14001-internal-auditor-course/
Book – The ISO 14001:2015 Companion – https://advisera.com/books/the-iso-14001-2015-companion/
-
Documentation process
Documentation in ISO 9001:2015 can be divided in two types: documents and records. Basically a record is a form that has been completed. There is some documentation that is mandatory, duch as the quality policy, or the scope of the QMS, and other that is optional, that is, the organization can decide to have it or not, such as the quality manual or procedures.
Here you can find the list of the mandatory documentation and other commonly used – List of mandatory documents required by ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/
I recommend organizations to create at the beginning a procedure for document and record control, stablishing responsibilities, document owners, control of documents, codification , updates, etc. This way the documentation process will work smoothly during the implementation. This procedure is not mandatory but it is very helpful.
In this ar ticle you can read more about the document control in ISO 9001:2015 – New approach to document and record control in ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/
You can also see these materials to help you with the documentation process in ISO 9001:2015 - Book: Discover ISO 9001:2015 through practical examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Free on-line training – ISO 9001:2015 Foundations - https://advisera.com/training/iso-9001-foundations-course/
-
Organization Chart and ISO 9001:2015
ISO 9001:2015 has no requirement for the existence of an organization chart. When the process approach was introduced in the ISO 9001:2000 version that requirement was deleted because in the limit the process approach and the organization chart represent two conflicting ways of managing an organization. Having written that, once organizations use organization charts and mention them on their documentation it is usual for auditors to request it, during audits. Also, I believe that some auditors ask for it because they think it is an ISO 9001 requirement. The following material will provide you more information about responsibilities and authorities: How to document roles and responsibilities according to ISO 9001 – https://advisera.com/9001academy/blog/2018/02/26/how-to-document-roles-and-responsibilities-according-to-iso-9001/ You can check that the organizational chart does not appear it this list – List of mandatory documents required by ISO 9001:2015 – https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/ Free online training – ISO 9001:2015 Foundations Course – https:… Book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
The use of a toolkit for a QMS
Our toolkit is designed to be really easy to use with documents that contain many comments explaining how to complete them, but also with links to relevant materials that will help your company to understand the requirements covered in each template.
In addition, there is unlimited email support included in the toolkits so you can ask any question that you may have during the implementation. In the top of this you will have expert meetings 1 to 1 with one of the experts in ISO 9001 who will clarify any doubt during the QMS project. Also, you have at least one document for review by an ISO 9001 expert.
This means that even if you face some difficulties during some steps of the implementation, you will have not only the documents but all the support you need to overcome them.
For more information about the benefits of using a toolkit in the implementation o f the standard ISO 9001:2015, see the following materials:
- Free Webinar - How to use a documentation toolkit for the implementation of ISO 9001: https://advisera.com/9001academy/webinar/how-to-use-a-documentation-toolkit-for-the-implementation-of-iso-9001-free-webinar-on-demand/
- Book – Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Free on-line training – ISO 9001:2015 Foundations: https://advisera.com/training/iso-9001-foundations-course/ -
Life cycle perspective
Response:
This life cycle assessment is just required by ISO 14001 during the identification of the environmental aspects and impacts. This is not required by either ISO 9001 or ISO 45001.
What you need to consider are all the environmental aspects of the activities, products and services from a life cycle perspective that your company can either control or influence. Life cycle stages include the acquisition of raw materials, design and development of a product, production, transportation and delivery, use, end of life treatment, and final disposal. Basically, your organization needs to be aware of all environmental impacts in each every stage of a product’s or service's life to manage the impacts in the best way possible.
Sometimes you won´t be able to control the environmental aspect or impact, for instance when your product is already delivered and will be disposed by the user. In this case you can opt by writing some instructions indicating how to best manage the disposal of the product by the consumer.
You can see these materials to help you with the life cycle assessment:
- Article - How does product life cycle influence environmental aspects according to ISO 14001:2015: https://advisera.com/14001academy/blog/2016/03/21/how-does-product-life-cycle-influence-environmental-aspects-according-to-iso-140012015/
- Article - Lifecycle perspective in ISO 14001:2015: what does it mean: https://advisera.com/14001academy/blog/2017/02/20/lifecycle-perspective-in-iso-140012015-what-does-it-mean/
- Book – The ISO 14001:2015 companion: https://advisera.com/books/the-iso-14001-2015-companion/
- Free on-line training – ISO 14001:2015 Foundations: https://advisera.com/training/iso-14001-internal-auditor-course/ -
Cumplimiento legal de ISO 9001:2015
Respuesta:
Según la norma ISO 9001:2015 la organización tiene que comprender e incluir tanto los requisitos legales como reglamentarios en el Sistema de Gestión de Calidad que sean aplicables a la organización, a sus procesos y los productos y servicios que ofrece.
Por lo tanto se pueden identificar dos tipos distintos de requisitos legales y reglamentarios:
- por un lado los aplicables a los productos y servicios: son aquellos que se refieren a las características y especificaciones de los productos y servicios para que sea posible su venta legal;
- y por otro los aplicables a los procesos y los procedimientos: son requisitos que suelen tener relación con la formación y las competencias de los trabajadores para realizar los procesos, o requisitos para asegurar la seguridad de los empleados durante la realización de sus actividades.
Es importante asignar un responsable o responsables para la identifica ción de estos requisitos legales y reglamentarios así como mantenerlos actualizados para poder cumplir con los mismos.
Estos materiales pueden ayudarle a entender los requisitos legales y reglamentarios de la organización:
- Artículo - How to include statutory and regulatory requirements in your QMS: https://advisera.com/9001academy/blog/2017/02/14/how-to-include-statutory-and-regulatory-requirements-in-your-qms/
- Libro - Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Curso gratuito en línea - Curso de fundamentos de la norma ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/ -
Do people working in departments excluded from scope have to be trained for QMS?
Answer:
People from marketing (included in the scope) need to be trained for the certain procedure related to QMS, that you as a management find it necessary. People working in departments excluded from the scope of the QMS does not need do be trained in various procedures from QMS.
According to point 6.2, it is the responsibility of the organization to determine what competencies and training are required for a particular job. -
Would becoming ISO 13485 compliant benefit customers more than ISO 9001?
Answer:
Yes, because ISO 13485 is made strictly for the manufacturer of medical devices. ISO 13485 allows a company to demonstrate that it consistently meets customer's needs, medical device regulatory requirements and complies with local legislation. It is, in certain points, related to ISO 9001, but ISO 13485 emphasizes areas such as risk management, the work environment, and medical device documentation and reporting.
For more information about ISO 13485 structure and requirements, please read the following article:
ISO 13485 structure and requirements https://advisera.com/13485academy/what-is-iso-13485/
For more information about similarities beteweed FDA nad ISO 13 485, please read the following link:
https://advisera.com/13485academy/blog/2017/10/05/differences-and-similarities-between-fda-21-cfr-part-820-and-iso-13485/
01 -
Evidencing requirements
The customer has a very small organization, with an IT organization of 5 people.Almost all IT services are outsourced using Google cloud.
1 - What is the best way to deal with controls like logging, capacity management, cabling security, monitoring system use etc. All the measures associated with this control are followed up by the supplier. Our customer does not know exactly how Google Cloud has implemented the measures for this control. Google cloud is ISO 27001 certified.
Answer: The best way to handle controls managed by suppliers is by means of information security clauses in contracts or service agreements, where these clauses enforce the level of protection you expect from the supplier.
For more information, see:
- 6-step process for handling supplier security according to ISO 27001 https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/
- Which security clauses to use for supplier agreements? https://advisera.com/27001academy/blog/2017/06/19/which-security-clauses-to-use-for-supplier-agreements/
2 - My question is:Is it necessary to explain how these controls are implemented by Google or is a more general reference for example a reference to the certification of google cloud sufficient?
Answer: Since your customer is participating in a government tender you have to consider the tender's rules to identify which level of detail is required to fulfill the tender process. In other words, if the tender rules require you to explain how the controls are implemented, then referencing to Google's certification is not going to be enough. -
Filling SoA
Answer:
In this case (when you have a large number of risks to refer in the SoA) I suggest you to list in the SoA only the IDs of the 3 or 4 most critical risks related to this control and inform the quantity of other risks that justify the application of this control that can be found in the results of risk assessment. See this example:
"Risks #3, #18, #27, and 23 other risks that can be found in the results of risk assessment."