Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11269 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Mandatory clauses
1. Risk Assessment and
2. Annexure controls
I still have some doubts on how should I read and understand the mandatory clauses. Do you have some video or book that gives examples of the use for mandatory clauses?
Answer:
Regarding video, I suggest you our "Free online training ISO 27001 Foundations Course" (https://advisera.com/training/iso-27001-foundations-course/) for a general understanding of the standard clauses.
Regarding specific clauses, our site provides several blogs about how to apply them. General guidance for you would be:
- Clause-by-clause explanation of ISO 27001 https://info.advisera.com/27001academy/free-download/clause-by-clause-explanation-of-iso-27001
- Step-by-step explanation of ISO 27001 risk management https://info.advisera.com/27001academy/free-download/step-by-step-explanation-of-iso-27001-risk-management
For each clause there are suggested articles you can read for further information. -
Certification holder
Answer:
If this customer is legally a branch of the larger company you can have the larger company on the certificate. On the other hand, if these organizations are legally separated companies you cannot define the larger company to be the certification holder. The whole point is the legal relation between these organizations. -
Sharing information with customer
Answer:
The laboratory should communicate the result, the identification of method used (code, for example), the identification of any calibrated standards used and if the method is within the scope of the accreditation. -
Employees, KPI and scope
Answer:
The requirements of your EMS apply whenever those employees are working under the scope of your EMS. ISO 14001:2015 clause 7.2 a) is not about employees, is about person(s) doing work under the control of the organization. For example, consider a major maintenance intervention in a factory, employees from subcontractors should comply with company requirements (safety and environment).
2. And, we rent several offices in a large facility external to our site, essentially the rent covers all costs for utilities and waste disposal etc. Does this agreement negate our obligatory responsibilities in regard to waste disposal and tracking energy usage (this is something our group specifies as a KPI)?
Answer:
Is that facility included in your EMS scope? Have your organization any control about what is goin g on inside those offices?
If the answer is “no” to any of these two questions, I do not believe your organization is negating obligatory responsibilities.
The following material will provide you more information about an EMS scope:
How to determine the scope of the EMS according to ISO 14001:2015 - https://advisera.com/14001academy/blog/2016/02/01/how-to-determine-the-scope-of-the-ems-according-to-iso-140012015/
Free online training – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/ -
Documents within the Quality Manual Handbook
Answer:
According to the ISO 13485 Standard, the quality manual must have your documents within it or you must make a reference to the documents applicable to your QMS.
Your final decision should take a few things into consideration:
Deciding to include all of your documents within the manual, you want to ensure every time a document is revised, updated, and/or expired that the quality manual is also updated to ensure there are no inconsistencies in your documents. Pros: Creates a centralized location where staff can always find documents related to your QMS. Cons: Any inconsistencies with documents within the Quality Manual could result in a nonconformance. Also the size of the quality manual grows resulting in longer review time, approval time and training by employees.
Providing a reference to your documents could be accomplished by including a list of document names and numbers. Pros: A list of document names a nd numbers covers future revision changes. Also prevents staff from having to sort through information not relevant to their job duties.Cons: Updates to a reference of documents would still include document retirement, new documents issued, title changes or number scheme changes.
The key here is to determine what will work best for your Quality Management System.
For more information, please read articles:
How to structure Quality Management System documentation according to ISO 13485
https://advisera.com/13485academy/knowledgebase/how-to-structure-quality-management-system-documentation-according-to-iso-13485/
How to manage the Quality Manual according to ISO 13485:2016 requirements
https://advisera.com/13485academy/knowledgebase/how-to-manage-the-quality-manual-according-to-iso-13485-requirements/ -
Becoming an ISO auditor
Answer
First, you must know ISO 9001:2015.
Second, you must know good auditing practices.
Third, you must have experience doing internal audits.
Fourth, you must have training to be a lead auditor.
Fifth, contact a certification body and ask how you can apply to become a Lead Auditor.
The following material will provide you more information:
ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-9001-internal-auditor-course/
ISO 9001:2015 Lead Auditor Course - https://advisera.com/training/iso-9001-lead-auditor-course/
- book – ISO Internal Audit: A Plain English Guide - https://advisera.com/books/iso-internal-audit-plain-english-guide/ -
Implementing documentation
Answer
Start with determining your documentation hierarchy. Then, define templates for each type of IMS document. Then, for each type of IMS document determine which particular documents will be needed. Then, identify who can/must help you writing those particular documents and design a timetable with them.
The following material will provide you more information documentation:
How to structure quality management system documentation- https://advisera.com/9001academy/knowledgebase/how-to-structure-quality-management-system-documentation/
List of mandatory documents required by ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/
- Enroll for free course - ISO 9001:2015 Foundations Course - https:// /course/iso-90012015-foundations-course/
- book – Managing ISO Documentation: A Plain English Guide - https://advisera.com/books/managing-iso-documentation-plain-english-guide/ -
Major and minor nonconformities
I would like to know if the definition of major and minor non-compliance presented in the article below is based on any normative reference? https://advisera.com/27001academy/pt-br/blog/2014/06/04/nao-conformidades-maiores-vs-menores-na-auditoria-de-certificacao/
Answer:
A definição de não conformidade maior e menor apresentada neste artigo é baseada nas melhores práticas usadas pelos organismos de certificação para os auditores de certificação. A ISO 17021, a norma ISO para órgãos que fornecem auditoria e certificação de sistemas de gestão, declara que uma não conformidade deverá ser classificada. Observe que essa classificação não é obrigatória para auditorias internas (na maioria das vezes essa classificação não é necessária para auditorias internas).
The definition of major and minor non-compliance prese nted in this article are based on best practice used by certification bodies for certification auditors. ISO 17021, the ISO standard for bodies providing audit and certification of management systems, states that a non-compliance shall be classified. Please note that this grading is not mandatory for internal audits (most often such grading is not necessary for internal audits). -
Risk, opportunities and non-conforming product
Answer:
Risks and opportunities are deviations from the expected due to uncertainty.
When dealing with non-conforming outputs we expect to treat them correctly, avoid unintended use and learn with them.
What kind of positive and negative deviations can you determine around non-conforming outputs in your organization?
Examples of risks can be:
* Failure to identify non-conforming outputs;
* Wrongly classifying conforming outputs as non-conforming;
* Disposal of non-conforming outputs that could be corrected.
Examples of opportunities can be:
* Downgrade non-conforming outputs and sell them instead of their disposal;
* Use non-conforming outputs as raw material for a high margin product.
The following material will provide you more information about risks and opportunities:
Article - How to address risks and opportunities in ISO 9001 - https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
- Free webinar - How to implement risk management in ISO 9001:2015 - https://advisera.com/9001academy/webinar/how-to-implement-risk-management-in-iso-90012015-free-webinar/
- Free online training - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- Book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Who is a supplier?
Answer:
According to ISO 9000:2015, a supplier is an organization that provides a product or a service. There is no reference to the level of control.
The fact is that your organization uses a service provided. Although your organization has no control over the National service, it is interested in its performance. Imagine that the weather data is wrong or always late, your software’s clients may become unsatisfied.
The following material will provide you more information about supplier evaluation:
- How to evaluate supplier performance according to ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/10/27/how-to-evaluate-supplier-performance-according-to-iso-90012015/
- Free online training - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- Book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
2. Can "Turtles" replace a procedure?
Answer:
“Turtles” can replace a procedure. There is no ISO definition of what is a procedure. So, any solution useful for a particular organization is welcomed.