Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11277 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Sharing information with customer
Answer:
The laboratory should communicate the result, the identification of method used (code, for example), the identification of any calibrated standards used and if the method is within the scope of the accreditation. -
Employees, KPI and scope
Answer:
The requirements of your EMS apply whenever those employees are working under the scope of your EMS. ISO 14001:2015 clause 7.2 a) is not about employees, is about person(s) doing work under the control of the organization. For example, consider a major maintenance intervention in a factory, employees from subcontractors should comply with company requirements (safety and environment).
2. And, we rent several offices in a large facility external to our site, essentially the rent covers all costs for utilities and waste disposal etc. Does this agreement negate our obligatory responsibilities in regard to waste disposal and tracking energy usage (this is something our group specifies as a KPI)?
Answer:
Is that facility included in your EMS scope? Have your organization any control about what is goin g on inside those offices?
If the answer is “no” to any of these two questions, I do not believe your organization is negating obligatory responsibilities.
The following material will provide you more information about an EMS scope:
How to determine the scope of the EMS according to ISO 14001:2015 - https://advisera.com/14001academy/blog/2016/02/01/how-to-determine-the-scope-of-the-ems-according-to-iso-140012015/
Free online training – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/ -
Documents within the Quality Manual Handbook
Answer:
According to the ISO 13485 Standard, the quality manual must have your documents within it or you must make a reference to the documents applicable to your QMS.
Your final decision should take a few things into consideration:
Deciding to include all of your documents within the manual, you want to ensure every time a document is revised, updated, and/or expired that the quality manual is also updated to ensure there are no inconsistencies in your documents. Pros: Creates a centralized location where staff can always find documents related to your QMS. Cons: Any inconsistencies with documents within the Quality Manual could result in a nonconformance. Also the size of the quality manual grows resulting in longer review time, approval time and training by employees.
Providing a reference to your documents could be accomplished by including a list of document names and numbers. Pros: A list of document names a nd numbers covers future revision changes. Also prevents staff from having to sort through information not relevant to their job duties.Cons: Updates to a reference of documents would still include document retirement, new documents issued, title changes or number scheme changes.
The key here is to determine what will work best for your Quality Management System.
For more information, please read articles:
How to structure Quality Management System documentation according to ISO 13485
https://advisera.com/13485academy/knowledgebase/how-to-structure-quality-management-system-documentation-according-to-iso-13485/
How to manage the Quality Manual according to ISO 13485:2016 requirements
https://advisera.com/13485academy/knowledgebase/how-to-manage-the-quality-manual-according-to-iso-13485-requirements/ -
Becoming an ISO auditor
Answer
First, you must know ISO 9001:2015.
Second, you must know good auditing practices.
Third, you must have experience doing internal audits.
Fourth, you must have training to be a lead auditor.
Fifth, contact a certification body and ask how you can apply to become a Lead Auditor.
The following material will provide you more information:
ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-9001-internal-auditor-course/
ISO 9001:2015 Lead Auditor Course - https://advisera.com/training/iso-9001-lead-auditor-course/
- book – ISO Internal Audit: A Plain English Guide - https://advisera.com/books/iso-internal-audit-plain-english-guide/ -
Implementing documentation
Answer
Start with determining your documentation hierarchy. Then, define templates for each type of IMS document. Then, for each type of IMS document determine which particular documents will be needed. Then, identify who can/must help you writing those particular documents and design a timetable with them.
The following material will provide you more information documentation:
How to structure quality management system documentation- https://advisera.com/9001academy/knowledgebase/how-to-structure-quality-management-system-documentation/
List of mandatory documents required by ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/
- Enroll for free course - ISO 9001:2015 Foundations Course - https:// /course/iso-90012015-foundations-course/
- book – Managing ISO Documentation: A Plain English Guide - https://advisera.com/books/managing-iso-documentation-plain-english-guide/ -
Major and minor nonconformities
I would like to know if the definition of major and minor non-compliance presented in the article below is based on any normative reference? https://advisera.com/27001academy/pt-br/blog/2014/06/04/nao-conformidades-maiores-vs-menores-na-auditoria-de-certificacao/
Answer:
A definição de não conformidade maior e menor apresentada neste artigo é baseada nas melhores práticas usadas pelos organismos de certificação para os auditores de certificação. A ISO 17021, a norma ISO para órgãos que fornecem auditoria e certificação de sistemas de gestão, declara que uma não conformidade deverá ser classificada. Observe que essa classificação não é obrigatória para auditorias internas (na maioria das vezes essa classificação não é necessária para auditorias internas).
The definition of major and minor non-compliance prese nted in this article are based on best practice used by certification bodies for certification auditors. ISO 17021, the ISO standard for bodies providing audit and certification of management systems, states that a non-compliance shall be classified. Please note that this grading is not mandatory for internal audits (most often such grading is not necessary for internal audits). -
Risk, opportunities and non-conforming product
Answer:
Risks and opportunities are deviations from the expected due to uncertainty.
When dealing with non-conforming outputs we expect to treat them correctly, avoid unintended use and learn with them.
What kind of positive and negative deviations can you determine around non-conforming outputs in your organization?
Examples of risks can be:
* Failure to identify non-conforming outputs;
* Wrongly classifying conforming outputs as non-conforming;
* Disposal of non-conforming outputs that could be corrected.
Examples of opportunities can be:
* Downgrade non-conforming outputs and sell them instead of their disposal;
* Use non-conforming outputs as raw material for a high margin product.
The following material will provide you more information about risks and opportunities:
Article - How to address risks and opportunities in ISO 9001 - https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
- Free webinar - How to implement risk management in ISO 9001:2015 - https://advisera.com/9001academy/webinar/how-to-implement-risk-management-in-iso-90012015-free-webinar/
- Free online training - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- Book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Who is a supplier?
Answer:
According to ISO 9000:2015, a supplier is an organization that provides a product or a service. There is no reference to the level of control.
The fact is that your organization uses a service provided. Although your organization has no control over the National service, it is interested in its performance. Imagine that the weather data is wrong or always late, your software’s clients may become unsatisfied.
The following material will provide you more information about supplier evaluation:
- How to evaluate supplier performance according to ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/10/27/how-to-evaluate-supplier-performance-according-to-iso-90012015/
- Free online training - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- Book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
2. Can "Turtles" replace a procedure?
Answer:
“Turtles” can replace a procedure. There is no ISO definition of what is a procedure. So, any solution useful for a particular organization is welcomed. -
Applicable for GDPR?
Answer:
Probably one of the most important changes, the GDPR will enjoy extended applicability affecting entities not established in the EU. Of course, some conditions must be met for the extraterritoriality to be applicable. The EU GDPR will apply to the processing of personal data of EU data subjects, regardless of whether the processing activities take place in the EU or not. The EU GDPR is also applicable to entities established outside the EU if they offer goods or services to individuals in the Union, or if they monitor the behavior of individuals in the Union (i.e., profiling activities, tracking individuals’ activities on the internet, etc.).
The key to understanding when EU GDPR is applicable is understanding the meaning of “in the Union.” The EU GDPR will only apply to personal data regarding individuals within the Union, while the nationality or habitual residence of those individuals is irrelevant. For example, a company based in the EU which is processing the data of Japanese individuals located in Japan will still need to comply with the EU GDPR. Conseque ntly, the Japanese individuals will be benefiting from all rights according to the EU GDPR, even if these rights do not exist in their own nation’s laws.
When the data of EU citizens is processed outside of the EU by companies which are also outside the EU, then this is not considered to be “in the Union”. For example, the EU GDPR will not be applicable for a school which is based in the United States just because there is a possibility that one or several of its students would be EU citizens. In this case, the processing does not take place “in the Union,” nor is the individual “in the Union”.
If you want to find out more about the extraterritorial reach of the EU GDPR check out this EU GDPR Foundations Course (https://advisera.com/training/eu-gdpr-foundations-course//). -
Implementing ISMS in other Business Dept.
Answer:
You must approach a scope extension as if it was a new implementation project (the steps are basically the same). The difference is that as a scope extension you have to assess how this inclusion will affect your current scope. For example, how you will handle access of the personnel of the new part of the scope to the current one? Access levels will be the same or will have to be updated? Since this new scope will include paper assets, how this will affect you information classification policy?
This article will provide you further explanation about ISO 27100 implementation:
- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
These materials will also help you regarding ISO 27100 implementation:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/