Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Handling nonconformities


    Answer: I'm assuming you are referring to control A.6.1.5 - Information security in project management.

    First it is important to note that there are many similarities with implementing an ISMS in an organisation that you can use to drive the implementation of this control in a specific project:

    1 – You have to define information security objectives and include them in the project objectives, the same way you define information security objectives for an ISMS aligned with organization's objectives, the only difference is that these objectives are restricted to the scope of the project

    2 – You have to perform at the beginning, and periodically, information risk assessments in the project, like you would do it with other business processes, to identify necessary controls

    3 – You have to ensure that information security practices are part of all phases of the project (e.g., from the issue of the project charter to project closing)

    In short, you can think the inclusion of information security in project management as if you are going to implement a small ISMS that will fit the projects needs and will be proportional to the project's lifetime and budget.

    Considering these, you would be using the same documents you use for an ISM applied to your organization (there is no need for documents specific for managing information security in a project) , and for any non conformity related to ISO 27001 you can use a document called Corrective Action Form, which describes the non-conformity, its cause, defines corrective / preventive actions and verification method of their implementation.

    To see how this document looks like, I suggest you to take a look at this free demo: https://advisera.com/27001academy/documentation/procedure-for-document-and-record-control/

    This article will provide you further explanation about non conformities:
    - Practical use of corrective actions for ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2013/12/09/practical-use-of-corrective-actions-for-iso-27001-and-iso-22301/

  • ISO 45001 implementation and integration


    Answer:
    Implementing ISO 45001:2018 follows a fairly simple path, common to all ISO management system implementations, where you identify the requirements that need to be put in place (including Iso 45001 as well as legal and other requirements), then you identify how you will satisfy these requirements for the organization. Using this information, you put in place the policies, processes and procedures needed to meet all requirements, use the processes to gather records, and monitor and improve the management system through internal audit, management review and corrective action. Finally, you will have auditors from a certification body come to verify that your processes meet the requirements of ISO 45001.

    A more thorough diagram of this implementation process can be found here: Diagram of ISO 45001 Implementation Process, https://info.advisera.com/45001academy/free-download/diagram-of-iso-45001-implementation-process

    As for incorporating ISO 45001 into an IMS, this is certainly possible and often preferred. Both standards now follow the same document structure so it is easy to see what is common, such as internal audit, control of documented information and management review. In this way you can even use the same processes and procedures for these common elements and ensure that you cover both aspects of the processes.

    You may find it helpful to read the free whitepaper: How to integrate ISO 45001 with ISO 9001 and ISO 14001, https://advisera.com/45001academy/blog/2018/09/12/how-to-integrate-iso-45001-with-iso-9001-and-iso-14001/

  • GDPR standard contractual clauses

    - Standard Contractual Clauses for the Transfer of Personal Data to Controllers
    - Standard Contractual Clauses for the Transfer of Personal Data to Processors

    Answer:

    The European Commission is empowered to recognize standard contractual clauses (known as model contract clauses) as offering adequate safeguards and allow entities to use these clauses to regulate international data transfers (where one party is outside the EU)

    - Standard Contractual Clauses for the Transfer of Personal Data to Controllers were issued under Commission Decision 2001/497/EC, dated 15 June 2001 – in which the Commission approved model clauses for transfers from data controllers in the EEA to data controllers outside the EEA.

    - Standard Contractual Clauses for the Transfer of Personal Data to Processors were issued under Commission Decision 2002/16/EC, dated 27 December 2001 – in which the Commission approved model clauses for transfers from data controllers in the EEA to data processors outside the EEA.

    You can fin d out more about Standard Contractual clauses from our free webinar How to make personal data transfers to other countries compliant with GDPR (https://advisera.com/webinars/how-to-make-personal-data-transfers-compliant-with-gdpr-free-webinar-on-demand/)

  • Complaints handling and corrective actions

    Assuming complaints including full investigation and CAPA correction/corrective actions recommendation.

    Answer
    Not all complaints investigation needs to end in a CAPA.
    When an organization receive a complaint, it should not care about CAPA. When a complaint is received the priority is arriving at an answer to the client. I see it as if the clock was ticking, the sooner the client receives an answer the more likely the relationship and the credibility will be saved. When a complaint is received the top job is to close it, the client wants his or her problem solved. After arriving at an agreed solution with the client, the complaint can be closed. The last step when closing a complaint can be evaluating the need for a CAPA. I invite organizations to ask two questions:
    • Was the complaint very serious, ca n it damage credibility and image?
    • Is the complaint recurring with an unacceptable frequency?
    If the answer to at least of one those questions is yes, then perhaps the organization should develop a CAPA. Now there is no time pressure, the client is no longer part of the problem. Well in some B2B cases, clients require information about the implementation of a CAPA. Developing an effective CAPA can take a lot a time because hypothesis must be tested and root causes find and that is not something necessarily linear.

    The following material will provide you more information about complaint answering:
    - ISO 13845 – How to comply with ISO 13485:2016 requirements for handling complaints - https://advisera.com/13485academy/blog/2017/03/21/how-to-comply-with-iso-134852016-requirements-for-handling-complaints/
    - ISO 13485 continual improvement: Seven-step process for corrective and preventive actions - https://advisera.com/13485academy/knowledgebase/iso-13485-continual-improvement-seven-step-process-for-corrective-and-preventive-actions/
    - free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    - book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Riesgos en ISO 9001, cambios versión 2015 y activos importantes


    Respuesta:

    El aspecto más importante a tener en cuenta son aquellos riesgos que afectan a la calidad de los productos que ofrece la organización, en este caso los alimentos. En cuanto a la matriz de riesgos de una empresa puede llevarla a cabo mediante un análisis DOFA, donde debe definir las debilidades, oportunidades, fortalezas y amenazas de su empresa con respecto a la calidad de sus productos. Este análisis DOFA también es empleado para determinar el contexto de la organización, otro requisito de ISO 9001:2015. Por otro lado, puede emplear el método AMEF (Análisis Modal de Efectos y Fallas) para el análisis de riesgos junto con el habitual Análisis de Peligros y Puntos Críticos de Control (APPCC) que es ampliamente requerido en la industria alimentaria, para proporcionar un análisis má s pormenorizado de los riesgos.

    Para más información puede ver los siguientes artículos:
    - How to address risks and opportunities in ISO 9001: https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
    - How to identify risk significance in ISO 9001:2015: https://advisera.com/9001academy/blog/2019/01/14/how-to-identify-risk-significance-in-iso-90012015/

    Con respecto a los cambios de la ISO 9001:2015 en relación a ISO 9001:2008, entre los más significativos se encuentran la determinación del contexto de la organización y el pensamiento basado en riesgos. Sin embargo hay otros cambios importantes que puede consultar en los siguientes materiales:
    - Artículo - Infografía ISO 9001:2015 vs. revisión del 2008: qué ha cambiado: https://advisera.com/9001academy/pt-br/kit-de-documentacao-da-iso-9001/nowledgebase/infografia-iso-90012015-vs-revision-del-2008-que-ha-cambiado/

    Respecto al activo más importante, considero que como el objetivo de la norma ISO 9001:2015 es la mejora continua en relación a la calidad de los productos y servicios que ofrece la organización, esto sólo puede obtenerse mediante las personas que forman parte de esa organización. De hecho, las organizaciones más efectivas y eficientes son aquellas que gestionan su activo humano con un carácter estratégico.

    Para más información sobre el recurso humano en ISO 9001, puede ver los siguientes materiales:
    - How to create an ISO 9001:2015 human resources audit checklist: https://advisera.com/9001academy/blog/2019/02/28/how-to-create-an-iso-90012015-human-resources-audit-checklist/

    Además estos materiales pueden serle de utilidad para saber más sobre riesgos, cambios en la norma y activos importantes en ISO 9001:2015:
    - Libro– Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
    - Curso gratuito en línea – Curso de fundamentos de la norma ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/

  • Context: a controlled document?

    I mean is it enough - according to ISO 9001:2015 - to have a soft copy of the context? Shall I keep a print out of the context in a certain file? or shall it be kept as a controlled copy.

    Answer
    ISO 9001:2015 does not include any requirement for documenting the context. Organizations are free to decide if they want to document their context determination. For example, in many implementation projects organizations decide to consider context determination as a record.

    The following material will provide you more information about document control:
    - ISO 9001 – List of mandatory documents required by ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/
    - ISO 9001:2015 Case study: Context of the organization as a success factor in manufacturing company - https://advisera.com/9001academy/blog/2016/10/11/iso-90012015-case-study-context-of-the-organization-as-a-success-factor-in-manufacturing-company/
    - How to identify the context of the organization in ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/how-to-identify-the-context-of-the-organization-in-iso-90012015/
    - free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    - book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Design controls

    For example, if we have an excising product (tubing), but want to make it in a different size, does it need to go through the design controls, or would the excising one cover it? If i want our design controls to cover different sizes, can the design drawings be made without measurements to accommodate all? any advice would be greatly appreciated.

    Answer:

    From the information provided, that you will make changes to the size of the product, I would say that you can´t exclude the clause 8.3 - Design and development of products and services, therefore you need to apply controls to th e process. The reason is that your organization have to conduct reviews of the product (tubing) , and other verification and validation activities.

    Regarding your second question and if I understood correctly, I think you can make controls to cover different sizes as long as you comply with the requirements of the standard. But then you will need to make some kind of design process in order to "accommodate" the product to customer needs. Also, remember you must keep records of the controls applied.

    For more information about design process you can see the following materials:
    - Article - What clauses can be excluded in ISO 9001:2015: https://advisera.com/9001academy/blog/2015/07/07/what-clauses-can-be-excluded-in-iso-90012015/2015/
    - Article - ISO 9001 design process explained: https://advisera.com/9001academy/blog/2013/11/05/iso-9001-design-process-explained/
    - Book – Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
    - Free on-line training – ISO 9001:2015 Foundations: https://advisera.com/training/iso-9001-foundations-course/

  • Writing a production instruction manual guide


    Answer
    I can only give you general guidelines. I recommend gathering a team and start with drawing a flowchart of your production process. Then take advantage of the collective knowledge and start determining what can go wrong with your process. Yes, use the risk-based approach and determine what can go wrong with your process that can affect:
    The safety of your people;
    The quality of your products;
    The cost of your production;
    The planning of your production.
    Then, link those potential risks to the activities where they can act or where their impact can be sensed.
    Now, considering those activities and risks, identify what process parameters or material/product parameters should be controlled to check if everything is OK. Then define:
    Who will control those parameters;
    When will those parameters be controlled;
    What targets and specifications will determine if the activity is OK or NOK;
    Wh at monitoring resources will be used;
    Is there any need for visual samples to determine OK or NOK state?
    Where will the control result be recorded?
    Who will analyze performance trends?
    Will work instructions be needed to help perform any of those activities, minimizing nonconformities and variation?

    I hope this can give you a frame to start that project.

    The following material will provide you more information about production control:
    - ISO 9001 – Managing Production and Service Provision using ISO 9001 - https://advisera.com/9001academy/blog/2017/11/21/managing-production-and-service-provision-using-iso-9001/
    - free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    - book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Method for recording inspection activities


    I am interested in moving towards this method of capturing data as we currently only record dimensional data on a paper that is filed away. Data is not being used in SPC or any track/trend analysis. If something is found out of tolerance, the manufacturer is notified of the issue.

    Reading ISO 13485-2016, it seems that sections 7.4.3 & 4.2.5 only state that inspection activities are to be established and maintained. I believe the method described above would be acceptable and would like to have an outside opinion. Thanks!

    Answer:

    The method that you described above is acceptable if you are ok with that. Here is just important to point out that the company determines the specification of the purchased product, and that the company is solely responsible for how thorough the verification of the purchased product will be. If using this method you are sure that you will see and register products that stand out from the required measures, then this is acceptable.

    For more details on how to implement requirement 7.4, please read article: How can ISO 13485 clause 7.4, Purchasing, enhance procurement?
    https://advisera.com/13485academy/blog/2018/04/18/how-can-iso-13485-clause-7-4-purchasing-enhance-procurement/

  • Validation vs Verification

    Thanks  for your input
Page 547-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +