Search results

Home / Search

Category:
Select
Select

11277 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • GDPR standard contractual clauses

    - Standard Contractual Clauses for the Transfer of Personal Data to Controllers
    - Standard Contractual Clauses for the Transfer of Personal Data to Processors

    Answer:

    The European Commission is empowered to recognize standard contractual clauses (known as model contract clauses) as offering adequate safeguards and allow entities to use these clauses to regulate international data transfers (where one party is outside the EU)

    - Standard Contractual Clauses for the Transfer of Personal Data to Controllers were issued under Commission Decision 2001/497/EC, dated 15 June 2001 – in which the Commission approved model clauses for transfers from data controllers in the EEA to data controllers outside the EEA.

    - Standard Contractual Clauses for the Transfer of Personal Data to Processors were issued under Commission Decision 2002/16/EC, dated 27 December 2001 – in which the Commission approved model clauses for transfers from data controllers in the EEA to data processors outside the EEA.

    You can fin d out more about Standard Contractual clauses from our free webinar How to make personal data transfers to other countries compliant with GDPR (https://advisera.com/webinars/how-to-make-personal-data-transfers-compliant-with-gdpr-free-webinar-on-demand/)

  • Complaints handling and corrective actions

    Assuming complaints including full investigation and CAPA correction/corrective actions recommendation.

    Answer
    Not all complaints investigation needs to end in a CAPA.
    When an organization receive a complaint, it should not care about CAPA. When a complaint is received the priority is arriving at an answer to the client. I see it as if the clock was ticking, the sooner the client receives an answer the more likely the relationship and the credibility will be saved. When a complaint is received the top job is to close it, the client wants his or her problem solved. After arriving at an agreed solution with the client, the complaint can be closed. The last step when closing a complaint can be evaluating the need for a CAPA. I invite organizations to ask two questions:
    • Was the complaint very serious, ca n it damage credibility and image?
    • Is the complaint recurring with an unacceptable frequency?
    If the answer to at least of one those questions is yes, then perhaps the organization should develop a CAPA. Now there is no time pressure, the client is no longer part of the problem. Well in some B2B cases, clients require information about the implementation of a CAPA. Developing an effective CAPA can take a lot a time because hypothesis must be tested and root causes find and that is not something necessarily linear.

    The following material will provide you more information about complaint answering:
    - ISO 13845 – How to comply with ISO 13485:2016 requirements for handling complaints - https://advisera.com/13485academy/blog/2017/03/21/how-to-comply-with-iso-134852016-requirements-for-handling-complaints/
    - ISO 13485 continual improvement: Seven-step process for corrective and preventive actions - https://advisera.com/13485academy/knowledgebase/iso-13485-continual-improvement-seven-step-process-for-corrective-and-preventive-actions/
    - free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    - book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Riesgos en ISO 9001, cambios versión 2015 y activos importantes


    Respuesta:

    El aspecto más importante a tener en cuenta son aquellos riesgos que afectan a la calidad de los productos que ofrece la organización, en este caso los alimentos. En cuanto a la matriz de riesgos de una empresa puede llevarla a cabo mediante un análisis DOFA, donde debe definir las debilidades, oportunidades, fortalezas y amenazas de su empresa con respecto a la calidad de sus productos. Este análisis DOFA también es empleado para determinar el contexto de la organización, otro requisito de ISO 9001:2015. Por otro lado, puede emplear el método AMEF (Análisis Modal de Efectos y Fallas) para el análisis de riesgos junto con el habitual Análisis de Peligros y Puntos Críticos de Control (APPCC) que es ampliamente requerido en la industria alimentaria, para proporcionar un análisis má s pormenorizado de los riesgos.

    Para más información puede ver los siguientes artículos:
    - How to address risks and opportunities in ISO 9001: https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
    - How to identify risk significance in ISO 9001:2015: https://advisera.com/9001academy/blog/2019/01/14/how-to-identify-risk-significance-in-iso-90012015/

    Con respecto a los cambios de la ISO 9001:2015 en relación a ISO 9001:2008, entre los más significativos se encuentran la determinación del contexto de la organización y el pensamiento basado en riesgos. Sin embargo hay otros cambios importantes que puede consultar en los siguientes materiales:
    - Artículo - Infografía ISO 9001:2015 vs. revisión del 2008: qué ha cambiado: https://advisera.com/9001academy/pt-br/kit-de-documentacao-da-iso-9001/nowledgebase/infografia-iso-90012015-vs-revision-del-2008-que-ha-cambiado/

    Respecto al activo más importante, considero que como el objetivo de la norma ISO 9001:2015 es la mejora continua en relación a la calidad de los productos y servicios que ofrece la organización, esto sólo puede obtenerse mediante las personas que forman parte de esa organización. De hecho, las organizaciones más efectivas y eficientes son aquellas que gestionan su activo humano con un carácter estratégico.

    Para más información sobre el recurso humano en ISO 9001, puede ver los siguientes materiales:
    - How to create an ISO 9001:2015 human resources audit checklist: https://advisera.com/9001academy/blog/2019/02/28/how-to-create-an-iso-90012015-human-resources-audit-checklist/

    Además estos materiales pueden serle de utilidad para saber más sobre riesgos, cambios en la norma y activos importantes en ISO 9001:2015:
    - Libro– Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
    - Curso gratuito en línea – Curso de fundamentos de la norma ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/

  • Context: a controlled document?

    I mean is it enough - according to ISO 9001:2015 - to have a soft copy of the context? Shall I keep a print out of the context in a certain file? or shall it be kept as a controlled copy.

    Answer
    ISO 9001:2015 does not include any requirement for documenting the context. Organizations are free to decide if they want to document their context determination. For example, in many implementation projects organizations decide to consider context determination as a record.

    The following material will provide you more information about document control:
    - ISO 9001 – List of mandatory documents required by ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/
    - ISO 9001:2015 Case study: Context of the organization as a success factor in manufacturing company - https://advisera.com/9001academy/blog/2016/10/11/iso-90012015-case-study-context-of-the-organization-as-a-success-factor-in-manufacturing-company/
    - How to identify the context of the organization in ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/how-to-identify-the-context-of-the-organization-in-iso-90012015/
    - free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    - book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Design controls

    For example, if we have an excising product (tubing), but want to make it in a different size, does it need to go through the design controls, or would the excising one cover it? If i want our design controls to cover different sizes, can the design drawings be made without measurements to accommodate all? any advice would be greatly appreciated.

    Answer:

    From the information provided, that you will make changes to the size of the product, I would say that you can´t exclude the clause 8.3 - Design and development of products and services, therefore you need to apply controls to th e process. The reason is that your organization have to conduct reviews of the product (tubing) , and other verification and validation activities.

    Regarding your second question and if I understood correctly, I think you can make controls to cover different sizes as long as you comply with the requirements of the standard. But then you will need to make some kind of design process in order to "accommodate" the product to customer needs. Also, remember you must keep records of the controls applied.

    For more information about design process you can see the following materials:
    - Article - What clauses can be excluded in ISO 9001:2015: https://advisera.com/9001academy/blog/2015/07/07/what-clauses-can-be-excluded-in-iso-90012015/2015/
    - Article - ISO 9001 design process explained: https://advisera.com/9001academy/blog/2013/11/05/iso-9001-design-process-explained/
    - Book – Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
    - Free on-line training – ISO 9001:2015 Foundations: https://advisera.com/training/iso-9001-foundations-course/

  • Writing a production instruction manual guide


    Answer
    I can only give you general guidelines. I recommend gathering a team and start with drawing a flowchart of your production process. Then take advantage of the collective knowledge and start determining what can go wrong with your process. Yes, use the risk-based approach and determine what can go wrong with your process that can affect:
    The safety of your people;
    The quality of your products;
    The cost of your production;
    The planning of your production.
    Then, link those potential risks to the activities where they can act or where their impact can be sensed.
    Now, considering those activities and risks, identify what process parameters or material/product parameters should be controlled to check if everything is OK. Then define:
    Who will control those parameters;
    When will those parameters be controlled;
    What targets and specifications will determine if the activity is OK or NOK;
    Wh at monitoring resources will be used;
    Is there any need for visual samples to determine OK or NOK state?
    Where will the control result be recorded?
    Who will analyze performance trends?
    Will work instructions be needed to help perform any of those activities, minimizing nonconformities and variation?

    I hope this can give you a frame to start that project.

    The following material will provide you more information about production control:
    - ISO 9001 – Managing Production and Service Provision using ISO 9001 - https://advisera.com/9001academy/blog/2017/11/21/managing-production-and-service-provision-using-iso-9001/
    - free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    - book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Method for recording inspection activities


    I am interested in moving towards this method of capturing data as we currently only record dimensional data on a paper that is filed away. Data is not being used in SPC or any track/trend analysis. If something is found out of tolerance, the manufacturer is notified of the issue.

    Reading ISO 13485-2016, it seems that sections 7.4.3 & 4.2.5 only state that inspection activities are to be established and maintained. I believe the method described above would be acceptable and would like to have an outside opinion. Thanks!

    Answer:

    The method that you described above is acceptable if you are ok with that. Here is just important to point out that the company determines the specification of the purchased product, and that the company is solely responsible for how thorough the verification of the purchased product will be. If using this method you are sure that you will see and register products that stand out from the required measures, then this is acceptable.

    For more details on how to implement requirement 7.4, please read article: How can ISO 13485 clause 7.4, Purchasing, enhance procurement?
    https://advisera.com/13485academy/blog/2018/04/18/how-can-iso-13485-clause-7-4-purchasing-enhance-procurement/

  • Validation vs Verification

    Thanks  for your input

  • Withdrawing documents


    Answer

    There is not a single answer. Each organization should develop its own approach. One can consider that withdrawing a document is another way of changing its version. Any document introduced and any following changes must be approved by an authorized function. Any document change should be communicated to users, formally or informally. So, for example, I would like to see an evidence that the withdrawing was approved by an authorized function, and I would like to see evidences of that communication, if informally, I would like to interview different previous users to check if they were informed. Different organizations will use different levels of formality.

    The following material will provide you more information about document control:

    - ISO 9001 – How to set up document approval/withdrawal within your QMS based on ISO 9001:2015 - https://advisera.com/9001academy/blog/2016/04/12/how-to-set-up-document-approvalwithdrawal-within-your-qms-based-on-iso-90012015/
    - New approach to document and record control in ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/
    - free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    - book – Managing ISO Documentation: A Plain English Guide - https://advisera.com/books/managing-iso-documentation-plain-english-guide/

  • ISO 27001 implementation project


    1. Would it be a good idea to start with a narrow scope and then extend it with time? (The top management is only interested in certification)

    Answer: Depending upon the size of the organization (up to 50 employees) it may be better to include all the organization in the scope, because the effort to separate the elements of the scope from other elements of the organization may be not worthy. In other cases you can start with a small scope and extend it over time, if this is interesting for the top management.

    These articles can provide further information:
    - How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
    - Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/

    2. How would i split the tasks among my team? For example should i ask one person to perform the risk assessment a nd then another person to perform the risk treatment? Or should these tasks be shared among the team?

    Answer: This will also depend on the size of the organization's scope, and the size of the implementation team.
    A common approach is to establish a project team which will divide the project among themselves, but you have to note that there will be some tasks that still for people outside of this team - e.g. performing a risk assessment for particular departments, reviewing specific documents, etc.

    This article will provide you further explanation about defining responsibilities on project implementation:
    - RACI matrix for ISO 27001 implementation project https://advisera.com/27001academy/blog/2018/11/05/raci-matrix-for-iso-27001-implementation-project/
Page 548-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +