Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11269 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
GDPR compliance
In this case, the employer should ensure that any data on the device cannot be stored or processed locally.
One solution would be using a "remote desktop" solution such as Citrix. In this case, we would not be facing a data transfer. -
Scope and specific procedures
Answer:
As long as the rules applicable to each part of the business are clear, an organization can have specific procedures for each business unit under a common certificate. Consider the example of a construction company with a unique certificate but different procedures in different sites due to local legislation and different customer requirements and different kind of project.
The following material will provide you information about scope definition:
- Article – How to define the scope of the QMS accordi ng to ISO 9001:2015 -https://advisera.com/9001academy/knowledgebase/how-to-define-the-scope-of-the-qms-according-to-iso-90012015/
- ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-9001-internal-auditor-course/
- Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Which of Compliance modules in Conformio are required by the ISO 13485&14971?
Answer:
You can use following Compliance modules: Customer complaints, Nonconformities, Corrective actions and Internal audits. But you can also use the templates from the toolkit for the same purpose - whatever suits you better. -
Is there a requirement for periodically documents review?
Answer:
There are no strict requirements for a periodical document review. In the clause 4.2.4. b) is stated that update of documentation should be done as necessary .
It is, therefore, left to the choice of every organization to assess this period on their own, and to set the criteria that will determine the periodical update. The purpose of the periodic review of documents is to make sure that all processes are carried out as described. There are often times that someone accidentally makes a small change in the steps, so once the colleagues take over the project, there is a discrepancy between what was provided in the first place and what was later done.
Therefore, when determining how often you will review your documents, consider the following:
1) whether there was a large fluctuation of people
2) whether you have changed equipment, facilities, resources, location
3) whether the managers of individual processes have changed and brought some of their own policies and practices.
It is common that the documentation is reviewed every two to three years, and, in extremely small companies, with 3 to 5 people, it is possible to review it every 5 years.
To learn more about other most common errors in the documentation control, please refer to this article: https://advisera.com/13485academy/blog/2018/03/14/common-mistakes-with-iso-134852016-documentation-control-and-how-to-avoid-them/ . -
Writing a nonconformity
Answer
If you keep things at such an abstract level, then the clause has to be very general. I would use clause 4.4.1 because of its introduction: failure to implement or maintain processes. Normally, nonconformities are defined at a much specific level. For example, failure to follow the internal process at the commercial level can be associated to clause 8.2.
The following material will provide you information about audit nonconformities:
- Article – How to write a good ISO 9001 audit nonconformity? - https://advisera.com/9001academy/blog/2018/04/24/how-to-write-a-good-iso-9001-audit-nonconformity/
- ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-9001-internal-auditor-course/
- Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
AS9100 Certification process summary
Answer:
The AS9100 implementation process goes through a few simple steps. First get management support, identify your requirements and scope and define and implement all your processes. Next rain everyone to the level needed and choose a certification body that will benefit your company. Operate your system to collect records, perform internal audit and management review to identify and corrections or improvements needed, and put in place corrective actions. Finally, the certification auditors will conduct a stage 1 documentation audit and a stage 2 certification audit where they will review all your processes against the AS9100 standard and your internal and customer requirements.
For a graphical representation of the AS9100 Rev D implementation process, see the free download: AS9100 Rev D implementation diagram, https://info.advisera.com/9100academy/free-download/as9100-rev-d-implementation-diagram] -
27001 certification audit
Thank you very much Rhand. -
Wiki as document repository
Given that the wiki is only accessible to the company staff, maybe a copy paste and an indication to revise the procedure in the wiki, which is the one that will be updated, would suffice?
Answer: ISO 27001 does not prescribe how to handle documented information, only that they must be handled properly, so you can use your wiki as long as you can fulfill the requirements for documented information management from clauses 7.5.2 and 7.5.3 (e.g., approval flow, records, preservation, etc.)
This material will also help you regarding documented information:
- Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/
- Document management in ISO 27001 & BS 25999-2 https://advisera.com/27001academy/blog/2010/03/30/document-management-within-iso-27001-bs-25999-2/
By the way, by your answer it seems that you have redundancy - i.e., the same documents in wiki + in another format you use to upload information to wiki. If this is the case, be sure to avoid this redundancy, because it will only increase you administrative work. Keep only one format as your official repository for documented information.