Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Reviewing documentation


    Answer:
    Since ISO 9001:2015 does not mention “mission statement” I believe you are really mentioning the quality policy. There is no requirement for a quality policy updating frequency. Your organization should evaluate, for example, at management review if the current policy is still useful or should be updated.

    “2. The same question for ISO 9001 2015 needs and expectation of the interested parties, how often it has to be updated?”

    Answer:
    There is no requirement for an updating frequency about needs and expectations of the interested parties. Your organization should monitor and evaluate the need to update or not who are those interested parties and what are their needs and expectations.

    “3. Are there any other ISO 9001 2015 documentation that does have lifespan limitations?”

    Answer:
    There are no lifespan limitations in what concerns ISO 9001:2015 documentation. There maybe lifespan limitations in the result of re gulation or legislation, not because of ISO 9001:2015.

    Be aware that the word “review” in ISO 9001:2015 does not necessarily mean updating a document or something. Review means “critical analysis”. For example, your organization should make a critical analysis of its quality policy and evaluate if it still is actual or needs some change.

    The following material will provide you more information:
    - ISO 9001 – How to set up document approval/withdrawal within your QMS based on ISO 9001:2015 - https://advisera.com/9001academy/blog/2016/04/12/how-to-set-up-document-approvalwithdrawal-within-your-qms-based-on-iso-90012015/
    - You can enroll for free at ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-9001-internal-auditor-course/
    - Book - Managing ISO Documentation: A Plain English Guide - https://advisera.com/books/managing-iso-documentation-plain-english-guide/

  • Evidencing version control


    Answer: No, a version number does not have to remain on the actual document.

    2. Does a version number have to be on the documents at all as long as you have version history showing under the Standard Documents under your QMS?

    Answer: No, please check ISO 9001:2015 clause 7.5.3.2 c) about version control. You need to figure out how you will identify documents so that the people who need to use them know there is a change, as well as ensure that if a user has two versions of a document, they know which is the latest version to use. So, how does your QMS guarantee that users are aware that they are using the latest version? Some organizations instead of a version number use a date, others use a name, others only control digital versions and whenever a document is printed it has a warning to users saying that they don’t control documentation on paper.

    The followin g material will provide you more information:
    ISO 9001 – Some Tips to make Document Control more useful for your QMS - https://advisera.com/9001academy/blog/2014/05/20/tips-make-document-control-useful-qms/
    You can enroll for free at ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-9001-internal-auditor-course/
    Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Design Control Documents


    Answer:

    For the design control document, we do have one available on hand: https://advisera.com/13485academy/documentation/procedure-for-design-and-development-iso-13485-2016/ .

    Concerning the user requirements, you should think about the roles of each function in the company with respect to design and development. Some examples of inputs could be intended application, usability requirements, risk control and etc. For outputs, you should factor in raw materials, manufacturing processes and quality assurance.

    For more information, please refer to:
    -How to manage design and development o f medical devices according to ISO 13485:2016: https://advisera.com/13485academy/blog/2017/08/24/how-to-manage-design-and-development-of-medical-devices-according-to-iso-134852016/

  • Defining the vision of a company


    Answer:
    A vision statement is future-based, and its purpose is to inspire and give direction to employees. Your company is on a journey to become what? If everything goes well what kind of company do you want as a whole to become? When I help organizations define their vision, I invite people to think about what would make them proud of working for that organization or owning that organization. Don’t think about what needs to be done, that is strategy stuff, do a time travel to the future and describe what you see in that future. What kind of work does it do, for what kind of clients does it work, how is it known, why is it praised, why does it make a difference? Keep it short, simple and focused to be of help and motivation.

    The following material will provide you more information:
    - ISO 9001 – Aligning quality objectives of the QMS with the strategic direction of the company - https://advisera.com/9001academy/blog/2017/03/07/aligning-quality-objectives-of-the-qms-with-the-strategic-direction-of-the-company/
    - To what extent should top management be involved in your QMS? - https://advisera.com/9001academy/blog/2016/11/22/to-what-extent-should-top-management-be-involved-in-your-qms/
    - you can enroll for free at ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-9001-internal-auditor-course/
    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Changes in the Organization Chart


    Answer:
    Yes, you can. Later, when the certification body schedules with your organization the next surveillance audit, your organization can send them a new version of the organization chart.

    The following material will provide you more information:
    ISO 9001 – What is an ISO 9001 surveillance audit? - https://advisera.com/9001academy/blog/2016/10/18/what-is-an-iso-9001-surveillance-audit/
    Surveillance visits vs. certification audits - https://advisera.com/27001academy/knowledgebase/surveillance-visits-vs-certification-audits/
    You can enroll for free at ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-9001-internal-auditor-course/
    Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Becoming technical writer


    Answer:

    For BC and DR documentation elaboration jobs I suggest you to consult this list from DRJ (Disaster Recovery Journal): https://www.drj.com/business-continuity-consultants/all.html

    Additionally, if you want to participate as contributor to 27001 and 22301 standards you have to contact the standardization body of your country to verify if it has working groups related to these standards and submit your resume.

  • Lead Auditor certification renew


    Answer:

    To renew your certification you have two options:
    1 - You should consult your certification issuer, or other accredited training provider, to verify if they provide an update course related to your lead auditor certification. Normally these courses are available after a new version of a standard is released. Such courses presents to auditors what has changed in the release of a new version of a standard, and can be used to renew a certificate.
    2 - You can take a full course and retake the exam. Here you can have access to the accredited Lead Auditor course provided by Advisera: https://advisera.com/training/iso-27001-lead-auditor-course/

    It is important to no te that for purposes to become an auditor for a certification body you have to renew your certificate before the three years period validity of the lead auditor certificate expires.

  • Application of AS9110

    Answer:
    While AS9100 Rev D applies to any manufacturers in the aerospace industry (specifically Aircraft, Space and Defense organizations). AS9110 is specifically for aviation maintenance organizations, precisely for organizations that do repair and overhaul for the aircraft industry. This standard is for companies that take parts from aircraft, such as motors, and repairs or overhauls them to make them work again. It is not for standardized repairs of a company’s own products as part of a customer return scenario.
    So, you are correct, unless a customer or legal entity specifically requires that a company is AS9110 certified, this may not apply to you. If you do overhaul functions for aircraft electronics you may wish to investigate this standard for these operations, but not if you are strictly fix ing customer returns, and certainly if you are not in the aircraft portion of the aerospace industry.
    For more on the differences, see the article: How does AS9110 & AS9120 relate to AS9100 Rev D?, https://advisera.com/9100academy/blog/2017/10/30/how-does-as9110-as9120-relate-to-as9100-rev-d/

  • Matters to consider when determining R & O


    Answer:
    When working with an organization to implement a quality management system according to ISO 9001:2015 I consider three main sources for risk determination. https://www.screencast.com/t/X9sdo0ko

    (4.4 f)) - Risks related to processes. https://www.screencast.com/t/qCZIf2dKJV
    For example: What can go wrong in the process above that make’s bad parts and bad packages? What opportunities are there for improving productivity or reducing cycle time?

    (5.1.2 b)) – Risks related to products and services. What can go wrong with products and services when used by customers?

    (6.1.1) – Risks related to clauses 4.1 and 4.2. For example, the government can publish legislation that works as a barrier to competitors and makes our organization win market share. For example, technological evolution can make our production process obsolete.

    The following material will provide you more information about risks and opportunities:
    ISO 90 01 – How to address risks and opportunities in ISO 9001 - https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
    How to identify risk controls in ISO 9001:2015 - https://advisera.com/9001academy/blog/2019/01/21/how-to-identify-risk-controls-in-iso-90012015/
    How to identify risk significance in ISO 9001:2015 - https://advisera.com/9001academy/blog/2019/01/14/how-to-identify-risk-significance-in-iso-90012015/
    Free webinar on demand - How to implement risk management in ISO 9001:2015 - https://advisera.com/9001academy/webinar/how-to-implement-risk-management-in-iso-90012015-free-webinar-on-demand//
    Free online training ISO 9001:2015 Internal Auditor Course – https://advisera.com/training/iso-9001-internal-auditor-course/
    Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Background check for suppliers


    1. Within the Supplier Relationship requirements, we were instructed by a previous ISO 27001 consultant that we should confirm background checks are being conducted on any suppliers which have physical access to our property, or have access to our data and network. After reviewing “11.A.15.2_Supplier_Data_Processing_Agreement_Integrated_EN.docx”, there doesn’t seem to be any agreement to background checks by the “Processor”. But, within “11.A.15_Supplier_Security_Policy_Integrated_EN.docx”, the policy states under the screening section(3.2) that screenings may be necessary. Are background checks not a requirement for Suppliers within ISO 27001?

    Answer: Background checks, as part of the screening process, as any control from ISO 27001 Annex, must be applied only if one of the following occurs:
    - There are risks identified as unacceptable in the risk assessment that require the implementation of the control
    - There are legal requirements (e.g., contracts, laws, and regulations) that require the implementation of the control
    - There is a top management decision requiring the implementation of the control

    If none of these options occur there is no need to implement a particular ISO 27001 control. So background checks do not need to be implemented if there are no risks, there are no particular requirements, and there is no decision from the management.

    This article will provide you further explanation about selecting controls:
    - The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/

    2 . Is there an updated “11.A.15.2_Supplier_Data_Processing_Agreement_Integrated_EN.docx”, which includes background checks, or can you provide the verbiage to include? Please let me know if you need any further details in order to answer these questions.

    Answer:

    You have the up to date version of the “11.A.15.2_Supplier_Data_Processing_Agreement_Integrated_EN.docx”, but if, considering the previous answer, you understand that you need to apply background checks, you can schedule a meeting with one of our experts and he will help you to develop this text. To schedule a meeting, please access this link: https://advisera.com/27001academy/consultation/
Page 603-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +