Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11269 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Niveles de documentación en ISO 9001
Respuesta:
Si su pregunta está referida a la estructura definida de los distintos tipos de documentos del Sistema de Gestión de Calidad por el estándar internacional ISO 10013:2001, se recomiendan los siguientes niveles de documentación en ISO 9001:
1) Manual de calidad. Actualmente este documento no es obligatorio en ISO 9001:2015 aunque puede ser mantenido por la organización
2) Política de Calidad. Sigue siendo un documento obligatorio en ISO 9001:2015
3) Procedimientos de calidad. Los procedimientos ya no se tratan de información documentada obligatoria aunque la organización puede definir su necesidad e implantarlos en sus procesos.
4) Instrucciones técnicas. Es la organización la que decide qué instrucciones técnicas podrían ser necesarias para la implementación del estándar.
5) Registros. Puede revisar en este artículo la lista de registros y otra información documentada obligatoria en ISO 9001:2015 – Lista de d ocumentos obligatorios requeridos por la ISO 9001:2015: /…/ueridos-por-la-iso-90012015
Estos materiales pueden ayudarle con la estructura de la documentación en ISO 9001:2015:
- Artículo – Cómo estructurar la documentación del sistema de gestión de calidad: https://advisera.com/9001academy/pt-br/kit-de-documentacao-da-iso-9001/nowledgebase/como-estructurar-la-documentacion-del-sistema-de-gestion-de-calidad/
- Libro – Discover ISO 9001:2015 through practical examples: https://advisera.com/books/the-iso-14001-2015-companion/
- Curso gratuito en línea – Fundamentos de ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/ -
Cláusula 9.1
Respuesta:
Lo primero es saber que la norma ISO 9001 no requiere de la creación de ningún tipo de procedimiento, sino que es la propia organización la que decide como cumplir o documentar los diferentes requisitos con los que debe cumplir. Dicho esto, en el caso de la cláusula 9.1, sólo sería necesario retener información documentada sobre los resultados de seguimiento y medición (punto 9.1.1). Dependiendo de la complejidad de su empresa le recomiendo que cuente con un procedimiento que le ayude a realizar este seguimiento, medición, análisis y evaluación de forma más sistemática.
En cuanto a lo que la organización tiene que analizar y evaluar para determinar la eficacia del Sistema de Gestión de Calidad se incluyen:
- El nivel de conformidad de los productos y los servicios
- La satisfacción del clientes
- El grado de desempeño y la eficacia del SGC
- Si la planificación se ha implementado de forma eficaz
- La eficacia de las acciones llevadas a cabo para abordar los riesgos y las oportunidades
- El rendimiento de los proveedores externos
- la necesidad de mejoras en el SGC
Estos materiales pueden ayudarle para entender mejor la cláusula 9.1:
- Artículo - Practical tips for measurinf your QMS according to ISO 9001:2015: clause 9.1: https://advisera.com/9001academy/blog/2017/08/29/practical-tips-for-measuring-your-qms-according-to-iso-90012015-clause-9-1/
- Libro - The ISO 14001:2015 companion: https://advisera.com/books/the-iso-14001-2015-companion/
- Curso gratuito en línea - Fundamentos ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/ -
Ethical standards and ISO 9001
Answer:
ISO 9001 does not cover ethical standards as BSCI. While Business Social Compliance Initiative (BSCI) is a initiative made for companies who want to improve the working conditions in the global supply chain, ISO 9001 stablish the requirements for products, services and systems, to ensure quality and efficiency.
However, a quality oriented company will definitely meet more ethical standards than the organizations who could less care about quality. Company ethics must be reflected in the quality policy and objectives stablished by the organization, so this would be a good place to look in order to seek for the specific working ethics of a company.
To learn more about the relationship between ethical standards and ISO 9001, see th e following materials:
- Article - How to write a good quality policy: https://advisera.com/9001academy/blog/2014/03/25/write-good-quality-policy/
- Article – How to write good quality objectives: https://advisera.com/9001academy/knowledgebase/how-to-write-good-quality-objectives/
- Book – Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Free on-line training – ISO 9001:2015 Foundations: https://advisera.com/training/iso-9001-foundations-course/ -
Quality Objectives Awareness
Answer:
It is totally up to the organization to decide how the Quality Objectives are not only communicated to the relevant employees at all levels, but understood by each employee, meaning that they are aware of the importante of his own involvement in the achievement of those objectives.
You can see these materials to help you with quality objectives:
- Article - How to write good quality objectives: https://advisera.com/9001academy/knowledgebase/how-to-write-good-quality-objectives/
- Book – Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Free on-line training – ISO 9001:2015 Foundations: https://advisera.com/training/iso-9001-foundations-course/ -
Legal requirements in ISO 45001
Answer:
Unfortunately, this sort of law is different all over the world, and may or may not be present in the laws that are applicable to you. The best place to look would be in any laws that apply to drinking water in your area.
I received the following question:
2. Is the WHO (World Health Organization) may include in our Legal & Other requirements?
Answer:
The WHO may show up in your interested parties if they have resolutions that apply to you. The real test of any organization being an interested party is when you determine the needs and expectations of that organization on your company. If they do not have any needs and expectations, then they are very likely not an interested party.
For a better understanding of the ISO 45001 requirements, see this whitepaper: Clause-by-clause explanation of ISO 45001:2018, https://info.advisera.com/45001academy/free-download/clause-by-clause-explanation-of-iso-45001 -
Using read-only documentation
Answer:
Yes, from an ISO 9001:2015 perspective it is possible to make information available to a limited internal audience on a read-only ba sis. You can train people on control of information. Many organizations use information available digitally, on a read-only basis. If someone prints that information a watermark appears on the paper stating that only the digital version is controlled, and paper versions are uncontrolled copies.
The following material will provide you with more information about document control:
- ISO 9001 - New approach to document and record control in ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/
- Book – Managing ISO Documentation: A Plain English Guide - https://advisera.com/books/managing-iso-documentation-plain-english-guide/ -
Is European certification equal to ISO 13485 ?
We want to bring a new medical device class II to Canada from Europe. The device has CE certification by Directive 93/42/EEC. Is the European certification is equal to ISO 13485 standard or we need to apply for Canadian certification.
Answer:
The CE certification means that the Quality Management System (QMS) in place is compliance to ISO 13485 standard. As you are aware, each country has its own regulations, therefore, you still have to register for Canadian certification in order to market the device. But the QMS prepared earlier for CE certification could be useful for applying for Canadian certification. -
Integrated implementation
Answer:
If the content of the involved mandatory documents is the same, as in the case of the scope you've mentioned, you can merged them with no problem. In case they are not, or are only partially the same, you must consider if by merging them, they would not become too big or overly complex to handle. In these cases it is better to keep separated documents.
These materials will provide you further explanation about integrating management systems:
- How to implement integrated management system https://advisera.com/blog/2015/10/05/how-to-implement-integrated-management-systems/
- What to implement first: ISO 22301 or ISO 27001? https://advisera.com/27001academy/blog/2017/04/03/what-to-implement-first-iso-22301-or-iso-27001/
- Free webinar - ISO 27001 & ISO 22301: Why is it better to implement them together? https://advisera.com/27001academy/webinar/iso-27001-iso-22301-better-implement-together-free-webinar-on-demand/ -
Certification coverage
Answer:
An ISO certification issued to AWS does not make your organization "automatically" certified. Your organization has to go through the certification process by itself, but the fact that your supplier already has the certification will help ease your certification process when implementing the necessary controls.
These articles will provide you further explanation about the certification process:
- What is ISO 27001 https://advisera.com/27001academy/what-is-iso-27001/
- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
These materials will also help you regarding the certification process:
- ISO 27001/ISO 22301: The certification process [free webinar on demand] https://advisera.com/27001academy/webinar/iso-27001iso-22301-the-certification-process-free-webinar/ 01iso-22301-certification-process-free-webinar-demand/
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/ -
Information assets classification
Answer: Good practice suggests that information assets classification should be done through a four-steps process:
- information assets should be entered in an Inventory of Assets, so you know which assets to protect
- information assets should be classified, considering their value to the organization and the impact if compromised
- information assets should be labeled, so people can identify its classification
- information assets should be handled in a secure way, considering their classification level
This article will provide you further explanation about information classification:
- Information classification according to ISO 27001 https://advisera.com/27001academy/blog/2014/05/12/information-classification-according-to-iso-27001/
2. How can I identify info assets?
Answer: To properly identify info assets you have to consider your ISMS scope and the objectives of your ISMS, because from them you can identify which assets you have to protect. For example, if one obje ctive of the ISMS is to ensure the protection of the customer support service running on your organization's headquarter, you will know you have to consider the hardware, software and databases located on the headquarter's premises.
This article will provide you further explanation about asset inventory:
- How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/