Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11269 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
PDCA in AS9100 Rev D
Answer:
No, you do not need to do a PDCA document for AS9100 Rev D. The plan-do-check-act cycle is par of the standard, as referenced in the diagram at the start of the standard, but there is no requirement to have a PDCA process or to document it.
To better understand how PDCA works in AS9100 Rev D, see this article:
PDCA cycle in AS9100 Rev D, https://advisera.com/9100academy/knowledgebase/pdca-cycle-in-as9100-rev-d/ -
ISO 9001 vs ISO 27001
Answer:
You can find a comparison, clause by clause, of ISO 9001:2015 with ISO 27001:2013 following this link - ISO 9001:2015 vs. ISO 27001:2013 matrix: https://info.advisera.com/9001academy/free-download/iso-9001-2015-vs-iso-27001-2013-matrix
Also please look at this article - How to integrate ISO 9001 and ISO 27001 - https://advisera.com/9001academy/blog/2016/09/27/how-to-integrate-iso-9001-and-iso-27001/ you can find a list of what is common among both standards and extra-requirements of ISO 27001. -
Independence and internal audits
Answer:
Someone else should be auditing the Quality Department. Please check ISO 19011:2018 definition of the audit, “systematic, independent and…”.
Your organization should consider the possibility of another person, internal or external, with the necessary competencies, audit the Quality Department. Remember, the necessary competencies are defined by your own organization.
The following material will provide you more information:
ISO 9001 – Five Main Steps in ISO 9001 Internal Audit - https://advisera.com/9001academy/knowledgebase/five-main-steps-in-iso-9001-internal-audit/
- free online training ISO 9001:2015 Internal Auditor Course
– https://advisera.com/training/iso-9001-internal-auditor-course/
- book - ISO Internal Audit: A Plain English Guide - https://advisera.com/books/iso-internal-audit-plain-english-guide/ -
Auditing a department
Answer:
ISO 9001:2015 promotes the use of the process approach. So, if you need to audit, for example, two departments, you need to check in which processes those departments participate. Then, for each process consider:
And start writing your checklist: what evidences do you want to see, what do you want to ask, with whom do you want to speak, what about sampling, what will be the path for the audit and with audit teams with more than one auditor – decide who will audit what. After that exercise, you will be able to schedule the audit and write your audit plan.
The following material will provide you information about internal audits:
- ISO 9001 – Five Main Steps in ISO 9001 Internal Audit - https://advisera.com/9001academy/knowledgebase/five-main-steps-in-iso-9001-internal-audit/
- Free online training ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-14001-internal-auditor-course/ ernal-auditor-course/
- Free webinar How to perform an ISO 9001:2015 internal audit - https://advisera.com/9001academy/webinar/how-to-perform-an-iso-9001-2015-internal-audit-free-webinar-on-demand/
- Book - ISO Internal Audit: A Plain English Guide - https://advisera.com/books/iso-internal-audit-plain-english-guide/ -
Product safety
Answer:
Special approval of the PMEA & Control Plan should be done by the client who is buying the product, based on clause 4.4.1.2 of the IATF 16949.
For more information please read the following articles:
- Ensuring product safety according to IATF 16949: https://advisera.com/16949academy/blog/2017/09/20/ensuring-product-safety-according-to-iatf-16949/
- How to develop a Control Plan according to IATF 16949: https://advisera.com/16949academy/blog/2017/09/27/how-to-develop-a-control-plan-according-to-iatf-16949/ and
- What is FMEA, and how to apply it in IATF 16949: https://advisera.com/16949academy/blog/2017/09/06/what-is-fmea-and-how-to-apply-it-in-iatf-16949/ -
Presenting the QMS to top management
Answer:
Focusing on risk-based thinking is important because it is the main change in the standard. I would start to highlight all the new topics of the standard with important input from top management like clauses 4.1; 4.2; 5.2; 6.1; 6.2 and 9.3.
Remember that top management doesn’t need to know in detail what is happening in each process, but certainly, it will be important to make them aware of the main risks and opportunities and action plans around the QMS, around products and services and around processes.
I would try to use an approach where each topic is related to pain or gain for the organization in terms of revenue, reputation, winning/losing customers, … For example, when presenting the risk-based approach I could use the impact of a recent customer complaint, or of Brexit, or the launch of a new promising product.
The following material will provide you more information:
- ISO 9001 – How to comply with new leadership requirements in ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/how-to-comply-with-new-leadership-requirements-in-iso-90012015/
- To what extent should top management be involved in your QMS? - https://advisera.com/9001academy/blog/2016/11/22/to-what-extent-should-top-management-be-involved-in-your-qms/
- Free online training - ISO 9001:2015 Lead Implementer Course - https://advisera.com/training/iso-9001-lead-implementer-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Starting a job as consultant or auditor
Answer:
There are no particular “official” or legal requirements for someone to become an ISO management system consultant. Having said that, put yourself in the shoes of a potential customer. They will look for your qualifications because they want to be sure that you can handle the job. The more robust your qualifications, the less anxiety they will feel about your capacity.
That is why Advisera developed Lead Implementer Courses for ISO 9001, ISO 14001 and ISO 27001 consultants. Courses with a part based on the standard and the more important part based on good practices for developing, executing and controlling a management system implementation project. As an auditor, you will start your work as an internal auditor. Requirements for internal a uditors are defined by each organization with their own criteria. Here also, they will look for your qualifications because they want to be sure that you can handle the job. That is why Advisera developed Internal Auditor Courses for ISO 9001, ISO 14001 and ISO 27001 internal auditors.
The following material will provide you more information:
- ISO 9001 – How to become an ISO 9001 consultant - https://advisera.com/9001academy/blog/2016/11/15/how-to-become-an-iso-9001-consultant/
- Free online training - ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-9001-internal-auditor-course/
- Free online training - ISO 9001:2015 Lead Implementer Course - https://advisera.com/training/iso-9001-lead-implementer-course/
- Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Stage 2 vs Stage 1 audit
Answer:
Stage 2 audit is usually conducted several weeks after the stage 1 audit to ensure that the organization had time to implement corrections related to any findings.
While stage 1 audit is about documentation and is normally performed in a meeting room, stage 2 audit is performed at the places where people do their jobs and is much more practical, much more about whether the employees are complying with everything that is written in the documentation. This is achieved by means of interviewing the employees, examining the relevant documents, records, forms and guidelines and also by visiting relevant areas of the organization. The point is – the auditor can talk to anyone, visit any part of your company and see and document within the scope of the certification.
The following material will provide you information about certification a udits:
- ISO 9001 – Checklist of ISO 9001 implementation & certification steps - https://advisera.com/9001academy/knowledgebase/checklist-of-iso-9001-implementation-certification-steps/
- Free online training - ISO 9001:2015 Lead Auditor Course - https://advisera.com/training/iso-9001-lead-auditor-course/
- Book - Preparing for ISO Certification Audit: A Plain English Guide - https://advisera.com/books/preparing-for-iso-certification-audit-plain-english-guide/ -
Auditor questions
Is there a comprehensive list, covering all aspects, so we can tick off all the boxes with our Audit due in just over 4 weeks time.
Answer:
After checking mandatory documents and records, an auditor will approach staff with questions to evaluate their understanding about implemented policies and procedures, where they can find them, and how to proceed in case an incident happens. Examples are:
“Do you have access to the internal rules of the organization in relation to the information security?”
“Can you show me some of the related policies?”
“Could you tell me what are the points that you consider most important in the policy?”
These articles will provide you further explanation about auditor mind set:
- List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
- Which questions will the ISO 27001 certification auditor ask? https://advisera.com/27001academy/blog/2015/07/20/which-questions-will-the-iso-27001-certification-auditor-ask/
- Infographic: The brain of an ISO auditor – What to expect at a certification audit https://advisera.com/articles/infographic-the-brain-of-an-iso-auditor-what-to-expect-at-a-certification-audit/ -
Policy and procedure development
Answer:
The first step is to identify which requirements the policy and procedure must fulfill. For example, your organization may have contracts, laws, or regulations with clauses defining which approach to adopt for risk assessment (e.g., quantitative or qualitative approach), or which acceptance criteria to use. After identifying those requirements you should consider the context of your organization regarding size, processes complexity, and staff maturity.
These articles will provide you further explanation about documents development:
- How to write ISO 27001 risk assessment methodology https://advisera.com/27001academy/knowledgebase/write-iso-27001-risk-assessment-methodology/
- 8 criteria to decide which ISO 27001 policies and procedures to write https://advisera.com/27001academy/blog/2014/07/28/8-criteria-to-decide-which-iso-27001-policies-and-procedures-to-write/
- How detailed should the ISO 27001 documents be? https://a dvisera.com/27001academy/blog/2014/09/22/detailed-iso-27001-documents/
These materials will also help you regarding documenting risk assessment and treatment:
- The basics of risk assessment and treatment according to ISO 27001 [free webinar] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/