Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11269 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Instructions for production
Answer:
First of all, thank you for your kind words. I'm glad to hear that our site has helped you.
Yes, you are right. ISO 9001:2015 does not require that practice followed by your organization. Please check clause 4.4.2. It is up to the organization to decide what is needed or not. In your position I would like to know why they do that, what was the reason behind that practice. Can be enlightening. One mor e thing, your idea of reinforcing training to avoid extra documentation in production is, I believe, a very good one.
The following material will provide you with information about work instructions:
- ISO 9001 – How to structure work instructions in the ISO 9001 QMS - https://advisera.com/9001academy/blog/2015/06/16/how-to-structure-work-instructions-in-the-iso-9001-qms/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Rules for storing documents
Answer:
Normally, organizations store them as separated documents. That way, if you update a form, you will not need to update the related procedure or policy.
The following material will provide you with information about document control:
- ISO 9001 – New approach to document and record control in ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Suggestion for closing a minor NC
A risk matrix, as an appropriate method for determination and grading of the risks associated with identified aspects, was sighted.
The business had not described as part of the risk assessment process, a criterion to determine its significant environmental aspects.
Requirement: The organization shall determine those aspects that have or can have significant environmental impact…..by using established criteria.
Objective evidence: The identification of which aspects were deemed significant environmental aspects was not clear.”
Answer:
ISO 14001:2015, according to clause 6.1.2, requires three kinds of documents:
-a list of the determined environmental aspects and impacts;
-an explanation of the criteria used by the organization to evaluate and distinguish significative environmental aspects and impacts; and
-a list of the significative environmental aspects and impacts after applying the criteria.
According to the text, your or ganization used a risk matrix to register all determined environmental aspects.
According to the text, it is not clear what criteria were used to classify some of those environmental aspects as significant.
According to the text, it is not clear which environmental aspects have a significant environmental impact.
To correct the NC I suggest:
Develop criteria to classify environmental aspects and impacts and document it. See in this article List of mandatory documents required by ISO 14001:2015 - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/list-of-mandatory-documents-required-by-iso-140012015/ - Criteria for evaluation of significant environmental aspects is a mandatory document
Include in the risk matrix columns where each of the criteria parameters are applied
Include in the risk matrix a column that clearly identifies if an environmental aspect is significant or not, after applying the criteria
The following material will provide you more information:
- ISO 14001 – 4 steps in identification and evaluation of environmental aspects - https://advisera.com/14001academy/knowledgebase/4-steps-in-identification-and-evaluation-of-environmental-aspects/
- ISO 14001:2015 – How to set criteria for environmental aspects evaluation - https://advisera.com/14001academy/blog/2016/10/31/iso-140012015-how-to-set-criteria-for-environmental-aspects-evaluation/
- free online training ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
- book - THE ISO 14001:2015 COMPANION – A A Straightforward Guide to Implementing an EMS in a Small Business - https://advisera.com/books/the-iso-14001-2015-companion/ -
What else do I need to be ISO 13485 certified when I am ISO 9001 certified?
Answer:
In order for your company to be ISO13485 certified, you need to adapt your company's current QMS to take into account the type of product that you are dealing with in your organization such as the inclusion of medical device files, design and development file, software validation and sterilization process just to name a few.
For more information, please refer to:
- List of mandatory documents required by ISO 13485:2016- https://advisera.com/13485academy/blog/2017/01/18/list-of-mandatory-documents-required-by-iso-134852016/
- How to structure Quality Management System documentation according to ISO 1348-: https://advisera.com/13485academy/knowledgebase/how-to-structure-quality-management-system-documentation-according-to-iso-13485/
-Checklist of ISO 13485 implementation and certification steps
https://advisera.com/13485academy/knowledgebase/checklist-of-iso-13485-implementation-and-certification-steps/ -
Controlling forms
Answer:
We need document control to be sure:
a) we are all using the last version;
b) we are all using the same version, and
c) we are all speaking about the same document.
In your own case, how can you ensure that?
If the Form has a name or a title c) is ensured. If the Form is automatically generated after the Excel spreadsheet, if you control the Excel spreadsheet you will ensure a) and b) for everybody.
The following materials will provide you with details with documented information:
- Article - New approach to document and record control in ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/
- free webinar on demand - How to use a Documentation Toolkit for the implementation of ISO 9001 [free webinar] - https://advisera.com/9001academy/webinar/how-to-use-a-documentation-toolkit-for-the-implementation-of-iso-9001-free-webinar-on-demand/
- [free course] ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- book - Managing ISO Documentation: A Plain English Guide - https://advisera.com/books/managing-iso-documentation-plain-english-guide/ -
Extra Ue personal data
Answer:
Based on the description you provide of the companies, the companies D seem to be the data controllers as they decide what measurements to take in order to provide a suit to the final customer and although not important on its own, companies D are the ones in contact and collecting the personal data from the final customers.
All the other companies A and B will be acting as processors. Company B will be a processor of companies D and company A will be a sub-processor of company B. -
Risk management in general
Answer:
Risk management has four elements:
Risk Determination – determine risks about the system as a whole, about the processes and about the products or services delivered.
Prioritize Risks - Risks do not all have the same importance. Some will be more serious than others. It is necessary to arrange criteria for classifying and distinguishing the most serious risks from the least serious ones.
Mitigate Risks – Develop actions that minimize the consequences of the risks and or the likelihood of their occurrence.
Measure Effectiveness – Evaluate if the actions were effective in handling the priority risks.
Please check this free webinar on demand where I explain risk scope and risk management with examples. Free webinar – How to implement risk management in ISO 9001:2015 - https://advisera.com/9001academy/webinar/how-to-implement-risk-management-in-iso-90012015-free-webinar-on-demand//
The following material will provide you info rmation about risk management:
- ISO 9001 - How to address risks and opportunities in ISO 9001 - https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
- free online training ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
GDPR officer
Answer:
Not necessarily although it would be useful. The EU GDPR does not require a specific background for the DPO.
You can check out this webinar for more information "The role of the DPO according to the EU GDPR" (https://advisera.com/eugdpracademy/webinar/role-of-the-dpo-according-to-eu-gdpr-free-webinar-on-demand/) -
SoA information
1 - In your video, which is accessible in video tutorials, in examples you mentioned in “Justification for selection/ non-selection” the risks. Does it means that in “Justification for selection/ non-selection” should be only risks from the risk assessment document? If not, what else can/should be there?
Answer: As “Justification for selection/ non-selection” you can use the results of risk assessment, compliance with legal requirements (e.g., laws, contracts and regulations), and top management decision (e.g., the Top management considers that the adoption of the control will bring advantages to the organization).
2 - And one other question. Can I fill in that field only for non-selection case?
Answer: ISO 27001 clause 6.1.3 d) requires justification not only for control inclusions, but also for exclusions of controls from Annex A.
This article will provide you further explanation a bout SoA content:
- The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/ -
Competencies for ISO 27001
Answer:
It is not mandatory by the standard to have any personal certifications to be an implementer of ISO 27001, but with no doubt the knowledge related to them can help you during the implementation process.
These articles will provide you further explanation about personal certifications and ISMS:
- How personal certificates can help your company’s ISMS https://advisera.com/27001academy/blog/2014/10/06/how-personal-certificates-can-help-companys-isms/
- What does ISO 27001 Lead Implementer training look like? https://advisera.com/27001academy/blog/2016/11/28/what-does-iso-27001-lead-implementer-training-look-like/
This material will also help you regarding ISO 27001 implementer:
- ISO 27001:2013 Lead Implementer course https://advisera.com/training/iso-27001-lead-implementer-course/