Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • EU GDPR and governmental benefit industries


    Answer:

    I think that there are no specific rules for the benefit industries. As data controllers, pensions or health care plans need to comply with all provisions related to controllers. One difference that I could think of right now is that governmental institutions cannot rely on legitimate interest as a lawful ground for processing.

  • Second party audits

    It is the Remote Site for both our SG Company (Singapore) and JP Company (Japan).
    Do we need to conduct 1 internal audit by SG and 1 Internal Audit by JP?
    Or can we send 1 representative/auditor from TTS or TMC to conduct internal audit in our remote site (US)?
    And can the Audit result/documents can be used by both SG and JP?
    By the way, our CB for SG Company is SGS while CB in JP is DNV GL Japan, but Certification standards are both IATF16949:2016.
    Can we, JP and SG share 1 audit result even we have different CB?
    Our main headquarters/company is in Japan, we have manufacturing Company in different places like Singapore, Thailand and Malaysia. Our remote site were under Japan and Singapore Company

    Answer:
    As long as the internal audit to the Remote Site is made by a competent auditor that satisfies the requirements of both SG and JP companies, and follow the approved procedures, one auditor can make the audit and send the report to both companies. Each company should analyze the report and evaluate the need for any request of improvement or correction. There is no problem of sharing one audit result with different companies even with different Certification Bodies.

    By the way, when ISO 9001 was developed in 1987 the initial purpose was not to be used by third parties (certification bodies). ISO 9001 was developed to be used by clients to audit suppliers. Then clients, multinationals, promoted the idea of certification because audit costs would be paid by suppliers. What SG and JP companies want to do is the same thing, using an independent auditor to do the job in their name.
    The following material will provide you information about second par audits:
    - ISO 9001 – First-, Second- & Third-Party Audits, what are the differences? - https://advisera.com/9001academy/blog/2015/02/24/first-second-third-party-audits-differences/
    - free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Safety Data Sheets in ISO 45001


    Answer:
    Safety data sheets are not directly referenced in the Iso 45001 standard, but this is covered under the requirements to understand and comply with any legal requirements that are applicable to your organization. Maintaining safety data sheets is a requirement by law, so you need to have a way to identify the requirements, keep up to date with the requirements, and meet the requirements in your organization.

    For more on this requirement see this article, “How to identify and comply with legal requirements in ISO 45001”, https://advisera.com/45001academy/blog/2015/06/24/how-to-identify-and-comply-with-legal-requirements-in-iso-45001/

  • Un-controlled copies


    Answer:
    There is no general answer. It will depend on the situation. It may be an explicit requirement in a contract that the customer must always have the updated version of the Quality Manual. It may depend on the organization's willingness, possibility or interest in keeping the customer with a controlled copy. Typically, organizations distribute uncontrolled copies of the Quality Manual for external parties, in which case the document clearly shows that is an uncontrolled copy.

    The following material will provide you with information about calibration:
    - ISO 9001 – New approach to document and record control in ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/
    - free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Requirements for suppliers of calibration services


    Answer:
    Formally, it is not compulsory to pick an organization ISO 17025 accredited to perform calibrations. In practice, organizations can get nonconformances for not selecting ISO 17025 accredited organizations, when those organizations don’t show evidence of traceability to international standards, when those organizations don’t show evidence of procedures followed and don’t show the limits of confidence of the results. So, to avoid all those possible problems, organizations choose an accredited external provider of calibration services.

    The following material will provide you information about calibration:
    - ISO 9001 – Monitoring and Measurement Equipment Control - https://advisera.com/9001academy/blog/2014/05/06/monitoring-measurement-equipment-control/
    - free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Required signatures

    But I only have 3 persons at site to sign, can I mention 1 of the signatories as unavailable?”

    Answer:
    Put yourself in the shoes of an auditor. What would he/she think?

    Your organization, with all the time of the world, with authority, have approved a rule for documentation: SOP must have four signatures. For your organization that is the law. The auditor may think that only one signature is necessary if the person has the authority for that. However, for the auditor, the audit criteria is ISO 9001:2015 and the organization’s own rules, not his/her opinion.

    So, it is not advisable to establish one internal rule and then not follow that rule. I would change the number of required signatures.

    The following material will provide you information about documented information:
    - ISO 9001 – New approach to document and record control in ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/
    - free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Risk and opportunity determination in a process - example


    Answer:
    Look into the ISO 9000:2015 definition of risk. Something like: risk is the effect of uncertainty on an expected result. So, consider a process and list what are the expected results from that process.

    For example, consider the process “Write proposals”. What do we want from that process?

    * We want proposals that win customers
    * We want proposals that are made on time
    * We want proposals that make money

    The risks will prevent or hinder the achievement of the expected results for the process. You can gather people working in the process and internal customers of that process and do a brainstorming about what can go wrong with the process:

    * Writing proposals that don’t answer to customer requirements and expectations
    * Lack of information about customer requirements
    * Writing proposals that are overpriced
    * Taking too much time to write and send proposals
    * Writing proposals that are underpriced

    The opportunities will help in meeting the expected results for the process. You can gather people working in the process and internal customers of that process and do a brainstorming about what can help the process:

    * Developing an app to streamline the writing of proposals
    * Creating standard cost tables to minimize underpricing/overpricing
    * The positive economic mood will create market demand
    * The closure of an important competitor will create market demand

    The following materials will provide you with details about risk determination:
    - How to address risks and opportunities in ISO 9001 - https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
    - Risk-based thinking replacing preventive action in ISO 9001:2015 – The benefits - https://advisera.com/9001academy/knowledgebase/risk-based-thinking-replacing-preventive-action-in-iso-90012015-the-benefits/
    - Free webinar – How to implement risk management in ISO 9001:2015 - https://advisera.com/9001academy/webinar/how-to-implement-risk-management-in-iso-90012015-free-webinar-on-demand//
    - Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Definition for critical suppliers in the context of ISO 13485


    Answer:

    The Standard does not have a specific definition for critical suppliers. But you can refer to Clause 7.4.1 a to 7.4.1.e which presents the list of criteria for the evaluation and selection of suppliers. This can provide as a base to determine critical suppliers.

    To see a document which specifies how to select suppliers, take a look at the free preview of this procedure:

    -Procedure for Purchasing and Evaluation of Suppliers
    https://advisera.com/13485academy/documentation/procedure-for-purchasing-and-evaluation-of-suppliers-iso-13485-2016/

  • Risk owner for the use of mobile devices


    Answer: This depends on the risk(s) you identified related to this activity. If there is a risk of loss of data or data leakage, the risk owner could be the Head of IT department; if there is a risk of inappropriate usage of the device, the risk owner could be the security officer, etc.

    See also this article: Risk owners vs. asset owners in ISO 27001:2013 https://advisera.com/27001academy/knowledgebase/risk-owners-vs-asset-owners-in-iso-270012013/

  • Annex A controls - flexibility in declaring the applicability


    Answer: ISO 27001 says that any company is flexible to declare as applicable only those controls that are needed to decrease the risk, or to satisfy some requirements, or per some other criteria important for the management. This article explains the concept further: The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/

    On this assumption , is there an accurate ratio treshhold in % that can gives me the freedom to decleare what is not relevant here?

    Answer: There is no ratio nor treshold, but in most cases larger companies tend to select between 110 and 114 contro ls, while smaller companies are usually between 100 and 105 controls.

    These materials will also help you regarding Annex A controls:
    - The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/
    - Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your
    Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
    - Free online training ISO 27001 Foundations Course
    https://advisera.com/training/iso-27001-foundations-course/
Page 629-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +