Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11271 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Exclusions in the scope of the QMS
Answer:
Exclusions doesn´t apply when the standard has been already implemented. In fact one of the first steps when implementing ISO 9001:2015 is determining the scope of the organization and when defining the scope of your QMS you should also determine if any exclusions apply and justify them. For instance, if a company doesn´t do any design work, but it uses designs already given by a customer, you can say that this requirement doesn´t apply to your organization.
These materials can help you to better understand exclusions in the scope of ISO 9001:2015
- Article - What clauses can be excluded in ISO 9001:2015: https://advisera.com/9001academy/blog/2015/07/07/what-clauses-can-be-excluded-in-iso-90012015/2015/
- Articl e: https://advisera.com/9001academy/knowledgebase/how-to-define-the-scope-of-the-qms-according-to-iso-90012015/
- Book - Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- ISO 9001:2015 Foundations Course: https://advisera.com/training/iso-9001-foundations-course/ -
Customer complain log
Answer:
A customer complain log should include the list of complaints received from customers, with its documented response and closure. After receiving a complaint, the organization must evaluate whether the complaint is reasonable or not, and after doing so, the organization will need to suggest a way of resolving the complaint and decide if carrying out a correction or corrective action according to its own organization´s procedure for control of nonconforming product or service.
You can download a free preview of our Registry of Customer Complaints here: https://advisera.com/9001academy/documentation/registry-customer-complaints/
To learn more about customer complaint registers, see these materials:
- Article - Main elements handling customer satisfaction in ISO 9001: https://advisera.com/9001academy/blog/2014/07/01/main-elements-handling-customer-satisfaction-iso-9001/
- Article - Handling customer satisfaction with code of conduct and co mplaints procedure: https://advisera.com/9001academy/blog/2014/07/15/handling-customer-satisfaction-code-conduct-complaints-procedure/
- Book - Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- ISO 9001:2015 Foundations Course: https://advisera.com/training/iso-9001-foundations-course/ -
Creación, revisión y aprobación de documentos
Respuesta:
Efectivamente deberían de ser 3 personas distintas:
- El que elabora el documento: normalmente se trata de un experto en el proceso correspondiente y con conocimientos sobre cómo documentarlo según lo establecido por la organización.
- El que revisa el documento: suele ser un experto en el proceso con las competencias necesarias para poder asegurar los niveles adecuados de calidad del documento con respecto a los procesos y actividades que se pretenden documentar.
- El que aprueba el documento: la persona con máxima autoridad en el proceso, que normalmente designa tanto al creador del documento como al revisor del mismo.
Para saber más sobre la creación, revisión y aprobación de documentos vea los siguientes materiales:
- Artículo - Tips to make document control more useful for your QMS: https://advisera.com/9001academy/ academy/blog/2014/05/20/tips-make-document-control-useful-qms/
- Artículo - 7 steps in writing QMS policies and procedures for ISO 9001: https://advisera.com/9001academy/blog/2015/03/10/7-steps-in-writing-qms-policies-and-procedures-for-iso-9001/
- Libro - Gestión de documentación ISO: Una guía en un lenguaje sencillo: https://advisera.com/books/gestion-de-documentacion-iso-una-guia-en-un-lenguaje-sencillo/
- Curso Fundamentos ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/ -
External documents control
Yes, ISO 9001:2015 clause 7.5.3.2 mention documents of external origin, like standards and legislation, that are relevant to the quality management system (QMS). Does your organization belong to any business association? Some business associations perform that service of legislation surveillance. Some lawyer societies also perform that service. Or your QMS can have someone with the responsibility to checking any changes in legislation every X month.
The following material will provide you information about document control:
- ISO 9001 – New approach to document and record control in ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/
- free online training ISO 9001:2015 Foundations Cou rse - https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Asset management, IT and ISO 9001
Yes, asset management should be part of a QMS audit in an IT environment, of course not so demanding as an audit according to ISO 55001. Asset management is relevant for risks and opportunities determination, and for available capacity and productivity.
The following material will provide you more information:
- How to handle Asset register (Asset inventory) according to ISO 27001 - https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/
- free online training ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
ISO 22301 certification
Answer:
As worldwide references for ISO 22301 personal certification we can mention:
- BSI: https://www.bsigroup.com/en-GB/iso-22301-business-continuity/iso-22301-training-courses/
- PECB: https://pecb.com/en/education-and-certification-for-individuals/iso-22301
From these sites you can find the location that is closer to you. -
Acción de mejora y mejora continua
Respuesta:
Una acción demora es una medida tomada para optimizar el rendimiento de los procesos dentro de la organización. Esta acción de mejora no tiene porqué ser exclusivamente una respuesta ante una situación negativa, sino que simplemente se lleve a cabo con el fin de obtener consecuencias positivas.
A su vez, estas acciones de mejora contribuyen al objetivo de la mejora continua del SGC, que es incrementar la satisfacción del cliente y de las partes interesadas. Esto se refleja en la cláusula 10.3 de la norma ISO 9001:2015 que requiere que las organizaciones mejoren de forma continua la efectividad de la documentación y los procesos del sistema de gestión de calidad. Esta mejora continua se basa en el ciclo PDCA, por sus siglas en inglés, de planificar, hacer, revisar y actuar.
Estos materiales pueden ayudarle a entender más la diferencia entre acción de mejora y mejora continua:
- Planificar, hacer, revisar, actuar en el estándar 9001: https://advisera.com/9001academy/pt-br/knowledgebase/planificar-hacer-revisar-actuar-en-el-estandar-iso-9001/
- Libro - Discover ISO through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Curso gratuito en línea - Fundamentos ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/ -
Direct marketing to US companies under GDPR
The key here is to perform a Legitimate Interest Balancing Test and you should balance your interest in sending advertisement and the right to privacy of the affected data subjects. One of the key points is to be able to prove that the advertisement would be relevant to the data subjects. For example, if you are a company selling raw materials such as coal, you won’t be able to justify sending advertisement emails to a software company representative.
You can find some information on performing Legitimate Interest Balancing Test on the ICO website here: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/legitimate-interests/ -
QMS set up for manufacture of medical device
I want advice on setting up QMS. This is the scenario:
Company A: Has a ISO 13485 QMS for 'Design, Development and Manufacture of patient monitoring device'. Manufacture under non sterile conditions.
Company B: Wishes to set up manufacturing of wound care products. Manufacturing in ISO 7 (Class 10,000) clean room. Is it better (more economical, faster, and less cumbersome viz., documentation) to a. Get a separate certification for Company B or b. Outsource manufacturing for Company A to Company B and have the Scope for Company A's QMS modified.
Answer:
You should set up a separate QMS for Company B since the type of medical devices and scopes of the companies are entirely different.
Please refer to more information:
How to structure Quality Management System documentation according to ISO 13485
https://advisera.com/13485academy/knowledgebase/how-to-structure-quality-management-system-documentation-according-to-iso-13485/
Managing medical device infrastructure requirements according to ISO 13485:2016
https://advisera.com/13485academy/blog/2017/06/28/managing-medical-device-infrastructure-requirements-according-to-iso-13485/ -
ISO 27001 implementation project
Answer:
Broadly speaking, to implement ISO 27001 an organization has to:
- Obtain top management support
- Define and document a scope based on the needs and expectations of interested parties relevant to information security
- Define, document and communicate an information security policy
- Define roles and responsibilities relevant to operation and management of information security
- Define a risk assessment and treatment methodology
- Define and allocate competencies and resources for the operation and management of information security
- Implement risk assessment and risk treatment
- Operate the security controls and generate the necessary records
- Measure, monitor and evaluate the information security performance
- Implement corrections and improvements
To increase chances of success, it is important that persons involved have experience in project management and knowl edge of the standard.
These articles will provide you further explanation about ISO 27001:
- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
- Who should be your project manager for ISO 27001/ISO 22301? https://advisera.com/27001academy/blog/2014/12/01/who-should-be-your-project-manager-for-iso-27001-iso-22301/
Regarding ISO 27001 and HITRUST, the first involves the implementation of a high level information security management system, while the second involves detailed requirements and controls for the secure creation, access, storage and exchange of sensitive and/or regulated data. So you can use ISO 27001 framework to support HITRUST controls implementation, maintenance and improvement. For more information, please access this link: https://hitrustalliance.net/frequently-asked/1/en/topic/since-iso-iec-provides-an-internationally-recognized-information-security-standard-can-i-use-my-iso-27001-certification-to-satisfy-customer-and-business-partner-requirements-for-a-hitrust-csf-validated-or-certified-report