Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Creación, revisión y aprobación de documentos


    Respuesta:

    Efectivamente deberían de ser 3 personas distintas:
    - El que elabora el documento: normalmente se trata de un experto en el proceso correspondiente y con conocimientos sobre cómo documentarlo según lo establecido por la organización.
    - El que revisa el documento: suele ser un experto en el proceso con las competencias necesarias para poder asegurar los niveles adecuados de calidad del documento con respecto a los procesos y actividades que se pretenden documentar.
    - El que aprueba el documento: la persona con máxima autoridad en el proceso, que normalmente designa tanto al creador del documento como al revisor del mismo.

    Para saber más sobre la creación, revisión y aprobación de documentos vea los siguientes materiales:
    - Artículo - Tips to make document control more useful for your QMS: https://advisera.com/9001academy/ academy/blog/2014/05/20/tips-make-document-control-useful-qms/
    - Artículo - 7 steps in writing QMS policies and procedures for ISO 9001: https://advisera.com/9001academy/blog/2015/03/10/7-steps-in-writing-qms-policies-and-procedures-for-iso-9001/
    - Libro - Gestión de documentación ISO: Una guía en un lenguaje sencillo: https://advisera.com/books/gestion-de-documentacion-iso-una-guia-en-un-lenguaje-sencillo/
    - Curso Fundamentos ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/

  • External documents control

    Yes, ISO 9001:2015 clause 7.5.3.2 mention documents of external origin, like standards and legislation, that are relevant to the quality management system (QMS). Does your organization belong to any business association? Some business associations perform that service of legislation surveillance. Some lawyer societies also perform that service. Or your QMS can have someone with the responsibility to checking any changes in legislation every X month.
    The following material will provide you information about document control:
    - ISO 9001 – New approach to document and record control in ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/
    - free online training ISO 9001:2015 Foundations Cou rse - https://advisera.com/training/iso-9001-foundations-course/
    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Asset management, IT and ISO 9001

    Yes, asset management should be part of a QMS audit in an IT environment, of course not so demanding as an audit according to ISO 55001. Asset management is relevant for risks and opportunities determination, and for available capacity and productivity.
    The following material will provide you more information:
    - How to handle Asset register (Asset inventory) according to ISO 27001 - https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/
    - free online training ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • ISO 22301 certification


    Answer:

    As worldwide references for ISO 22301 personal certification we can mention:
    - BSI: https://www.bsigroup.com/en-GB/iso-22301-business-continuity/iso-22301-training-courses/
    - PECB: https://pecb.com/en/education-and-certification-for-individuals/iso-22301

    From these sites you can find the location that is closer to you.

  • Acción de mejora y mejora continua


    Respuesta:

    Una acción demora es una medida tomada para optimizar el rendimiento de los procesos dentro de la organización. Esta acción de mejora no tiene porqué ser exclusivamente una respuesta ante una situación negativa, sino que simplemente se lleve a cabo con el fin de obtener consecuencias positivas.
    A su vez, estas acciones de mejora contribuyen al objetivo de la mejora continua del SGC, que es incrementar la satisfacción del cliente y de las partes interesadas. Esto se refleja en la cláusula 10.3 de la norma ISO 9001:2015 que requiere que las organizaciones mejoren de forma continua la efectividad de la documentación y los procesos del sistema de gestión de calidad. Esta mejora continua se basa en el ciclo PDCA, por sus siglas en inglés, de planificar, hacer, revisar y actuar.

    Estos materiales pueden ayudarle a entender más la diferencia entre acción de mejora y mejora continua:
    - Planificar, hacer, revisar, actuar en el estándar 9001: https://advisera.com/9001academy/pt-br/knowledgebase/planificar-hacer-revisar-actuar-en-el-estandar-iso-9001/
    - Libro - Discover ISO through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
    - Curso gratuito en línea - Fundamentos ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/

  • Direct marketing to US companies under GDPR

    The key here is to perform a Legitimate Interest Balancing Test and you should balance your interest in sending advertisement and the right to privacy of the affected data subjects. One of the key points is to be able to prove that the advertisement would be relevant to the data subjects. For example, if you are a company selling raw materials such as coal, you won’t be able to justify sending advertisement emails to a software company representative.

    You can find some information on performing Legitimate Interest Balancing Test on the ICO website here: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/legitimate-interests/

  • QMS set up for manufacture of medical device

    I want advice on setting up QMS. This is the scenario:
    Company A: Has a ISO 13485 QMS for 'Design, Development and Manufacture of patient monitoring device'. Manufacture under non sterile conditions.
    Company B: Wishes to set up manufacturing of wound care products. Manufacturing in ISO 7 (Class 10,000) clean room. Is it better (more economical, faster, and less cumbersome viz., documentation) to a. Get a separate certification for Company B or b. Outsource manufacturing for Company A to Company B and have the Scope for Company A's QMS modified.

    Answer:

    You should set up a separate QMS for Company B since the type of medical devices and scopes of the companies are entirely different.

    Please refer to more information:

    How to structure Quality Management System documentation according to ISO 13485
    https://advisera.com/13485academy/knowledgebase/how-to-structure-quality-management-system-documentation-according-to-iso-13485/

    Managing medical device infrastructure requirements according to ISO 13485:2016
    https://advisera.com/13485academy/blog/2017/06/28/managing-medical-device-infrastructure-requirements-according-to-iso-13485/

  • ISO 27001 implementation project


    Answer:

    Broadly speaking, to implement ISO 27001 an organization has to:
    - Obtain top management support
    - Define and document a scope based on the needs and expectations of interested parties relevant to information security
    - Define, document and communicate an information security policy
    - Define roles and responsibilities relevant to operation and management of information security
    - Define a risk assessment and treatment methodology
    - Define and allocate competencies and resources for the operation and management of information security
    - Implement risk assessment and risk treatment
    - Operate the security controls and generate the necessary records
    - Measure, monitor and evaluate the information security performance
    - Implement corrections and improvements

    To increase chances of success, it is important that persons involved have experience in project management and knowl edge of the standard.

    These articles will provide you further explanation about ISO 27001:
    - ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
    - Who should be your project manager for ISO 27001/ISO 22301? https://advisera.com/27001academy/blog/2014/12/01/who-should-be-your-project-manager-for-iso-27001-iso-22301/

    Regarding ISO 27001 and HITRUST, the first involves the implementation of a high level information security management system, while the second involves detailed requirements and controls for the secure creation, access, storage and exchange of sensitive and/or regulated data. So you can use ISO 27001 framework to support HITRUST controls implementation, maintenance and improvement. For more information, please access this link: https://hitrustalliance.net/frequently-asked/1/en/topic/since-iso-iec-provides-an-internationally-recognized-information-security-standard-can-i-use-my-iso-27001-certification-to-satisfy-customer-and-business-partner-requirements-for-a-hitrust-csf-validated-or-certified-report

  • Corrective action form


    Answer:

    I'm assuming you are referring to the Corrective Action form column mentioned in the Incident log template. Considering that, there is a template for this form in your toolkit, located in folder 12 Procedure for Corrective Action. This form contains all necessary information required by the standard and to handle an incident.

    Regarding the presentation, this template was designed to be stored in folders, but you can use it as basis to develop versions to be used on intranet sites or your own application software. Provided that all required information is present, you can use the method that best suits your organiz ation (If your Intranet or application software have search functionalities that can speed up the search for documents, these may be good options).

    It is important to note that Incident log is not the same thing as Corrective action form. The first form lists the incidents that were identified, and the second actions taken to treat them, if applicable.

  • Control of document and records requirements

    Beside, our company works with a lot of operating systems with different word versions etc. I know that we can choose each font and each size we want… but your whole package is made like the requirements you made. At the moment not each employee has font Calibri installed. Which way would be the easiest / best for us? Is it possible to add some other fonts beside Calibri (or should there just be one)? It would be kind of a bummer if I have to adjust all of the templates. I work with apple equipment and I have Calibri installed as a standard font. Colleagues of mine don’t. Whats the common way to solve that issue we have?

    Answer:

    Regarding lay -out, ISO 27001 does not prescribe any specific format, so you can edit section 3.1. Document formatting the way it's best for your organization. For example, in the template it is easier to redefine the regular size font to 10 than to change all documents to font 11. Also, you can add new fonts to be used, or exclude this requirement from the document at all.
Page 652-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +