Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11272 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Complaint Handling in ISO 13485
Answer:
In the 2016 Standard, Complaint handling falls under Clause 8.2.2.
For further information regarding other changes in the Standard, please refer to :
ISO 13485:2016 vs. ISO 13485:2003 matrix
https://info.advisera.com/13485academy/free-download/iso-13485-2016-vs-iso-13485-2003-matrix -
ISO 27001 risk management process
Question based on the text of one of marketing e-mails: "Do you struggle to understand all of the steps required for a successful implementation of the ISO 27001 risk management process? Answer: ISO 27001 is a standard for information security management, and one of its pillars is the definition and performing of a risk management process, and that process may or may not be based on ISO 31000:2018. These articles will provide you further explanation about these two standards: - What is ISO 27001 https://advisera.com/27001academy/what-is-iso-27001/ - ISO 31000 and ISO 27001 – How are they related? https://advisera.com/27001academy/blog/2014/03/31/iso-31000-and-iso-27001-how-are-they-related/ These materials will also help you regarding risk management on ISO 27001: - Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/ - The basics of risk assessment and treatment according to ISO 27001 [free webinar on demand] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/ -
Audit checklist content
Answer:
To verify if this requirement is fulfilled, you have to identify if the organization has clearly defined and implemented actions and roles to communicate relevant information for both internal and external public. For example, if the organization has defined the process bellow:
- For internal public the HR department is responsible to communicate general information security issues, line managers are responsible to communicate technical information security issues, related to the roles of theirs teams, and Top Management is responsible to communicate information security issues related to processes performance and results. These communications will be performed monthly or sooner if the responsible consider it is needed;
- For external public the PR department is responsible to co mmunicate with media representatives, and the purchase department is responsible to communicate with suppliers. Information related to information security incidents are to be communicated only after Top Management approval by Public Relations department.
It is important to note that a formal Communication plan is not mandatory.
These materials will provide you further explanation about ISO 27001 requirements:
- How to create a Communication Plan according to ISO 27001 How to create a Communication Plan according to ISO 27001
- Clause-by-clause explanation of ISO 27001 https://info.advisera.com/27001academy/free-download/clause-by-clause-explanation-of-iso-27001 -
BCPs content
Answer:
Included with the toolkit you bought you have the access to video tutorials that can help you fill in the content of a business plan. The tutorials show how real data is filled out into the templates.
Regarding other companies plans content, we do not have authorization to share them, even without identifiable details. -
ISO 9001 and Construction
(1) Where should we start?
(2) Is it beneficial that we already have SOP in place?
(3) As a construction company, what part of physical construction work needs to be outlined and documented within the QMS?
(4) How is remove and replace construction work defined? Product or service?
(5) How do most construction companies define their organizations?”
Answer:
(1) Do a Gap Analysis, map your processes, establish a quality policy and develop action plans to meet them. Consider also the context, the interested parties and risks and opportunities.
(2) Yes, that means that your organization is used to follow internal standards
(3) After a contract you have to plan resources use (materials, equipments, people and time), you have to plan quality control and you have to evidence progress and quality control
(4) That is not relevant, some can consider your business as a product and others as a service
(5) That will depend on your organization’s market positioning.
The following material will provide you information about implementing an ISO 9001 management system:
- ISO 9001 – Free ISO 9001:2015 Gap Analysis Tool - https://advisera.com/9001academy/iso-9001-gap-analysis-tool/
- Would construction companies benefit from ISO 9001? - https://advisera.com/9001academy/blog/2016/06/07/would-construction-companies-benefit-from-iso-9001/
- Case study for ISO 9001:2015 transition in a construction company - https://info.advisera.com/hubfs/9001Academy/9001Academy_FreeDownloads/Case_study_for_ISO_9001_2015_transition_in_construction_company_EN.pdf - Procedure for Construction Process - https://advisera.com/9001academy/documentation/procedure-for-construction-process/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Medical Device File
Answer:
Medical Device File are basically a set of documentation to demonstrate the safety and performance of the device as per the intended use. There is no specific format to comply to but you should provide what is stated under clause 4.2.3 of ISO 13485.
Example of document that should be in medical device file includes but not limited to instructions for use , product labeling and product specification sheet.
For more information , please refer to:
How to meet ISO 13485:2016 requirements for medical device files
https://advisera.com/13485academy/blog/2017/06/28/how-to-meet-iso-13485-requirements-for-medical-device-files/ -
Finance department and ISO 9001
Answer:
As long as your company is not a financial company you don’t need to include the finance department under the scope of the quality management system.
The following material will provide you more information about implementing an ISO 9001 management system:
- What is an acceptable exclusion in Clause 7 of ISO 9001? - https://advisera.com/9001academy/blog/2015/03/24/what-is-an-acceptable-exclusion-in-clause-7-of-iso-9001/
- free online course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Paquete básico de documentos
Respuesta:
Normalmente para una empresa de 10 personas el paquete básico sería suficiente para poder implantar la norma de manera satisfactoria en su organización. Tenga en cuenta que en este paquete de documentos se incluyen todos los documentos obligatorios con los que necesita cumplir. No obstante, tiene que llevar a cabo todos los pasos necesarios de la implementación para dar cumplimiento a los requisitos de la ISO 9001:2015 y así poder pasar la auditoria de certificación realizada por parte de la entidad certificadora.
Estos materiales pueden ayudarle con la implementación de la norma ISO 9001:2015 para una pequeña empresa:
- Diagrama de Implementación ISO 9001:2015: https://info.advisera.com/9001academy/es/descarga-gratuita/diagrama-de-implementacion-iso-90012015
- Lista de verificación de la documentación requerida obligatoria por ISO 9001:2015: https://info.advisera.com/9001academy/es/descarga-gratuita/lista-de-verificacion-de-la-documentacion-requerida-obligatoria-por-iso-90012015
- Curso de Fundamentos de la norma ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/
- Libro - Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Basics of implementation of IATF 16949
Answer:
Basics of implementation of IATF is for sure quality management system or implementation of ISO 9001. IATF or former TS 16949 was the technical specification for ISO 9001 which means that standard requirements were higher and more specific for the automotive industry. Core Tools this standard requires are Advanced Product Quality Planning (APQP); Failure Mode and Effects Analysis (FMEA), Measurement Systems Analysis (MSA), Statistical Process Control (SPC) and Product Part Approval Process (PPAP). Implementation of core tools can help business to improve and achieve continual improvement if they are used in good way.
I suggest you find out more about the basics of implementation in this article:
-How to write the IATF 16949 Quality Manual https://advisera.com/16949academy/blog/2017/05/31/how-to-write-the-iatf-16949-quality-manual/
For core tools please take a lo ok at What are the five core tools of IATF 16949? https://advisera.com/16949academy/blog/2017/08/23/what-are-the-five-core-tools-of-iatf-16949/ -
Supervisory authority for data protection
Answer:
The EU GDPR states that is compulsory for a legal entity to appoint a DPO only if (a) the processing is carried out by a public authority or body, except for courts acting in their judicial capacity; or (b) the core activities of the legal entity consist of processing operations which, by their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale; or (c) the core activities of the legal entity of processing on a large scale of special categories of data pursuant to Article 9 of the EU GDPR and personal data relating to criminal convictions and offences referred to in Article 10 of the EU GDPR.
Also since the organization is in Sri Lanka and India, you first need to identify if the EU GDPR is applicable. The key to understanding when EU GDPR is applicable is understanding the meaning of “in the Union.” The EU GDPR will only apply to personal data regarding individuals within the Union, while the nationality or habitual residence of those individuals is irrelevant. For example, a company based in the EU which is processing the data of Japanese individuals located in Japan will still need to comply with the EU GDPR. Consequently, the Japanese individuals will be benefiting from all rights according to the EU GDPR, even if these rights do not exist in their own nation’s laws.
When the data is processed outside of the EU by companies which are also outside the EU, then this is not considered to be “in the Union”. For example, the EU GDPR will not be applicable for a school which is based in the United States just because there is a possibility that one or several of its students would be EU citizens. In this case, the processing does not take place “in the Union,” nor is the individual “in the Union”.
If your customer falls under both criteria above it would need to appoint a representative in the EU and the competent Supervisory Authority would be the one where the representative is established.
To learn more about the duties of a DPO check out our EU GDPR Data Protection Officer Course (https://advisera.com/training/eu-gdpr-data-protection-officer-course/).