Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11269 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Implementing a management system_
Answer:
I believe that there will be no exclusions and all clauses of ISO 9001 are applicable to your organization. Considering that your business is general and wholesale trading of medical equipment, perhaps ISO 13485 is more appropriate (medical devices).
I would start the implementation of a management system by:
Assembling a project team;
Developing a project plan with a timetable;
Basic training on ISO 9001 for project team members;
Define the scope of the management system;
Perform a Gap Analysis;
Determine internal and external context;
Determine interested parties;
Map your processes;
Define quality policy, objectives and plans to meet them;
Determine risks and opportunities and define action plans to act upon the most important;
Document your processes;
Start measuring performance;
Perform internal audits;
Do a management review and decide if you are ready for certification.
The following material will provide you information about implementing a management system:
- ISO 9001 – Checklist of ISO 9001 implementation & certification steps - https://advisera.com/9001academy/knowledgebase/checklist-of-iso-9001-implementation-certification-steps/
- Six Key Benefits of ISO 9001 Implementation - https://advisera.com/9001academy/knowledgebase/six-key-benefits-of-iso-9001-implementation/
- free course ISO 9001:2015 Lead Implementer Course - https://advisera.com/training/iso-9001-lead-implementer-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
ISO45001 Lead Auditor Training
Please advise.
Answer:
While we at Advisera do not have an ISO45001 auditing or implementing course to offer, there are many available. I would suggest checking some of the main registrars in your area as they often provide training as well (for instance BSI, SGS and TUV). Remember that for internal auditing it is not necessary to take a certified course as the competence for auditor is determined by the company, and you can gain this competence in many different ways (including self study).
For a better understanding of the standard and how it transitions form OHSAS 18001, see this whitepaper: https://info.advisera.com/45001academy/free-download/twelve-step-transition-process-from-ohsas-18001-to-iso-45001 -
Non-EU medical services providers and the GDPR
Answer:
The EU GDPR would be applicable only if you provide “tele medicine” type services to EU customers. If you provide “classic” medical services and examine the patients in the US and do not specifically target EU data subjects, it is most likely that it will not apply to you.
To learn more about the applicability of the EU GDPR check out our “EU GDPR Foundations Course” (https://advisera.com/training/eu-gdpr-foundations-course//). -
ISO career
Answer:
ISO management standards are designed to be applicable to organizations of any size and industry, so if you are thinking about dedicating your career totally to ISO standards you should consider first to develop some work in fields other than IT, so you can gain some additional experience (e.g., you can work on projects focused on administrative or operational areas of your current job).
These materials may help you:
- How to become an ISO 27001 / ISO 22301 consultant https://advisera.com/27001academy/blog/2014/07/21/how-to-become-an-iso-27001-iso-22301-consultant/
- How to become an ISO 27001 / BS 25999-2 consultant [ free webinar on demand] https://advisera.com/27001academy/webinar/become-iso-27001-bs-25999-2-consultant-free-webinar/ -
SoA update
Answer:
Once a year is not enough. You should update SoA at least once a month or more often, considering how changes in the ISMS environment and new and modified risks affect the implemented controls, so the SoA can keep reflecting the way the organization handles its information security.
This article will provide you further explanation about SOA:
- The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/ -
Privacy Shield
Answer:
On July the 5th, the European Parliament passed a non-binding resolution, asking the European Commission, the EU’s executive body, to suspend the Privacy Shield framework. As the resolution is not binding the EU Commission did not enforce it, thus Privacy Shield still stands.
To learn more about cross border data transfers check out our webinar “How to make personal data transfers to other countries compliant with GDPR” (https://advisera.com/webinars/how-to-make-personal-data-transfers-compliant-with-gdpr-free-webinar-on-demand/). -
Identificación del contexto de la organización
https://advisera.com/9001academy/pt-br/kit-de-documentacao-da-iso-9001/nowledgebase/como-identificar-el-contexto-de-la-organizacion-en-iso-90012015/
Respuesta:
Desde mi experiencia siempre recomiendo llevar a cabo todos los análisis de la forma más sencilla, en este caso la identificación del contexto de la organización. Lo más simple sería organizar una reunión con la gente relevante de la organización, por ejemplo, los directores de los departamentos, y llevar a cabo un análisis DOFA (debilidades, oportunidades, fortalezas, amenazas) para poder determinar las cuestiones internas y externas de la organización. Este mismo acta de reunión puede ser válido para demostrar que cumplimos con el requisito correspondiente.
Estos materiales pueden serle de utilidad a la hora de determinar el contexto de la organización:
- Artículo - ISO 9001:2015 case study: Context of the organization as a success factor in manufacturing company (disponible sólo en inglés): https://advisera.com/9001academy/blog/2016/10/11/iso-90012015-case-study-context-of-the-organization-as-a-success-factor-in-manufacturing-company/
- Libro - Discover ISO 9001:2015 through practical examples (disponible sólo en inglés): https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Curso gratuito en línea - Fundamentos ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/ -
Implementing IATF 16949 over ISO 9001
IATF requirements assume that customer-authorized waiver must be documented in order to retain the evidence. We could see that per example at requirements 8.2.3.1.1 and 8.3.6.1.
Based on available facts at your question if you get documented waiver approval from the customer for Cpk monitoring above 1.33 that no issues with the IATF1694 clause 9.1.1.1.
Even that, you should to take in consideration that if during the monitoring process capability we have special causes that must be identified, analyze root causes and implement corrective actions to avoid reoccurrence., and according IATF16949 requirement 9.1.3.1 trends in operational performance shall be compared with progress toward objectives and lead to action to support prioritization of actions for improving customer satisfaction
-
Definitions of the audit findings
Rules for achieving and maintaining IATF recognition --- Fifth edition for IATF 16949 is a document provided by IATF that contains definitions for the terms you mentioned. Here are the definitions:
Major Non-Conformity
· The absence of or total breakdown of a system to meet and IATF 16949 requirement
· A number of minor non-conformities against one requirement can represent a total breakdown of the system and thus be considered a major non-conformity
· Any non-conformity that would result in the probable shipment of non-conforming products. A condition that may result in the failure or materially reduce the usability of the products or services for their intended purpose
· A non-compliance that judgment and experience indicate is likely to result in the failure of the quality management or to materially red uce its ability to ensure controlled processes and products
Minor Non-Conformity
· A failure to comply with IATF 16949 that, based on judgment and experience, is not likely to result in the failure of the quality management system or reduce its ability to ensure controlled processes or products. It may be one of the following:
o A failure in some part of the client’s quality management system relative to IATF 16949
o A single observed lapse in following on item of a company’s quality management system
Opportunity for Improvement
· A failure in some part of the client’s quality management system relative to IATF 16949
· A single observed lapse in following one item of a company’s quality management system -
GAP analysis and exclusions from QMS
Answer:
Usually GAP analysis is conducted at the beginning of the implementation in order to know which requirements are already covered by the organization and which ones the organization still needs to comply with. That being said, you don´t need to assess another GAP analysis but you will see how your organization is doing after performing the Internal Audit.
Here you can find a free ISO 9001 GAP analysi s tool: https://advisera.com/9001academy/iso-9001-gap-analysis-tool/
Regarding the exclusion of design and development from your scope, if your organization does not do any design work, but strictly work from designs given to you by a customer, then these requirements can rightly be determined to be not applicable to your organization.
To learn more about the exclusion of design and development from the scope, you can see this article - What clauses can be excluded in ISO 9001:2015: https://advisera.com/9001academy/blog/2015/07/07/what-clauses-can-be-excluded-in-iso-90012015/2015/
To learn more GAP analysis and exclusions from the scope you can see this materials:
- Book - Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Free on-line course - ISO 9001:2015 Foundations Course: https://advisera.com/training/iso-9001-foundations-course/