Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11272 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Implementing IATF 16949 over ISO 9001
IATF requirements assume that customer-authorized waiver must be documented in order to retain the evidence. We could see that per example at requirements 8.2.3.1.1 and 8.3.6.1.
Based on available facts at your question if you get documented waiver approval from the customer for Cpk monitoring above 1.33 that no issues with the IATF1694 clause 9.1.1.1.
Even that, you should to take in consideration that if during the monitoring process capability we have special causes that must be identified, analyze root causes and implement corrective actions to avoid reoccurrence., and according IATF16949 requirement 9.1.3.1 trends in operational performance shall be compared with progress toward objectives and lead to action to support prioritization of actions for improving customer satisfaction
-
Definitions of the audit findings
Rules for achieving and maintaining IATF recognition --- Fifth edition for IATF 16949 is a document provided by IATF that contains definitions for the terms you mentioned. Here are the definitions:
Major Non-Conformity
· The absence of or total breakdown of a system to meet and IATF 16949 requirement
· A number of minor non-conformities against one requirement can represent a total breakdown of the system and thus be considered a major non-conformity
· Any non-conformity that would result in the probable shipment of non-conforming products. A condition that may result in the failure or materially reduce the usability of the products or services for their intended purpose
· A non-compliance that judgment and experience indicate is likely to result in the failure of the quality management or to materially red uce its ability to ensure controlled processes and products
Minor Non-Conformity
· A failure to comply with IATF 16949 that, based on judgment and experience, is not likely to result in the failure of the quality management system or reduce its ability to ensure controlled processes or products. It may be one of the following:
o A failure in some part of the client’s quality management system relative to IATF 16949
o A single observed lapse in following on item of a company’s quality management system
Opportunity for Improvement
· A failure in some part of the client’s quality management system relative to IATF 16949
· A single observed lapse in following one item of a company’s quality management system -
GAP analysis and exclusions from QMS
Answer:
Usually GAP analysis is conducted at the beginning of the implementation in order to know which requirements are already covered by the organization and which ones the organization still needs to comply with. That being said, you don´t need to assess another GAP analysis but you will see how your organization is doing after performing the Internal Audit.
Here you can find a free ISO 9001 GAP analysi s tool: https://advisera.com/9001academy/iso-9001-gap-analysis-tool/
Regarding the exclusion of design and development from your scope, if your organization does not do any design work, but strictly work from designs given to you by a customer, then these requirements can rightly be determined to be not applicable to your organization.
To learn more about the exclusion of design and development from the scope, you can see this article - What clauses can be excluded in ISO 9001:2015: https://advisera.com/9001academy/blog/2015/07/07/what-clauses-can-be-excluded-in-iso-90012015/2015/
To learn more GAP analysis and exclusions from the scope you can see this materials:
- Book - Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Free on-line course - ISO 9001:2015 Foundations Course: https://advisera.com/training/iso-9001-foundations-course/ -
GDPR between two telecommunication companies
Answer:
It depends on the roles of the two telecommunication companies. If one of the telecom companies (company B) processes personal data on behalf of the other telecom company (company A) this means that company A is a data controller and company B is a data processor and in this case, there needs to be a legally binding document in place between the two companies. You can find a Controller to Processor Data Processing Agreement in our EU GDPR Documentation Toolkit (https://advisera.com/eugdpracademy/documentation/supplier-data-processing-agreement/).
You also need to have a legally binding document in place if the two companies are joint controllers as well.
Although not strictly required by the GDPR, it is a best practice to have GDPR Agreements also between two independent controllers. -
Implementing ISO 9001
Answer:
Look into the company at two different levels. First, map the flow of work from customer requirements and needs until customer served “What do you do?” (development of services, commercial activities, purchasing, providing the service, maintenance, training, management). Second, determine: the internal and external context, interested parties, quality policy and objectives, and risks and opportunities.
Characterize the processes and define and implement plans to meet objectives and address risks and opportunities.
The following material will provide you information about implementing an ISO 9001 management system:
- ISO 9001 – Six Key Benefits of ISO 9001 Implementation - https://advisera.com/9001academy/knowledgebase/six-key-benefits-of-iso-9001-implementation/
- free online training ISO 9001:2015 Lead Implementer Course - https://advisera.com/training/iso-9001-lead-implementer-course/
- book - Di scover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Personal data
Answer:
The EU GDPR defines personal data as “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological , genetic, mental, economic, cultural or social identity of that natural person;” (Article 4 – Definitions (https://advisera.com/gdpr/definitions/).
So, a phone number is identifiable information which is assimilated to personal data.
To find out more about personal data check out our “EU GDPR Foundations Course” (https://advisera.com/training/eu-gdpr-foundations-course//). -
Security objectives for IT Helpdesk function
Answer:
Broadly speaking, examples of security objectives for IT Helpdesk function are:
- Protection of IT Helpdesk user/customer data
- Maintenance of IT Helpdesk function availability
- Percent of business processes supported by the IT Helpdesk function
These articles will provide you further explanation about security objectives:
- Key performance indicators for an ISO 27001 ISMS https://advisera.com/27001academy/blog/2016/02/01/key-performance-indicators-for-an-iso-27001-isms/
- ISO 27001 control objectives – Why are they important? https://advisera.com/27001academy/blog/2012/04/10/iso-27001-control-objectives-why-are-they-important/ -
RBT and ISO 14001
Answer:
When you look into the external and internal issues you can identify risks and opportunities related with the intended outcomes of EMS. For example:
* technological trends may help you reduce environmental impacts;
* legislation trends may make more difficult to comply with legal obligations
“2. Since the standard doesn't require one to document the analysis above, how does one show evidence that the analysis is done, and it is sufficient and appropriate?”
Answer:
Without records, the auditor will have to interview the management team and see if the company had done the risk-based thinking (RBT) and simply write in the report that they demonstrated the RBT during interview with the management.
The following material will provide you information about applying RBT to an environmental management system:
- ISO 14001 – Risks and opportunities in ISO 14001:2015 – What the y are and why they are important - https://advisera.com/14001academy/blog/2016/03/07/risks-and-opportunities-in-iso-140012015-what-they-are-and-why-they-are-important/
- ISO 14001 risks and opportunities vs. environmental aspects - https://advisera.com/14001academy/blog/2016/06/06/iso-14001-risks-and-opportunities-vs-environmental-aspects/
- free online training ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
- book - THE ISO 14001:2015 COMPANION – A A Straightforward Guide to Implementing an EMS in a Small Business - https://advisera.com/books/the-iso-14001-2015-companion/ -
Implementation without prior knowledge
Answer:
I do think is possible to implement and complete ISO 9001:2015 certification with no prior knowledge. Documents included in the toolkits are designed to comply with all the ISO 9001:2015 so it includes not only the mandatory documents but the commonly used. The templates of the toolkit are also easy to complete, since they deal with technicities and provide many comments about how to fill out the specific information of your company and materials to understand all clauses and requirements. Our toolkits also include expert support, so you can talk to one of our experts in order to clarify some questions along the project and they can review some of your documents. This expert support can be up to 15 hours and 15 documents , so you will assure your organization successfully achieve the certification.
The dur ation of the implementation will depend on the size of the company and the complexity of the product and service but also on the resources provided for the project. You can use this tool to calculate the duration - ISO 9001 Implementation Duration Calculator: https://advisera.com/9001academy/iso-9001-duration-calculator/
To learn more about our toolkits you can see this Product Toor: https://advisera.com/9001academy/product-tour/
To learn more about implementing the standard by yourself, you can download this free whitepaper - Implementing ISO 9001 with a consultant vs DIY approach: https://info.advisera.com/9001academy/free-download/implementing-iso-9001-with-a-consultant-vs-diy-approach
This materials can help you with ISO 9001:2015 implementation by yourself:
- Book - Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- ISO 9001:2015 Foundations Course: https://advisera.com/training/iso-9001-foundations-course/ -
Services and design and development
Answer:
If an organization that provides a service designs and develops that service, the clause is applicable. For example, an organization that sells services for babysitting children may want to develop a new service about caring of older people. What is that new service about? What features are included? What requirements for caregivers? That is the scope of design and development.
The following material will provide you information about design and development:
- ISO 9001 – The ISO 9001 Design Process Explained - https://advisera.com/9001academy/blog/2013/11/05/iso-9001-design-process-explained/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/