Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • ISO 9001, a starting point


    Answer:

    As long as I understand your question, I will tell you how I work when, as a consultant, I have to help an organization from an economic sector I never worked before. Pick a blank sheet of paper. Start with your customers, on the left side put “customers with needs” and in the opposite side put “customers served”. What main stages can you identify between one extreme and the other. With the words that are most applicable to your organization you can write/draw a set of boxes with: Promoting the company -Winning customers or orders -Plan service (people, infrastructures, materials, …) -Provide service -Bill and receive. I call to this central flow “The Ronaldo of the business”. An organization exists for performing this flow, and the more th ey repeat it, the more they earn, the more everybody is happy.

    To support this central flow you can identify other kind of blocks of activities (processes), things like: Buying, Subcontracting, Maintenance, Training, Developing new products/services, even working with other interested parties that can influence customers or the business.

    Now, for each block of activities (process) look for requirements in ISO 9001. For example: Buying is related with clause 8.4; Commercial is related with clause 8.2 and so on

    Did I understand your question? Did I help?

    The following material will provide you information about mapping processes:

    - ISO 9001 – ISO 9001:2015 process vs. procedure – Some practical exemples - https://advisera.com/9001academy/blog/2016/01/19/iso-90012015-process-vs-procedure-some-practical-examples/
    - free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • AS9100D: Do you need to reject entire lots

    A manufacturer of aerospace parts uses a material to assist in his process. The manufacturer notices a defect in this material. The supplier of the material identifies the defect, quarantines the defective material and issues cause and corrective action report. The manufacturer rightfully rejects the material identified as defective BUT also all material associated with the sale lot number even though the supplier has certified this material as within specification and not defective.
    The bad parts manufacturer claims he MUST reject the entire lot based on AS9100 rules. Do you agree with the manufacturer’s position?

    Answer:
    An interesting question, but not an AS9100 requirement. Section 8.7 of AS9100 Rev D does not state that an entire lot needs to be rejected due to one bad part, and does not preclude sorting out the good parts from the in a lot for use. Section 8.4 on Control of externally provided processes, products and services also does not preclude the use of the acceptable products in a lot, nor does it state that you need to impose full lot acceptability on your suppliers.
    That being said there may be a customer requirement or an internal requirement to this affect, but it is not correct to attribute this strict control on AS9100.
    For some other information on AS9100 Myths see this article: https://advisera.com/9100academy/blog/2017/08/21/6-common-myths-about-as9100-rev-d/

  • AS9100 RevD Process Documentation

    Answer:
    AS9100 Rev D does not specify which operational procedures (section 8.5) need to be documented and which do not so long as the production processes are verified to meet requirements. So, the decision is up to you; if an all-inclusive process will prevent errors and meet requirements then this is acceptable, but if there could be a problem then you should do a separate procedure. This is valid, of course, unless you have a customer requirement that demands that you have a separate procedure.
    For more on what is required for documentation in AS9100 Rev D see this white paper: https://advisera.com/9100academy/knowledgebase/list-of-mandatory-documents-in-as9100-rev-d/

  • SWOT analysis and internal & external issues


    Answer:

    SWOT analysis is not mandatory. SWOT analysis is a tool that an organization can use to assess its situation – either internally, either externally. When working with an organization I help them list internal and external issues. Then, in order to make that information actionable I invite them to distribute those issues among 4 categories: strengths, weaknesses, opportunities and threats. For example, yesterday I worked with a company that assembles a product that legislation and social trends is making demand grow. So, legislation trends are an opportunity. And their difficulty in scaling production is a weakness.

    The following material will provide you information about SWOT and internal and external issues:

    - ISO 9001 – How to identify the context of the organization in ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/how-to-identify-the-context-of-the-organization-in-iso-90012015/
    - free online training ISO 9001:2015 Foundat ions Course – https://advisera.com/training/iso-9001-foundations-course/
    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • ISO 27001 & Regulatory laws

    Thx a million !

  • Filling SoA template

    ID: A.6.1.3
    Column: implementation method

    If our company doesn’t implement the operational continuity management and Dejan says: we should mention the person which is responsible for. Is it enough just to fill in the person which is responsible for? Without a plan or guideline where this person is mentioned in?

    Answer: If your company does not implement business continuity, but assigns personnel to contact authorities as required by control A.6.1.3, then you must fill in in the implementation method, not only the responsible person, but also to which authority this person can contact with. For example, Head of Facilities can contact with Policy and Emergency services, CISO can contact with security experts, etc.

  • Information security policies


    Do I understand correctly that for a smaller company (~30) it is sufficient to have one detailed document in form of the Acceptable Use Policy and then it is not necessary anymore to fill out all the smaller ones as mentioned above? Or do you need both? I feel like they are somewhat redundant.

    Thank you very much. Looking forward to your answer to move on quickly.

    Answer: You understanding is correct. If a single Use Acceptance Policy can fulfil your needs you do not need to develop other policies.

    These article will provide you further explanation about policies development:
    - 8 criteria to decide which ISO 27001 policies and procedures to write 8 criteria to decide which ISO 27001 policies and procedures to write https://advisera.com/27001academy/blog/2014/07/28/8-criteria-to-decide-which-iso-27001-policies-and-procedures-to-write/
    - One Information Security Policy, or several policies? https://advisera.com/27001academy/blog/2013/06/18/one-information-security-policy-or-several-policies/

  • Control 6.1.2


    (I would like you to help me understand A 6.1.2 more fully. By my understanding, it concerns access rights to conflicting information, for example: Purchasing department, conflict of access to the financial department. I am creating an array that informs the access rights and control barriers indicated. I'm in the right way?)

    Answer: Seu entendimento está correto. A segregação de funções se faz necessárias para que uma única pessoa não tenha controle ou conhecimento de todas as etapas de um processo crítico para o negócio.

    (Your understanding is correct. The segregation of functions is necessary so that a single person does not have control or knowledge of all the steps of a process criti cal to the business.)

    Este artigo irá lhe fornecer mais informações:
    - Segregation of duties in your ISMS according to ISO 27001 A.6.1.2 https://advisera.com/27001academy/blog/2016/11/21/segregation-of-duties-in-your-isms-according-to-iso-27001-a-6-1-2/

  • Herramienta de los 5 porqués


    Respuesta:

    Lo importante es encontrar la causa raíz de la noconformidad con el fin de establecer las acciones correctivas pertinentes, luego si la causa la encuentras antes de contestar las 5 preguntas no significaría un problema, ni mucho menos una noconformidad.

    La técnica de los 5 porqués como bien indica usted, puede ser utilizada para encontrar la causa raíz de la noconformidad, pero se trata sólo de una técnica, ya que existen otras herramientas como la del diagrama del espinazo que pueden ayudar a identificar las causas. Es más, cuando encontramos una noconformidad el origen podría estar en más de una causa raíz.

    Este artículo le puede ayudar a ent ender más el análisis de la causa raíz - Cómo utilizar el análisis de la causa raíz para apoyar las acciones correctivas en su SGC (disponible en inglés): https://advisera.com/9001academy/blog/2016/03/01/how-to-use-root-cause-analysis-to-support-corrective-actions-in-your-qms/#

    Además estar herramientas también pueden ser útiles para la identificación de las causas de las noconformidades:
    - Libro ISO 9001:2015 a través de ejemplos prácticos (disponible en inglés): https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
    - Curso gratuito en línea Fundamentos ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/

  • Clause 8.4

    8.4 Control of externally provided processes, products and services
    1) Would this include control of purchased raw materials? In the case of us as a commercial printer: paper, ink, etc.? I can not find another section that specifies raw materials, but thought it might fall under the category of “products”.
    2) Also, the the text of sections 8.7 and 10.2 which cover non-conformities seem to focus on final product and not on purchased product or services (including raw materials). Is it correct that the same procedures can be followed for non-conformities on purchased items as well as final outputs?

    Answer:

    1) Yes, it includes purchased products such as raw materials, components, supplies, machinery and equipment, maintenance, etc.
    2) You are correct. Nonconformities can be found not only in final outputs but also in both purchased products and supplier performance, so your controls must be based on the prevention of these possible non-conformities.

    To learn more about co ntrol of external providers you can see:
    - How to evaluate supplier performance according to ISO 9001:2015: https://advisera.com/9001academy/blog/2015/10/27/how-to-evaluate-supplier-performance-according-to-iso-90012015/
    - How to control outsourced processes using ISO 9001: https://advisera.com/9001academy/blog/2015/05/05/how-to-control-outsourced-processes-using-iso-9001/

    Also these material can help you with clause 8.4 Control of externally provided processes, products and services:
    - Book – Discover ISO 9001:2015 Through Practical Examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
    – Free online training ISO 9001:2015 Foundations Course: https://advisera.com/training/iso-9001-foundations-course/
Page 697-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +