Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11269 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
First off/last off part validation
My question: how do we define applicable and appropriate in this clause? For example: we may run a job today that we don't run again for a year. Or, we may run a job today and all of the perishable tooling (and therefore the set-up) will be used up and require a new set of tools for the next run. Is it OK to take the stance that our variable job schedule and reliance on perishable tooling make it inappropriate to compare the last-off-piece to the subsequent first-off piece? How are other companies handling keeping and tracking these last-off pieces if they have long periods of time between jobs?
Answer:
The criteria for appropriateness is whether is reasonable and whether it will provide some value to the quality control of the product. In the case you've stated, in my opinion, it wont be appropriate so you don't have to perform first off/last off part validation.
The second criteria is the customer requirement. If the customer requires it, you have to do it, whether it is reasonable or not. -
Options for ISO 9001 implementation and certification
I am the head of QA department in Water utility services. I am planning for a budget to implementing ISO 90001:2015 project for next year. I am wondering what is the approximate budget to implement such project to implement the full package criteria of ISO 90001:2015 along with the certification?
I look forward to your response.
Answer:
The price of certification will depend on the certification body and the country your're in. Certification bodies determine their price by the number of audit days their certification auditors needs to spend for your certification audit. The number of audit days is determined by the number of locations you have, scope of the certification, number of employees and other factors. The best approach is to find several offers and pick the best one.
As far as the price of implementation goes, it depends on the option you select for the implementation. You can implement the standard by yourself without any help; this option will be the least expensive but it will require lot of effort and time and, at the end, you wont be 100% sure whether your ace compliant with the standard until the certification audit.
The second option is to hire a consultant and let him or her to do all the job. This is the fastest and the most expensive option, but the standard will be implemented properly. Since this option requires the least effort from your side, the chances are that you wont get sufficient knowledge during the implementation and you will need to hire a consultant from time to time when you prepare for the certification audit and this can cause additional costs.
The third option is to implement the standard by using some online solution such as ours, where you will do most of the work but all the technical stuff will be covered by the solution. This option also include the online support, so you'll get the help from the experts when you need it making it the most cost effective. Also, you will get sufficient knowledge along the implementation project to maintain the system in the future, so you won't need any external help.
For more information, see: Comparison matrices for ISO 9001 implementation solutions https://advisera.com/9001academy/comparison/ -
9.2 Auditoria interna
La última versión de la norma ISO 19011 fue publicada en 2011. La versión revisada del estándar se publicará a mediados de 2018
Es importante tener en cuenta que la ISO 19011 no determina ningún requisito, sino que se utiliza como una guía para la gestión del programa de auditorias, planificación y realización de las mismas, así como una guía para definir las competencias y evaluar el equipo de auditoria.
Las actividades de auditoria de ISO 19011 detallan la gestión de las actividades para las auditorias propiamente dichas. Este enfoque formal puede ayudar a asegurar que las auditorias internas sean efectivas y coherentes, y construyen la integridad del sistema de auditoria interna. Estos pasos definidos en ISO 19011 no son obligatorios ( por ejemplo, para pequeñas empresas pueden obviarse algunos de ellos), pero constituyen una buena práctica para llevar a cabo una auditoria.
Para más información puedes ver los siguientes artículos:
- "13 pasos para la auditoria interna ISO 9001 utilizando ISO 19011" (en inglés): https://advisera.com/9001academy/knowledgebase/13-s teps-for-iso-9001-internal-auditing-using-iso-19011/#
- "Cinc grandes pasos en la auditoria interna de ISO 9001": https://advisera.com/9001academy/pt-br/kit-de-documentacao-da-iso-9001/nowledgebase/cinco-grandes-pasos-en-la-auditoria-interna-de-iso-9001/
Estos materiales pueden ayudarte respecto a las auditorias internas de ISO 9001:
- Libro "Auditoria interna ISO: una guia en un lenguaje sencillo": https://advisera.com/books/auditoria-interna-iso-una-guia-en-un-lenguaje-sencillo/
- Capacitación gratuita en línea: "Curso fundamentos ISO 9001": https://advisera.com/es/formacion/curso-fundamentos-iso-9001/
- Conformio (herramienta en línea para ISO 9001): https://advisera.com/conformio/ -
ISO 27001 Audit requirements
Thank you. -
Risk assessment and risk treatment
Answer: Yes. Now that you have identified which risks are to be treated, you have to define with the risk owners the deadlines and required resources, and get the complete risk treatment plan approved by top management.
2- Should everything be done before we got certified? For example, if we want to get certified during summer 2018, should all deadlines in Risk treatment plan be set before that?
Answer: No. You can leave some of the controls for the implementation for after the certification under the following conditions:
1) That you have implemented before the certification the controls that mitigate the biggest risks – in other words, you can leave only less important controls for after the certification.
2) That you have specified th e deadlines for the controls that you will be implementing after the certification in your Risk Treatment Plan – of course, those deadlines must be after the certification date.
3) That your risk owners or top management accept all the risks for which controls have not been implemented before the certification.
This means that the most important controls must have ”implemented“ status at the certification, while the less important controls can have status ”planned“ or ”partially implemented" at the moment of the certification. Of course that for controls with status of ”partially implemented" you have to keep evidences of activities already performed regarding the implementation (the certification auditor won't audit the control, but he will verify if the implementation plan is being executed).
Included in the toolkit you bought you have access to video tutorials that can help you with the risk assessment and treatment process. -
Oportunidades en ISO 9001
En particular en el caso de la industria farmacéutica, cuales podrían ser?
O donde puedo encontrar material al respecto.
Mi respuesta:
La norma ISO 9001:2015 requiere de la organización determinar y seleccionar oportunidades para mejorar e implementar las acciones necesarias para cumplir con los requisitos del cliente y así aumentar su satisfacción.
Estas deberían de incluir:
a) mejorar productos y servicios para cumplir con los requerimientos así como abordar futuras necesidades y expectativas;
b) corregir, prevenir o reducir efectos no deseados;
c)mejorar el rendimiento y la efectividad del sistema de gestión de calidad.
Las oportunidades pueden llevar a la adopción de nuevas prácticas, lanzamiento de nuevos productos, la apertura de nuevos mercados, creación de alianzas, utilización de nueva tecnología y otras posibilidades deseables y viables para abordar las necesidades de la organización o de sus consumidores
Para más información, vea los sigu ientes artículos:
- "Cómo abordar los riesgos y las oportunidades en ISO 9001" (en inglés): https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/#
- "Metodología para el análisis de riesgos de ISO 9001" (en inglés): https://advisera.com/9001academy/blog/2015/09/01/methodology-for-iso-9001-risk-analysis/
Estos materiales también podrán ayudarle respecto a la determinación y evaluación de los riesgos y las oportunidades:
- Libro "Preparación para el proyecto de implementación ISO: una guía en un lenguaje sencillo": https://advisera.com/books/preparacion-para-el-proyecto-de-implementacion-iso-una-guia-en-un-lenguaje-sencillo/
- Capacitación gratuita en línea: Curso de fundamentos ISO 9001: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/
- Conformio (herramienta en línea para ISO 14001): https://advisera.com/conformio/ -
Auditing risks
Answer:
Considering the requirements of the standard related to risks and opportunities, it is hard to find nonconformities related to addressing risks and opportunities. You need to focus on the risks and opportunities related to the effectiveness of the QMS, product or service conformity and customer satisfaction. Fire extinguisher you mentioned belongs to occupational health and safety risks and it is not par o the QMS risks.
You need to see how they identify risks and opportunities, do they have a record about risks and opportunities and most importantly have they taken actions to address risks and opportunities. Since the standard doesn't require any record, the best way to look for evidence whether actions are taken and whether they were effective is the record about management review. The organization probably produced some records about the risks and opportunities, but the technique that you will have to relay the most is the interview with the top management.
For more information, see: How to address risks and opportunities in ISO 9001 https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/ -
Corrective vs. Preventive actions
Answer:
Corrective action is taken when there is some nonconformity in the product, process or the QMS (Quality Management System) itself. Purpose of the preventive action is to resolve the cause of the nonconformity and prevent it from recurring.
Preventive action is taken when there is no nonconformity but there is a high chance of nonconformity or the organization what to take actions to improve the processes or the QMS. Purpose of the preventive action is to prevent nonconformity from occurring in the first place and to improve the QMS. In new version of the standard, preventive actions are replaced with actions to address risks and opportunities.
For more information, see: Seven Steps for Corrective and Preventive Actions to support Continual Improvement https://advisera.com/9001academy/blog/2013/10/27/seven-steps-corrective-preventive-actions-support-continual-improvement/ -
External documents to be controlled
Answer: External documents are any documents not owned or controlled by an organization that are required to its operation, either mandatory or voluntarily adopted. Examples of external documents to be controlled are Laws (e.g., SOX and EU GDPR), standards and regulations (e.g., the ISO 27001 itself).
These materials will also help you regarding control of documents:
- Free video tutorial that you received as part of your toolkit: How to Write ISO 27001/ISO 22301 Document Control Procedure
- Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/
- Conformio (online tool for ISO 27001) https://advisera.com/conformio/