Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11269 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Documenting competence and awareness in ISO 9001
Dear Alessandro,
Please find the answers bellow:
1. Every record should have proper identification, description, format and media. I think your system satisfies these requirements.
2. The standard doesn't define who should approve the documents, so you can put the department head if it is the most suitable person.
You can keep records on any media you like, I'm also more leaning towards electronic than paper documents.
Here is one article that can be interesting to you: New approach to document and record control in ISO 9001:2015 https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/
These materials will also help you regarding document and record control:
- Book Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/
- Free online training ISO 9001:2015 Foundations Course https://advisera.com/training/iso-9001-foundations-course/
- Conformio (online tool for ISO 9001) https://advisera.com/conformio/ -
Conflicting management systems
Can there be a single choice between ISO22301 and 27001 for technology companies? Or which one takes the priority and should be implemented first?
Answer: The choice between ISO 22301 or ISO 27001, or which one to implement first will depend on organization's context and its objectives, so there is no definitive answer for this question.
If your scope is just supporting your business processes, you might get more by focusing on implementing ISO 22301.
If your scope handles just digital products, and information technology processes are the core of your organization, the implementing of ISO 27001 would be a better choice.
Regarding the concepts conflicts, the first thing would be for the spons ors to try to reach an agreement about a common version that would satisfy both sets of requirements. If this is not possible, then the situation should be taken to top management for evaluation what should be the best decision (e.g., to decide for a single concept to be used or accept the additional administrative effort that such difference will bring). But considering the current versions of ISO management standards releases after 2012, the integration of concepts shouldn't be hard to achieve.
This article will provide you further explanation about ISO 22301 and ISO 27001 implementation:
- What to implement first: ISO 22301 or ISO 27001? https://advisera.com/27001academy/blog/2017/04/03/what-to-implement-first-iso-22301-or-iso-27001/
- How to use ISO 22301 for the implementation of business continuity in ISO 27001 https://advisera.com/27001academy/blog/2015/06/15/how-to-use-iso-22301-for-the-implementation-of-business-continuity-in-iso-27001/
These materials will also help you regarding ISO 22301 and ISO 27001 implementation:
- Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- ISO 27001 & ISO 22301: Why is it better to implement them together? [free webinar on demand] https://advisera.com/27001academy/webinar/iso-27001iso-22301-certification-process-free-webinar-demand/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/ -
ISO 27001 and PCI DSS
Answer: ISO 27000 certification is not equal to PCI, so being ISO 27001 compliant does not make your organization automatically compliant with PCI DSS, although ISO 27001 practices can contribute to achieve PCI compliance. That said, your organization will have to go through all the steps required to PCI certification, but your ISO 27001 certified ISMS will for sure reduce the required effort.
These articles will provide you further explanation about ISO 27001 and PCI DSS:
- PCI-DSS vs. ISO 27001 Part 1 – Similarities and Differences https://advisera.com/27001academy/knowledgebase/pci-dss/
- PCI-DSS vs. ISO 27001 Part 2 – Implementation and Ce rtification https://advisera.com/27001academy/knowledgebase/pci-dss/ -
Writing Quality Manual
Answer:
The standard does not require the manual, but if you decide to write it, you can write it in any way that you find the most suitable to your company. Writing the manual that follows clauses of the standard is one of the most common approaches. For more information, see: Writing a short Quality Manual https://advisera.com/9001academy/knowledgebase/writing-a-short-quality-manual/
Here you can download free preview of our Quality Manual /https://advisera.com/9001academy/documentation/quality-manual/ and our ISO 9001 Documentation Toolkit https://advisera.com/9001academy/iso-9001-documentation-toolkit/
These materials will also help you regarding the manual and documentation:
- Book Managing ISO Documentation: A Plain English Guide /books/managin g-iso-documentation-plain-english-guide/
- Free online training ISO 9001:2015 Foun dations Course https://advisera.com/training/iso-9001-foundations-course/
- Conformio (online tool for ISO 9001) https://advisera.com/conformio/ -
Writing Environmental Manual for ISO 14001:2015
Please could you send me a drift of quality manual and a sample of procedures ..many thanks to you.
Answer:
The standard does not require the manual, but if you decide to write it, you can write it in any way that you find the most suitable to your company. Writing the manual that follows clauses of the standard is one of the most common approaches. For more information, see: What is an environmental management system manual? https://advisera.com/14001academy/knowledgebase/what-is-an-environmental-management-system-manual/
Here you can download free preview of our Environmental Manual https://advisera.com/14001academy/documentation/environmental-manual/ and our ISO 14001 Documentation Toolkit https://advisera.com/14001academy/iso-14001-documentation-toolkit/
These materials will also help you regarding the manual and documentation:
- Book Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/
- Free online training ISO 14001:2015 Foundations Course https://advisera.com/training/iso-14001-foundations-course/
- Conformio (online tool for ISO 14001) https://advisera.com/conformio/ -
Several questions on ISO 9001 transition
1. We are in middle of some changes in company personnel distribution and work organization. This is effecting the quality procedures and documentation which is not being done the way our quality policy requires. The next external audit is in a few months. The question is: Can the external audit be prolonged for a few months so we have time to change the quality procedures to meet our new work organization policy?
Yes, you can prolong the certification audit, but you need to contact the certification body and talk with them. Keep in mind that there is possibility that you wont be having certificate until the certification audit is conducted.
2. Based on the first question. Will the external audit require the documentation that hasn't been done correctly as an result of the new work organization or the audit will accept the new documentation?
The auditors will examine only the documents that are part of your Quality Management System at the moment of the certification audit, they wont examine the documents that are still not a part of your QMS documentation.
3. What is the required number of internal audit's in a company of 275 workers, or is this number in hands of the company quality manager?
The standard does not define number of internal audits that needs to be conducted, but the usual practice is to cover entire scope of the QMS within one year period. How many audits will be needed depends on the capacity of the company, if you have several auditors you can cover entire scope of the QMS in one day and if you have only one auditor you will need several days or several internal audits.
4. What are the requirements to become company's quality manager? Does ISO 9001 define this?
The standard doesn't define required competency for quality manager, but usually it includes knowledge about the standard and processes within the organization. For more information, see: What is the job of the Quality Manager according to ISO 9001? https://advisera.com/9001academy/blog/2016/08/23/what-is-the-job-of-the-quality-manager-according-to-iso9001/
5. What are the requirements to be an internal audit in the company?
The standard doesn't define competency for internal auditor, but it is usually required from the auditor to be familiar with the standard and auditing techniques. For more information, see: ISO 9001 internal auditor training: Is it for me? https://advisera.com/9001academy/blog/2015/06/02/iso-9001-internal-auditor-training-is-it-for-me/
6. What if we don't pass the external audit because of faulty documentation? What are the consequences, and what is the procedure to get back on track with quality certification?
In case when your documentation is not compliant with the standard, the certification audit will issue you nonconformities and will define some deadline for your organization to remove these nonconformities. Once the nonconformities are removed, the certification body will issue your organization the certificate. For more information, see: How to deal with nonconformities in an ISO 9001 certification audit https://advisera.com/9001academy/blog/2015/06/09/how-to-deal-with-nonconformities-in-an-iso-9001-certification-audit/
These materials will also help you regarding internal audit:
- Book Preparing for ISO Certification Audit: A Plain English Guide https://advisera.com/books/preparing-for-iso-certification-audit-plain-english-guide/
- Free online training ISO 9001:2015 Internal Auditor Course https://advisera.com/training/iso-9001-internal-auditor-course/
- Conformio (online tool for ISO 9001) https://advisera.com/conformio/ -
Ensuring control of Quality Policy
Answer:
The way of ensuring that the Quality Policy is controlled is to apply your procedure for document control to it as for any other document in your Quality Management System. The policy should be approved by the top management, preferably signed, and it should have its version number. Having version number will enable you to keep track whether the right version of the policy is available on the website, lobby and other places where it is published.
For more information, see: How to Write a Good Quality Policy https://advisera.com/9001academy/blog/2014/03/25/write-good-quality-policy/
These materials will also help you regarding internal audit:
- Book Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/
- Free online training ISO 9001:2015 Foundations Course https://advisera.com/training/iso-9001-foundations-course/
- Conformio (online tool for ISO 9001) https://advisera.com/conformio/ -
Questions on IATF 16949 transition
1. what are the changes to the Non conformance Report (Internal Audit) closing format?
There are no changes in requirements regarding nonconformity record or internal audit report. You can continue to use your existing records for nonconformities or internal audit report. For more information, see: Five Main Steps in an IATF 16949:2016 Internal Audit https://advisera.com/16949academy/knowledgebase/five-main-steps-in-an-iatf-169492016-internal-audit/
2. Who will be audited for areas covered by erstwhile MR?
Thee fact that the management representative is no longer a mandatory role doesn't mean that it is forbidden. If the organization finds management representative as an important role for its QMS, it can keep it. What areas or what persons will be audited in case when there is no management representative will depend on how the organization assigned roles and responsibilities, but it is usually quality department or quality manag er, who will take charge and be audited. For more information, see: What will be the destiny of the management representative in the new ISO 9001:2015? https://advisera.com/9001academy/knowledgebase/what-will-be-the-destiny-of-the-management-representative-in-the-new-iso-90012015/
3. Who shall make plans for internal audits - i.e. whose responsibility will it be?
The standard doesn't prescribe who will be responsible for making plans for internal audits, so the organization can assign this responsibility to any person that it finds the most appropriate. Usually, this will be quality manager or some other member of quality department. For more information, see: What is the job of the Quality Manager according to ISO 9001? https://advisera.com/9001academy/blog/2016/08/23/what-is-the-job-of-the-quality-manager-according-to-iso9001/
4. What shall be the responsibilities and authorities of person(s) replacing MR/
The above are some of the doubts I have. Some of my clients are in the process of transition to ISO 9001 2015 and TS 16949 2016,
Besides requirements of ISO 9001:2015 regarding roles and responsibilities that include ensuring compliance of the QMS with the standard, effectiveness of the processes, reporting on the performances of the QMS to the top management and promoting continual improvement, IATF 16949 has additional requirements to define roles and responsibilities for meeting customer requirements, ensuring conformity of products and services and initiating and enforcing corrective actions.
All these roles and responsibilities don't have to assigned to one person, but can be spread to several persons so they don't become too big burden.
These materials will also help you regarding internal audit:
- Free online training ISO 9001:2015 Internal Auditor Course https://advisera.com/training/iso-9001-internal-auditor-course/
- Conformio (online tool for ISO 9001) https://advisera.com/conformio/