Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11269 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Updating ISO 9001 and ISO 13485
Answer:
Bot ISO 9001 and ISO 13485 have new versions, so if you implemented old versions of these standards, you need to make transition to the new versions in order to maintain the certificates. The deadline for the transition is September 2018.
If you have only ISO 9001:2008, then you only need to make transition to ISO 9001:2015. Here is one interesting article that can help you: Infographic: ISO 9001:2015 vs. 2008 revision – What has changed? https://advisera.com/9001academy/knowledgebase/infographic-iso-90012015-vs-2008-revision-what-has-changed/ Good thing with having ISO 9001:2008 implemented is that ISO 13485:2016 is based on ISO 9001:2008 and you can keep all the documents and make addition to become compliant with ISO 13485:2016, for more information, see Inf ographic: What’s new in the 2016 revision of ISO 13485 https://advisera.com/13485academy/blog/2016/12/06/infographic-whats-new-in-the-2016-revision-of-iso-13485/ -
Competence definition in IATF 16949
Answer:
Competence is defined as "the demonstrated ability to apply knowledge and skills". This means that the person is competent when it is able to perform a task successfully. Competencies refer to skills or knowledge that lead to superior performance. Measurable skills, abilities and personality traits that identify successful employees against defined roles within an organisation.
Skills define specific learned activities, and they range widely in terms of complexity. (“Mopping the floor” and “performing brain surgery” can both be classified as skills.) Knowing which skills a person possesses helps us determine whether their training and experience has prepared them for a specific type of workplace activity. In other words, skills give us the “what.” They tell us what types of abilities a person needs to perform a specific activity or job.
But skills don’t give us the “how.” How does an individual perform a job successfully? How do they behave in the workplace environment to achieve the desired result? Competencies provide that missing piece of the puzzle by translating skills into on-the-job behaviors that demonstrate the ability to perform the job requirements competently. -
Security on social networks
(How to protect and prevent leakage of information through social networks?)
Answer: First thing, you should consider organizational policies to define how control the access to information in a general manner, this way limiting access to sensitive information, and to guide your employees about the use of social networks, so they can know which kind of information can be posted or not, and which security measure they should take regarding user accounts (e.g., use of passwords, sharing access, etc.). These can be independent policies or part of another one, like an acceptable use policy. See a free demo of our access control policy and acceptable use policy at these links: https://advisera.com/27001academy/documentation/access-control-policy/ and https://advisera.com/27001academy/documentation/it-security-policy/
After that you have to perform training and awareness activities to formally present the policies to the employees and ensure all of them know how to proce ed.
The final step is periodically monitor posted information on social networks so you can evaluate if your controls are working properly, and with that information prepare action plans to make required adjustments.
This article will provide you further explanation about developing polices and user awareness:
- Seven steps for implementing policies and procedures https://advisera.com/27001academy/knowledgebase/seven-steps-for-implementing-policies-and-procedures//
- 8 Security Practices to Use in Your Employee Training and Awareness Program https://advisera.com/27001academy/blog/2015/03/02/8-security-practices-to-use-in-your-employee-training-and-awareness-program/
- How to perform training & awareness for ISO 27001 and ISO 22301 https://advisera.com/27001academy/documentation/it-security-policy/
These materials will also help you regarding polices and user awareness:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/ -
Documentación opcional
La lista de documentos obligatorios corresponde a documentos como los objetivos de calidad, la política de calidad, el alcance del SGC y otros. Mientras que los documentos opcionales corresponden principalmente a los procedimientos, ya que no son obligatorios según ISO 9001:2015.
Por otro lado debe saber que en la norma no encontrará el término de documento ni registro obligatorios, sino que se habla de información documentada que debe ser mantenida (documentos) y que debe ser retenida (registros)
Para más información sobre documentación obligatoria y opcional puede ver los siguientes materiales:
- Lista de documentos obligatorios requeridos por la ISO 9001:2015: https://advisera.com/9001academy/es/knowledgebase/lista-de-documentos-obligatorios-requeridos-por-la-iso-90012015/
- Curso gratuito de Fundamentos de ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/
-
Assigning roles and responsibilities in EMS
Top management must assign responsibilities and relevant roles for the EMS development, reporting, and maintenance so that it meets the intended goals.
Do you have a guidance toolkit please?
Answer:
We do not have separate toolkit for assigning roles and responsibilities withing EMS (Environmental Management System) and you do not need one. You simply need to define through your procedures and working instructions who is responsible for what, or you can have separate document where you will define all roles and responsibilities within the EMS.
For more information, see: What are the key roles and responsibilities in the EMS?
https://advisera.com/14001academy/blog/2016/11/21/what-are-the-key-roles-and-responsibilities-in-the-ems/ -
Example of Quality Policy and SPC
Answer:
Requirements for quality policy in IATF 16949 are same as in ISO 9001:2015. The policy must be appropriate to the purpose and context of the organization and to support its strategic direction, to provide framework for setting the quality objectives, includes commitment to satisfy applicable legal requirements and include commitment to improve quality management system.
At the moment, we do not have available Quality Policy for IATF 16949, but as I mentioned before, requirements are the same as for ISO 9001, so you can download free preview of our ISO 9001 Quality Policy to get an idea on how to develop it https://advisera.com/9001academy/documentation/quality-policy/ In addition, you can take a look at this article: How to Write a Good Quality Policy https://advisera.com/9001academy/blog/2014/03/25/write-good-quality-policy/
As far as implementing SPC (Statistical Process Control) online, you will need some software solution -
Support material for online courses
Answer: Yes, it is possible to become certified with only the information provided in the course, but you should consider buying the ISO books as sources of explanations and examples that can make it easier to understand the standard, and it is always good to have this kind of information at hand for a quick consultation.
You can find our available books at this link: https://advisera.com/books/ -
Disposal of asbestos sheets
Answer:
Asbestos cement sheeting is commonly found as grey corrugated or flat sheets. It is thin and brittle and produces a clean edge when broken. It contains a small amount of asbestos encapsulated within cement, which, in good condition, does not normally present a risk to health. Please remember that any work on asbestos sheet may generate airborne asbestos fibers.
Asbestos should be disposed at organization authorized for handling asbestos, such as waste recycling centers. Before bringing asbestos to the waste recycling centre, take these actions to to ensure your asbestos will be accepted:
- all pieces of asbestos should be double wrapped in heavy duty plastic, this does not include plastic such as bin liners or carrier bags
- the double wrapped plastic does not need to be clear, but you should ensure that nothing is protruding from inside the plastic as this will not be accepted
- you should soak large pieces before breaking it down to bring on to site - this stops fibers escaping
For more information on handling and disposal of asbestos, see: Guideline for Construction/Asbestos Waste Management https://advisera.com/14001academy/documentation/guideline-for-constructionasbestos-waste-management/ -
Alternative controls and control plan
how can I handle the alternate process control method? within the "normal" control plan? or make another control plan?
If I use the normal control plan, have a mark an any way the alternate controls?
Answer:
The organization needs to identify, document and maintain the alternate methods for process control and get approval from the customer for these controls. The list of alternate process control methods should be referenced in a control plan, so you do not have to create another control plan, just include in existing one references to the alternate controls.
Since alternate controls are used incidentally and not on the regular basis (the standard requires organization to return to the standard process as soon as possible), the alternate controls should be distinguished in some way from the regular controls in the control plan. -
Documenting Design History File
If all our records are electronic (e.g. JIRA, confluence, office365) do we need to maintain a design history file (DHF)? Or can we just provide all the documents or an index of those documents?
Answer:
Design and Development File and Design History File are basically the same documents. The ISO 13485 standard requires organization to maintain this file for each medical device type or device family. It must include either records or references to them to demonstrate conformity to the requirements for design and development and records for design and development changes.
You don't have to have separate record for it, you can create database or index to all of those documents.