Clause 1 Scope of ISO 9001:2015 explains to what kind of companies the standard applies in terms of size, type of business, type of product or service, etc. On the other hand, the clause 4.3 defines requirements for organization to define scope of its QMS (Quality Management System).
Clause 1 does not have any requirements for the QMS, it just explains to what kind of organizations the standard can apply and clause 4.3 contains actual requirements of the standard and these requirements will be audited during the certification audit. For more information, see: How to define the scope of the QMS according to ISO 9001:2015 https://advisera.com/9001academy/knowledgebase/how-to-define-the-scope-of-the-qms-according-to-iso-90012015/
By the way, the fact that your company is not an IT organization does not mean you will exclude all of IT controls - most of the companies today need to include controls like backup, antivirus, access control, etc. This article will help you with the controls: Overview of ISO 27001:2013 Annex A https://advisera.com/27001academy/iso-27001-controls/
Answer: Regarding ISO 27001, the courses you should consider are:
- ISO 27001 internal auditor: this course is made for beginners in information security and internal auditing, requiring no prior knowledge.
- ISO 27001 Lead Auditor: this course will clarify you about management system purpose and structure and how to plan and conduct an audit, alone or leading an audit team. This is the only course for which someone receive an international recognized certification, if the course is done with an accredited provider.
- ISO 27001 Lead Implementer: this course will clarify you about the process how to implement an ISMS according ISO 27001 requirements.
Requirements of the new clause 5 doesn't differ much from the clause 5 in the previous version of the standard when it comes to documentation. There is no requirement to make any document other than Quality Policy. Most of the requirements, such as leadership and commitment, roles, responsibilities and authorities do not require documenting a procedure and can be meet indirectly through other actions.
For example, the top management will demonstrate leadership and commitment by participating in determining the context and risks and opportunities, setting the objectives,etc. On the other hand, although the roles and responsibilities are not required to be documented, they usually are through other procedures such as procedure for production, sales procedure, etc where you define who do es what.
La política ambiental que tiene actualmente la empresa debería de seguir los mismos principios de ISO 14001, que establece las intenciones y direcciones de la organización respecto a su impacto en el medio ambiente. Además tendría que incluir los siguientes elementos:
- Ser apropiada a los impactos ambientales de las actividades de la empresa
- Un compromiso de mejora continua
- Cumplir con todos los requerimientos legales y contractuales
- Establecer objetivos y metas
Si la política ambiental no cumple con todos estos elementos y/o éstos no están bien documentados, implementados y mantenidos, entonces sería necesario cambiar o adaptar la política ambiental de la organización a los requerimientos de ISO 14001
When it comes to Quality Policy, ITAF 16949 doesn't have any additional requirements to requirements of ISO 9001:2015 and since ISO/TS 16949:2009 didn't have any additional requirements to requirements of ISO 9001:2008, the difference is the same as the difference between ISO 9001:2015 and ISO 9001:2008.
Basically, the only new requirement is that the policy must be appropriate to the purpose and context of the organization and supports its strategic direction.
New version of IATF 16949:2016 does not have separate section dedicated to production process validation and it does not have any additional requirements for validation other the requirements of ISO 9001:2015 and that is the organization must perform "the validation, and periodic revalidation, of the ability to achieve planned results of the processes for production and service provision, where the resulting output cannot be verified by subsequent
monitoring or measurement"
Requirements for documented procedures in ISO 9001:2015
Answer:
There is no explicit requirement in ISO 9001:2015 to document procedures for any process. When it comes to requirements for documentation, the standard requires organization to:
a) maintain documented information to support the operation of its processes;
b) retain documented information to have confidence that the processes are being carried out as planned.
This means that he company can decide whether it needs a documented procedure, flowchart or any other document to ensure that the process is carried out as planned but it doesn't mean that you need documented procedure for any process in the QMS. The good rule of thumb when it comes on deciding whether the documented procedure is needed is to consider whether such procedure would prevent occurrence of nonconformities. If it does, then you should document a procedure, if not, then the docume nted procedure is redundant.
We are an architecture firm, we make design also and execution of the same for Interior fit out.
Design review from my angle is We need to collect all the customer requirements and review the same against the drawings and issue drawings to client for their review.
Once the review comes from client and all our doubts are clear we go for
Design Verification - we need to Verify all the remarks and requirements of client, Specifications and after verification issue the Working drawings for execution
Design Validation – We check the execution with the specifications laid down by the client
Please give your remark on the above understanding.
Answer:
The purpose of the design review is to determine whether the final design is aligned with requirements of the customer or any other input requirements for the design. Customer requirements regarding the design should be reviewed prior to accepting to deliver the design and once the company a greed to deliver design according to customer requirements, those requirements become input for the design.
Design verification activities are conducted to ensure that the design and development outputs meet the input requirements. It can be done in different stages of the design project and it is an input for the design review.
Design validation is conducted to ensure that the resulting design meets the requirements for the specified application or intended use. Validation is for example, computer simulation or 3D view of the design or static calculation.
In simple terms, the validation should prove that the building wont collapse, before building has even started and verification demonstrates that the building that is already built is compliant with input requirements including customer requirements and legal requirements.