Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11269 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Clause 1 Scope vs clause 4.3 Scope of QMS
Answer:
Clause 1 Scope of ISO 9001:2015 explains to what kind of companies the standard applies in terms of size, type of business, type of product or service, etc. On the other hand, the clause 4.3 defines requirements for organization to define scope of its QMS (Quality Management System).
Clause 1 does not have any requirements for the QMS, it just explains to what kind of organizations the standard can apply and clause 4.3 contains actual requirements of the standard and these requirements will be audited during the certification audit. For more information, see: How to define the scope of the QMS according to ISO 9001:2015 https://advisera.com/9001academy/knowledgebase/how-to-define-the-scope-of-the-qms-according-to-iso-90012015/ -
Certifying non-IT organization
Answer: Yes, you can certify a company if you justify the exclusion of certain controls - this is done through a process of risk assessment, see this article for explanation: The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
By the way, the fact that your company is not an IT organization does not mean you will exclude all of IT controls - most of the companies today need to include controls like backup, antivirus, access control, etc. This article will help you with the controls: Overview of ISO 27001:2013 Annex A https://advisera.com/27001academy/iso-27001-controls/
These materials will also help you learn the basics of ISO 27001 and how to implement i t:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your
Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course
https://advisera.com/training/iso-27001-foundations-course/ -
ISO courses for individuals
Answer: Regarding ISO 27001, the courses you should consider are:
- ISO 27001 internal auditor: this course is made for beginners in information security and internal auditing, requiring no prior knowledge.
- ISO 27001 Lead Auditor: this course will clarify you about management system purpose and structure and how to plan and conduct an audit, alone or leading an audit team. This is the only course for which someone receive an international recognized certification, if the course is done with an accredited provider.
- ISO 27001 Lead Implementer: this course will clarify you about the process how to implement an ISMS according ISO 27001 requirements.
This articles will provide you further explanation about ISO courses for individuals:
- ISO 27001 Internal Auditor training – Is it good for my career? https://advisera.com/27001academy/blog/2016/03/29/iso-27001-internal-auditor-training-is-it-good-for-my-career/
- What does ISO 27001 Lead Auditor training look like? ht tps://advisera.com/27001academy/blog/2016/08/29/what-does-iso-27001-lead-auditor-training-look-like/
- What does ISO 27001 Lead Implementer training look like? https://advisera.com/27001academy/blog/2016/11/28/what-does-iso-27001-lead-implementer-training-look-like/
- How to learn about ISO 27001 and BS 25999-2 https://advisera.com/27001academy/blog/2010/11/30/how-to-learn-about-iso-27001-and-bs-25999-2/
These materials will also help you regarding ISO courses for individuals:
- ISO 27001 Lead Auditor Course preparation training [free webinar on demand] https://advisera.com/training/iso-27001-lead-auditor-course/
- ISO 27001:2013 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/ -
Implementing ISO 9001 in a library
ok -
Documenting clause 5
Answer:
Requirements of the new clause 5 doesn't differ much from the clause 5 in the previous version of the standard when it comes to documentation. There is no requirement to make any document other than Quality Policy. Most of the requirements, such as leadership and commitment, roles, responsibilities and authorities do not require documenting a procedure and can be meet indirectly through other actions.
For example, the top management will demonstrate leadership and commitment by participating in determining the context and risks and opportunities, setting the objectives,etc. On the other hand, although the roles and responsibilities are not required to be documented, they usually are through other procedures such as procedure for production, sales procedure, etc where you define who do es what.
For more information, see: How to comply with new leadership requirements in ISO 9001:2015 https://advisera.com/9001academy/knowledgebase/how-to-comply-with-new-leadership-requirements-in-iso-90012015/ -
Política ambiental
Mi respuesta:
La política ambiental que tiene actualmente la empresa debería de seguir los mismos principios de ISO 14001, que establece las intenciones y direcciones de la organización respecto a su impacto en el medio ambiente. Además tendría que incluir los siguientes elementos:
- Ser apropiada a los impactos ambientales de las actividades de la empresa
- Un compromiso de mejora continua
- Cumplir con todos los requerimientos legales y contractuales
- Establecer objetivos y metas
Si la política ambiental no cumple con todos estos elementos y/o éstos no están bien documentados, implementados y mantenidos, entonces sería necesario cambiar o adaptar la política ambiental de la organización a los requerimientos de ISO 14001
Para más información vea, "Cómo escribir una política ambiental en ISO 14001": https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/how-to-write-an-iso-14001-environmental-policy/# -
Changes in Quality Policy per IATF 16949
Answer:
When it comes to Quality Policy, ITAF 16949 doesn't have any additional requirements to requirements of ISO 9001:2015 and since ISO/TS 16949:2009 didn't have any additional requirements to requirements of ISO 9001:2008, the difference is the same as the difference between ISO 9001:2015 and ISO 9001:2008.
Basically, the only new requirement is that the policy must be appropriate to the purpose and context of the organization and supports its strategic direction.
For more information, see: Aligning quality objectives of the QMS with the strategic direction of the company https://advisera.com/9001academy/blog/2017/03/07/aligning-quality-objectives-of-the-qms-with-the-strategic-direction-of-the-company/ -
Process validation in IATF 16949:2016
Answer:
New version of IATF 16949:2016 does not have separate section dedicated to production process validation and it does not have any additional requirements for validation other the requirements of ISO 9001:2015 and that is the organization must perform "the validation, and periodic revalidation, of the ability to achieve planned results of the processes for production and service provision, where the resulting output cannot be verified by subsequent
monitoring or measurement" -
Requirements for documented procedures in ISO 9001:2015
Answer:
There is no explicit requirement in ISO 9001:2015 to document procedures for any process. When it comes to requirements for documentation, the standard requires organization to:
a) maintain documented information to support the operation of its processes;
b) retain documented information to have confidence that the processes are being carried out as planned.
This means that he company can decide whether it needs a documented procedure, flowchart or any other document to ensure that the process is carried out as planned but it doesn't mean that you need documented procedure for any process in the QMS. The good rule of thumb when it comes on deciding whether the documented procedure is needed is to consider whether such procedure would prevent occurrence of nonconformities. If it does, then you should document a procedure, if not, then the docume nted procedure is redundant.
For more information, see: Deciding Which Procedures to Document in QMS https://advisera.com/9001academy/blog/2013/11/26/deciding-procedures-document-qms/ -
Design validation, verification and review
We are an architecture firm, we make design also and execution of the same for Interior fit out.
Design review from my angle is We need to collect all the customer requirements and review the same against the drawings and issue drawings to client for their review.
Once the review comes from client and all our doubts are clear we go for
Design Verification - we need to Verify all the remarks and requirements of client, Specifications and after verification issue the Working drawings for execution
Design Validation – We check the execution with the specifications laid down by the client
Please give your remark on the above understanding.
Answer:
The purpose of the design review is to determine whether the final design is aligned with requirements of the customer or any other input requirements for the design. Customer requirements regarding the design should be reviewed prior to accepting to deliver the design and once the company a greed to deliver design according to customer requirements, those requirements become input for the design.
Design verification activities are conducted to ensure that the design and development outputs meet the input requirements. It can be done in different stages of the design project and it is an input for the design review.
Design validation is conducted to ensure that the resulting design meets the requirements for the specified application or intended use. Validation is for example, computer simulation or 3D view of the design or static calculation.
In simple terms, the validation should prove that the building wont collapse, before building has even started and verification demonstrates that the building that is already built is compliant with input requirements including customer requirements and legal requirements.
For more information, see: ISO 9001 Design Verification vs Design Validation https://advisera.com/9001academy/knowledgebase/iso9001-design-verification-vs-design-validation/