Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11272 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Where to start with the transition
FYI in my company, there are 30 procedure adopt by 9001:2008 version, for all procedure WI and etc.have we to change it?
And can you describe to me, the responsibility for MR in 2015 version? Have we show his sign for all procedure for evidence that he approve the procedure?
Answer:
The best way to start the transition (transition is when you have implemented one version of the standard and you need to adapt your system to new version of the standard) is to get familiar with the requirements of 2015 version of ISO 9001 and audit your system against the new version to determine to what level your existing system is compliant with the standard and what needs to be done to achieve full compliance. For more information about the transition steps, see: How to make the transition from ISO 9001:2008 revision to the 2015 revision https://advisera.com/9001academy/blog/2015/10/06/how-to-make-the-transition-from-iso-90012008-revision-to-the-2015-revision/
You do not have to change all procedures, but they all need to be reviewed to determine what needs to be changed, some will suffer more changes than others but the transition doesn't mean that you need to change your entire documentation. To learn more about requirements regarding the QMS documentation, see: New approach to document and record control in ISO 9001:2015 https://advisera.com/9001academy/blog/2015/06/30/new-approach-to-document-and-record-control-in-iso-90012015/
MR is no longer a mandatory role in QMS, sou you can choose to keep it as a role and in that case nothing changes or you can spread his or her responsibilities across process owners in the company. For more information, see: What will be the destiny of the management representative in the new ISO 9001:2015? https://advisera.com/9001academy/knowledgebase/what-will-be-the-destiny-of-the-management-representative-in-the-new-iso-90012015/ -
Content of a manual
Answer:
What you call a manual is usually refereed as a procedure. There are no explicit requirements regarding the content or style but there are some usual elements that procedures contain. There is usually a section about purpose, scope and users of the procedure, reference documents and records to be used based on the procedure. Beside these elements the procedure contains descriptions of the activities included in the process as well as responsibilities. If you want to find out more about writing a QMS procedure, see: 7 steps in writing QMS policies and procedures for ISO 9001 https://advisera.com/9001academy/blog/2015/03/10/7-steps-in-writing-qms-policies-and-procedures-for-iso-9001/
Human resource procedure will include, beside above mentioned elements, description on how your company identifies needs for competence and how it plans and conducts training in order to achieve these competence requirements as well as responsibiliti es and records used in the process. To learn more about ISO 9001 requirements regarding human resources, see: How to ensure competence and awareness in ISO 9001:2015 https://advisera.com/9001academy/knowledgebase/how-to-ensure-competence-and-awareness-in-iso-90012015/ -
Change window
- is it Change implementation + Back Out + Validation and Testing
- or Pre Implementation + change Implementation + Back Out + validation testing
- or change Planning + pre Implementation + change Implementation + Back Out + validation testing
The answer:
Change window is agreed time when changes i.e. releases may be implemented. Guiding idea is to make minimal impact on services i.e. that's how change window should be planned. This means that change window will encompass change implementation. Back-out procedure should be in scope of change window in a way that you define threshold until you invoke back-out procedure. For example, if your change window is 4 hours, you can define that back-out procedure will be activated after 3 hours have passed. Of course, if 1 hour is enough for back-out procedure.
Following articles will give good overview of Change Management:
- How to measure Change Management efficiency according to ITIL https://advisera.com/20000academy/blog/2016/10/11/how-to-measure-change-mana gement-efficiency-according-to-itil/
- ITIL V3 Change Management – at the heart of Service Management https://advisera.com/20000academy/knowledgebase/itil-v3-change-management-at-the-heart-of-service-management/
- Elements of Change Management in ITIL https://advisera.com/20000academy/blog/2013/04/23/elements-change-management-itil/ -
Cost of the certification audit; managing ISO documents
Answer: This cost depends primarily on (1) size of the audited company and (2) local price of the auditor. Size of the company is determined through number of employees, so for a company of 50 employees, for ISO 27001 certification audit around 8 man/days will be needed for the audit. The price of man/day differs from country to country, this is something you should ask locally.
Read also: How to choose a certification body https://advisera.com/blog/2021/01/11/how-to-choose-an-iso-certification-body/
2.Is there any automated system in place to manage the ISO documents and make sure they are up-to-date?
Sure, you can use Conformio, our online ISO tool: https://advisera.com/conformio/ -
Questions during management review
Answer:
There re no questions to be asked, just topics that need to be examined. ISO 9001 defines inputs for management review and those include results from internal audit, changes in context of the organization, effects of actions taken to address risks and opportunities, customer feedback, etc.
Based on these inputs, top management must make decisions regarding opportunities for improvement, any needs for changes in the QMS and resources needs. All these are considered as a mandatory management review outputs.
For more information about management review, see:
- How to make Management Review more useful in the QMS https://advisera.com/9001academy/blog/2014/01/21/make-management-review-useful-qms/
- How to Make Management Review More Practical https://advisera.com/9001academy/blog/2013/12/10/make-management-review-practical/ -
Evidencing nonconformity
Answer:
Nonconformity is when a certain requirement haven't been meet. In order to get enough evidence to report the nonconformity, you need to identify the product, service or activity that is nonconforming and also requirement or a procedure to which the product, service or activity is not conforming to.
Evidence of reporting nonconformity would be a Nonconformity Record that would include where the nonconformity occurred, where it was discovered, who discovered it and so on. The standard requires organization to document nature of the nonconformity and subsequent actions taken.
Here is one article that might be interesting to you:
- Dealing with nonconformities from the ISO 14001:2015 certification audit https://advisera.com/14001academy/blog/2015/11/02/dealing-with-nonconformities-from-the-iso-140012015-certification-audit/ -
Identification of risks caused by third parties
Answer: The most common threats are loss of data, unauthorized access to the data, loss of availability, etc. The most common vulnerabilities are lack of backup, lack of access control, lack of alternative providers, etc.
Here you'll find a short list of threats and vulnerabilities: https://advisera.com/27001academy/knowledgebase/threats-vulnerabilities/
And here is a case study that might interest you: ISO 27001 Case study for data centers: An interview with Goran Djoreski https://advisera.com/27001academy/blog/2013/10/29/iso-27001-case-study-for-data-centers-an-interview-with-goran-djoreski/ -
Excluding clause 7.2 from ISO 9001:2008
Answer:
Clause 7.2 is rarely excluded since it prescribes requirements for customer-related products. It includes determination of requirements related to product or service, review of those requirements and communication with the customers. Some requirements form this clause can be excluded in case of catalogue sales, TV shops, etc. when you do not take customer inputs to make the product and your sales is arranged in a strict way that you do not need to conduct review of requirements related to the product. But the clause 7.2.3 cannot be excluded.
For more information, see: What is an acceptable exclusion in Clause 7 of ISO 9001? https://advisera.com/9001academy/blog/2015/03/24/what-is-an-acceptable-exclusion-in-clause-7-of-iso-9001/ -
New environmental aspects and objectives
Answer:
New environmental objectives related to newly emerging environmental aspect can be established right after the assessment or you can wait for the management review and establish them then. Establishment of the objectives is not conditioned by the certification audit, neither you have to establish objective for each significant environmental aspects. All you need to do is to establish operational control over significant environmental aspects.
For more information, see: How to Use Good Environmental Objectives https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/how-to-use-good-environmental-objectives/ -
ISO 17065:2012 requirements
Are all the requirements given in Clause 4.2 of ISO/IEC 17065:2012 and the following being applied?
Are all the requirements given in Clause 4.3 of ISO/IEC 17065:2012 being applied?
.... can you help us to understand that ?
Answer: ISO 17065 is a standard that defines requirements for for bodies certifying products, processes and services. Clause 4.2 is referring to Management of impartiality and clause 4.3 is covering requirements about Liability and financing. First step would be to get familiar with these requirements and than to implement them in yoour organization. You can find the standard at ISO website https://www.iso.org/iso/catalogue_detail?csnumber=46568 or at you local standardization institution.