Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11268 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Questions during management review
Answer:
There re no questions to be asked, just topics that need to be examined. ISO 9001 defines inputs for management review and those include results from internal audit, changes in context of the organization, effects of actions taken to address risks and opportunities, customer feedback, etc.
Based on these inputs, top management must make decisions regarding opportunities for improvement, any needs for changes in the QMS and resources needs. All these are considered as a mandatory management review outputs.
For more information about management review, see:
- How to make Management Review more useful in the QMS https://advisera.com/9001academy/blog/2014/01/21/make-management-review-useful-qms/
- How to Make Management Review More Practical https://advisera.com/9001academy/blog/2013/12/10/make-management-review-practical/ -
Evidencing nonconformity
Answer:
Nonconformity is when a certain requirement haven't been meet. In order to get enough evidence to report the nonconformity, you need to identify the product, service or activity that is nonconforming and also requirement or a procedure to which the product, service or activity is not conforming to.
Evidence of reporting nonconformity would be a Nonconformity Record that would include where the nonconformity occurred, where it was discovered, who discovered it and so on. The standard requires organization to document nature of the nonconformity and subsequent actions taken.
Here is one article that might be interesting to you:
- Dealing with nonconformities from the ISO 14001:2015 certification audit https://advisera.com/14001academy/blog/2015/11/02/dealing-with-nonconformities-from-the-iso-140012015-certification-audit/ -
Identification of risks caused by third parties
Answer: The most common threats are loss of data, unauthorized access to the data, loss of availability, etc. The most common vulnerabilities are lack of backup, lack of access control, lack of alternative providers, etc.
Here you'll find a short list of threats and vulnerabilities: https://advisera.com/27001academy/knowledgebase/threats-vulnerabilities/
And here is a case study that might interest you: ISO 27001 Case study for data centers: An interview with Goran Djoreski https://advisera.com/27001academy/blog/2013/10/29/iso-27001-case-study-for-data-centers-an-interview-with-goran-djoreski/ -
Excluding clause 7.2 from ISO 9001:2008
Answer:
Clause 7.2 is rarely excluded since it prescribes requirements for customer-related products. It includes determination of requirements related to product or service, review of those requirements and communication with the customers. Some requirements form this clause can be excluded in case of catalogue sales, TV shops, etc. when you do not take customer inputs to make the product and your sales is arranged in a strict way that you do not need to conduct review of requirements related to the product. But the clause 7.2.3 cannot be excluded.
For more information, see: What is an acceptable exclusion in Clause 7 of ISO 9001? https://advisera.com/9001academy/blog/2015/03/24/what-is-an-acceptable-exclusion-in-clause-7-of-iso-9001/ -
New environmental aspects and objectives
Answer:
New environmental objectives related to newly emerging environmental aspect can be established right after the assessment or you can wait for the management review and establish them then. Establishment of the objectives is not conditioned by the certification audit, neither you have to establish objective for each significant environmental aspects. All you need to do is to establish operational control over significant environmental aspects.
For more information, see: How to Use Good Environmental Objectives https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/how-to-use-good-environmental-objectives/ -
ISO 17065:2012 requirements
Are all the requirements given in Clause 4.2 of ISO/IEC 17065:2012 and the following being applied?
Are all the requirements given in Clause 4.3 of ISO/IEC 17065:2012 being applied?
.... can you help us to understand that ?
Answer: ISO 17065 is a standard that defines requirements for for bodies certifying products, processes and services. Clause 4.2 is referring to Management of impartiality and clause 4.3 is covering requirements about Liability and financing. First step would be to get familiar with these requirements and than to implement them in yoour organization. You can find the standard at ISO website https://www.iso.org/iso/catalogue_detail?csnumber=46568 or at you local standardization institution. -
Internal/external issues
Thank you -
Content of the Management review
Answer:
The purpose of the management review is to assess performance of QMS and make decisions to achieve continual improvement. The standard requires several inputs for the management review and these inputs should provide you with enough information to provide outputs that are also prescribed by the standard. You can have some additional inputs and outputs if you like, but the standard requirements represent the minimum. The content of the meeting can be presented through the presentation but there must be some records about the meeting afterwards since it is a requirement of the standard. For more information, see: How to make Management Review more useful in the QMS http ://advisera.com/9001academy/blog/2014/01/21/make-management-review-useful-qms/
Here you can see a free preview of our Management Review Minutes https://advisera.com/9001academy/documentation/management-review-minutes/ -
procedure for Identification of Requirements
Thank you -
Relationship between ISO 27001:2013 and ISO 27003
Thank you Dejan