SBS - The best value in QMS software

Customer Property Cl. 7.5.4 - Where does ISO 9001 stop and ISO 27001 start?

Jim Wynne

Staff member
Admin
#11
Re: 7.5.4 Customer Property

As write, we are currently undergoing our anual internal audit - as always our external auditor has has made links between the protection of customer data (documents and records containing names and addresses) being classed as customer property. Other than basic controls of visitors, access to areas of data processing and processes and policies controling the retention and destruction of company documents and records - with no evidence that these controls have failed under 7.5.4 where does ISO 9001 stop and ISO 27001 start.
We're being audited against the 9001 standard and our own internal procedures, we're not yet 27001 registered.
Are you saying that your CB auditor has identified a problem with your control of customer property? Was there a nonconformity (a written NC statement)? If so, could you reproduce it here, verbatim? What is the auditor asking for?
 
Elsmar Forum Sponsor
L

lamorenita_QA

#12
Hi I would like to add another question to this topic, ISO 13485 7.5.4 contains a note stating "Customer property can include intellectual property or confidential health information". Can someone define "confidential health information" or provide examples? could this be a reference to patient records?
 

somashekar

Staff member
Super Moderator
#13
Hi I would like to add another question to this topic, ISO 13485 7.5.4 contains a note stating "Customer property can include intellectual property or confidential health information". Can someone define "confidential health information" or provide examples? could this be a reference to patient records?
Hii and welcome here.
In a way what you say is correct. Clinical trials report could be a confidential health information that can be treated as a customer property in ISO 13485 QMS, when shared by a customer with his supplier
 
G

glenn0004

#17
Re: 7.5.4 Customer Property

Now that we have received the written NC - our external auditor has written the NC towards the method that company documentation is transported to our archiving department (at one of our divisional branches, not at our head office) not to the extent of protection offered in branch - documents are transported either by registered post or in bulk via company vehicle from our head office to the branch where archiving is completed...he has noted that there is a risk here in respect of the protection of customer property (data).
 
Last edited by a moderator:

somashekar

Staff member
Super Moderator
#18
Re: 7.5.4 Customer Property

Now that we have received the written NC - our external auditor has written the NC towards the method that company documentation is transported to our archiving department (at one of our divisional branches, not at our head office) not to the extent of protection offered in branch - documents are transported either by registered post or in bulk via company vehicle from our head office to the branch where archiving is completed...he has noted that there is a risk here in respect of the protection of customer property (data).
I am sorry and surprised if it is a NC. His noticing of a risk is not a basis. At best he can recommend as an improvement aspect if he sees a risk.
 

qusys

Trusted Information Resource
#19
Re: 7.5.4 Customer Property

Now that we have received the written NC - our external auditor has written the NC towards the method that company documentation is transported to our archiving department (at one of our divisional branches, not at our head office) not to the extent of protection offered in branch - documents are transported either by registered post or in bulk via company vehicle from our head office to the branch where archiving is completed...he has noted that there is a risk here in respect of the protection of customer property (data).
I believe that the auditor wrote a NC in the future...:tg:
What was the evidence that violeted the clause?
Do you have an internal procedure that say something for this activity and he revealed a non conformity vs those documented practices?
For example, use envelope closed with glue and signed off by a responsible and he noted some envelopes that were open ????
Pls, let us know verbatim the NC and evidence collected.
This NC could be appealed:bigwave:
 
G

glenn0004

#20
Re: 7.5.4 Customer Property

Thanks for all for your inputs.. the NC reads:
Noted "XXXX", head of archiving department, (anecdotal) receives papaer documents from head office (Lincoln), transposrts them by car to archiving department. (Manchester), then scans, then shreds...potential loss of documents containing customer data.
The scanning and shreding is a documented process - the auditor asked for a risk assesment relating to the transportation of documents. This is somthing that we could not provide..hence my original where does 9001 stop and 27001 start. A risk assesment for me would be more 27001 than 9001.

In the end we have accepted the NC with an action of implimenting document classification (planned as part of 27001 implementation) that will cover distribution and transportation of documents and records.
 
Thread starter Similar threads Forum Replies Date
lanley liao Does the customer`s trademark belong to customer-supplied property? Oil and Gas Industry Standards and Regulations 2
C What falls under the 'Customer Property' according to ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 10
S Customer Property - If at all the customer return the product ISO 13485:2016 - Medical Device Quality Management Systems 2
M Damaged Customer Property - ISO 13485:2016 Clause 7.5.10 ISO 13485:2016 - Medical Device Quality Management Systems 7
A Identification of Customer Property: Customer-Supplied Thumb Drives & Ext Hard Drives ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
M Receiving Inspection of Customer Owner Property IATF 16949 - Automotive Quality Systems Standard 5
E Owns Customer Property but No Product Integration ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
Uriel Alejandro 7.5.4 Customer Property in a Repair Station AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 7
S ISO 9001 Clause 7.5.4 - Damaged or Lost Customer Property Record ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
E ISO 9001 - 7.5.4 Customer Property - Services (e.g.: Training) on Rental Property ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
M Does anyone have an example Customer Property Procedure AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 11
B Customer Property Exclusion as it applies to Personal Data ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
C Identification of Customer Property - Requirements ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
P Is a Drawing (Print) Customer Intellectual Property? ISO 13485:2016 - Medical Device Quality Management Systems 16
L Customer Property Checklist example wanted ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
somashekar FDA cGMP on Feedback, Advisory Notice and Customer Property 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
C Customer Property Log example wanted ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
E How Do You VERIFY Customer Property? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 13
D Customer Property Identification Requirement - ISO 9001 Clause 7.5.4 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 77
Q Customer Property Tools - par. 7.5.4.1 - Electronic identification of a certain tool IATF 16949 - Automotive Quality Systems Standard 6
J Customer Property ISO 9001:2008 Clause 7.5.4 - Does this include E-mails? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
P Supplier's Property - Does 7.5.4 Customer property apply to supplier's property ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 15
N Customer Property Logs - Tracking customer property, specifically production tooling IATF 16949 - Automotive Quality Systems Standard 5
B What is Customer Owned Property for moulds and spare parts factory ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
T Notification of lost/damaged Customer Property - Customer Requirement ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
B Customer Property - The best way to inspect MLO and what acceptance criteria AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
D TS 16949 Clause 7.5.4 Customer Property, Intellectual Property requirements IATF 16949 - Automotive Quality Systems Standard 5
M 7.5.4 Customer Property - ISO 9001:2008 Intellectual Property ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 13
D Can I exclude Customer Property? ISO 9001 Clause 7.5.4 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 36
D Clarification on "Customer Property" - TS 16949 Clause 7.5.4 IATF 16949 - Automotive Quality Systems Standard 4
6 Customer Property documentation (Audit Finding) - Clause 7.5.4 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
H Can the documents supplied by the client categorised as customer property?? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
H What can be customer supplied properties (property) for the software industry? Software Quality Assurance 18
K Customer Property - Notifying Customers ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
D Purchase Order and its relationship with customer property ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
D Absence Of Any Form Of Customer Property ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 12
K Identifying production dies to satisfy the 7.5.4 Customer Property clause ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
H Not having a form for Customer Property Damage - ISO 9001 Clause 7.5 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 24
P Customer Supplied Property - System breakdowns at every level including sales ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
A How is Customer Property defined by TS 16949? IATF 16949 - Automotive Quality Systems Standard 4
G 7.5.4 Customer Property (Shipping Containers) IATF 16949 - Automotive Quality Systems Standard 2
K Defining Customer Property - Specifications, templates, patterns from customers ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 12
T Customer Property ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
Claes Gefvenberg Customer Property - 7.5.4 (intellectual property) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
P Customer Property - 7.5.4 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
D Suggestions for Ishikawa for hyperdetailed customer - plastic molding automotive parts Nonconformance and Corrective Action 9
J WAIVED ON Q1 - We Don't have to comply with FORDS customer specific requirements IATF 16949 - Automotive Quality Systems Standard 2
A Customer Approval (Medical Devices) Document Control Systems, Procedures, Forms and Templates 4
M Reduce occurrence rating based on the PMS data and customer complaint data ISO 14971 - Medical Device Risk Management 2
M IATF16949 Clause 9.1.2.1e - Customer notification related IATF 16949 - Automotive Quality Systems Standard 4

Similar threads

Top Bottom