C
clwelker
Is a listing of the regulations applicable to a company required in ISO 9001?
If no, how do you show you are aware of the ones that apply to the company?
If no, how do you show you are aware of the ones that apply to the company?
Is a listing of the regulations applicable to a company required by ISO 9001?
Wes Bucey
Prophet of Profit
The typical method is to have a Procedure which describes what the organization does to assure itself it is up to date on Regulations. Auditors do not audit to see whether the organization is, in fact, up to date, ONLY to see there is a process in place for the organization to do that and to periodically review whether the process is keeping them up to date.
Government regulators, on the other hand (having nothing to do with ISO 9001:2000) WILL be checking to see the organization is adhering to regulations, regardless of the method or process the organization uses to achieve that compliance.
Government regulators, on the other hand (having nothing to do with ISO 9001:2000) WILL be checking to see the organization is adhering to regulations, regardless of the method or process the organization uses to achieve that compliance.
C
clwelker
That makes it easy - for ISO purposes. Thanks for the detailed answer
You do not need a formal document or listing of these requirements, but you will need to demonstrate that they have been identified during the identification of product related requirements a.k.a. design inputs. If these are always the same, you could define them in design guidelines or a similar document. If they vary, but from a specific subset of standards, you could add them as selectable items in a checklist. However, there is no specific method.
An auditor would probably review your return history or design review records for evidence that this was not effectively done. They could also find such requirements through customer prints, PO's, product labels with regulatory logos, or auditor knowledge about regulated industries/products.
An auditor would probably review your return history or design review records for evidence that this was not effectively done. They could also find such requirements through customer prints, PO's, product labels with regulatory logos, or auditor knowledge about regulated industries/products.
B
begum
listing of the regulations
I am working for a university. We have identified. listed and have readily available copies of all regulations / government circulars that apply to public universities.
We were told (by other univerisites that have got certification) that the registrars may ask us to show evidence that we are aware of the regulations that concern our organisation.
Begum Ibrahim (Ms.)
Malaysia
clwelker said:
I am working for a university. We have identified. listed and have readily available copies of all regulations / government circulars that apply to public universities.
We were told (by other univerisites that have got certification) that the registrars may ask us to show evidence that we are aware of the regulations that concern our organisation.
Begum Ibrahim (Ms.)
Malaysia
Last edited by a moderator:
Wes Bucey
Prophet of Profit
Who told you this? Did you confirm this with the Registrar? Did they cite the "shall" in the Standard which confirms their interpretation?begum said:
Probably the most encompassing clause in the Standard is
My interpretation is the organization is responsible for the review for adequacy, not the auditor. The auditor's job is to see the auditee has a process for learning the regulations applicable to its business and for reviewing that process of learning to see that it is adequate.
Only a regulator's representative has the [second party] authority to determine whether the organization's adherence to the regulations is "adequate," NOT the third party auditor. Similarly, only the customer's representative has the authority to determine whether an organization is conforming to the customer requirements. If there are third party auditors making a determination of whether an auditee is conforming to government OR customer regulations and requirements, that auditor is overstepping the scope of a third party audit to the Standard.
Claes Gefvenberg
Admin
As methods go... We are quite happy with ours. Having specified what we do and how, we left the data to an external specialist (This is their business idea). They now provide us with information every time laws and regulations appliying to our operation (also environment and H&S) are issued or updated. It is then up to us to decide if and how we need to act.Miner said:
/Claes
Douglas E. Purdy
Quite Involved in Discussions
Wes,
You pointed out PAR 7.3.2, but what about Management Commitment 5.1 "a) communicating to the organization the importance of meeting customer as well as statutory and regulatory requirements."? Here we only have to communicate the importance of meeting these requirements. Do we have to have a procedure or some objective evidence to prove that we are meeting theses requirements?
Doug
You pointed out PAR 7.3.2, but what about Management Commitment 5.1 "a) communicating to the organization the importance of meeting customer as well as statutory and regulatory requirements."? Here we only have to communicate the importance of meeting these requirements. Do we have to have a procedure or some objective evidence to prove that we are meeting theses requirements?
Doug
A
Aaron Lupo
My thoughts on this topic.On one hand in many places on this forum people have berated CB’s and NB’s, stating that the auditors do not add any value to the companies Quality/Business Management System. Now here is the perfect opportunity where they can help/add value and yet you say that the auditor has no “authority” to determine if the organization is meeting statutory/regulatory requirements for their specific industry. When I read the Standard the introduction states:
“This International Standard can be used by internal and external parties, including certification bodies, to assess the organization's ability to meet customer, regulatory and the organization's own requirements.”
And in section 1 the scope it states: “This International Standard specifies requirements for a quality management system where an organization
a) needs to demonstrate its ability to consistently provide product that meets customer and applicable regulatory requirements,”
Yes, the CB/NB can make sure they have a process for learning the regulatory requirements but how can the organizations CB/NB truly be doing their job if they do not assess whether or not the organization is meeting the applicable regulatory requirements for their industry? Remember there are quite a few NB/CB auditors that have vast knowledge in specific industries and there maybe some things the organization has over looked.
JMHO
“This International Standard can be used by internal and external parties, including certification bodies, to assess the organization's ability to meet customer, regulatory and the organization's own requirements.”
And in section 1 the scope it states: “This International Standard specifies requirements for a quality management system where an organization
a) needs to demonstrate its ability to consistently provide product that meets customer and applicable regulatory requirements,”
Yes, the CB/NB can make sure they have a process for learning the regulatory requirements but how can the organizations CB/NB truly be doing their job if they do not assess whether or not the organization is meeting the applicable regulatory requirements for their industry? Remember there are quite a few NB/CB auditors that have vast knowledge in specific industries and there maybe some things the organization has over looked.
JMHO
I'm with Wes on this one. The requirement is to have a process, and the process also involves document control--having the current (or contractually relevant) editions of standards, e.g., and a process for keeping them current. Is it possible for a process to meet the letter and intent of the standard and produce nonconforming output? Of course it is. If registrars' auditor start looking for regulatory compliance, what's next, inspecting parts on the dock?Aaron Lupo said:
Similar threads
