I am helping a company prepare for their upcoming audit, on the Audit Plan they have "Legal & Reg. Requirements Changes Review" listed. I can't find anything in the standard about this, Is this still required in 2015. I have yet to have this come up in any of my audits, Unless they're referring to engineering changes, contract review, etc.
Legal & Reg. Requirements - ISO9001:2015
- Thread starter GunLake
- Start date
Two questions found in an audit report that I recently reviewed might shed some light on this.
"Is there an effective process for identification of applicable statutory and regulatory requirements?"
"Are there any current projects or products that you observed during the audit where it was necessary for you to sample overall implementation/understanding of the applicable statutory and/or regulatory requirement? Please provide a summary."
It would appear to be based on 8,2,3,1 d where statutory and regulatory requirements need to be included in the gathering of requirements.
I'm not prepared to explain or defend it, just pointing out that the questions are out there.
"Is there an effective process for identification of applicable statutory and regulatory requirements?"
"Are there any current projects or products that you observed during the audit where it was necessary for you to sample overall implementation/understanding of the applicable statutory and/or regulatory requirement? Please provide a summary."
It would appear to be based on 8,2,3,1 d where statutory and regulatory requirements need to be included in the gathering of requirements.
I'm not prepared to explain or defend it, just pointing out that the questions are out there.
No, this would be more like if you're making something with electronics which would require a safety mark (e.g., UL), something with a radio which falls under FCC, and even if you're collecting data that might fall under the EU GDPR or California's data privacy law (CCPA).
Tagin
Trusted Information Resource
There are three things I can see potentially related to "Legal & Reg. Requirements Changes Review":
- Design changes (8.3) which trigger review of statutory & regulatory requirements affecting the product (8.1,8.2,8.3,8.4.2,8.5.5).
- Legal changes which occur that a) require some kind of monitoring to be aware of, and b) might trigger a design review (8.2).
- Legal changes which occur that a) require some kind of monitoring to be aware of, and b) might affect context of the organization (4.1 - external issues, 4.2 - need of other parties).
Compliance with PRODUCT-RELATED legal requirements is, obviously, an essential aspect of a quality system. The standard touches it in a few places such as in 0.1 a) & 8.2.2.a) 1).
For more guidance, click on the pic below.
melissa48152
Registered
Good afternoon. I received an IATF finding for not being able to demonstrate a system to manage S&R requirements. There is a lot of information about what S&R are but not how to discover them. I have asked many of my customers and they do not know to get them either. My auditor told me to ask our Customers' buyers. They do not know. Any ideas?
I suspect your auditor is over reaching. I strongly recommend that you read the auditing practices group publication on the topic that Sidney posted just before your post. It should give you a much better picture of the whole topic including how to audit it.
You should know what statuary and regulator issues you encounter in your business activities. Think through what they are, how you learn about them, and what you do to stay current with the requirements. The list is likely short and the method of managing each one may be different. It really isn't difficult.
You should know what statuary and regulator issues you encounter in your business activities. Think through what they are, how you learn about them, and what you do to stay current with the requirements. The list is likely short and the method of managing each one may be different. It really isn't difficult.
Is your organization design-responsible? If you are and your engineers don’t have a system to identify product related legal requirements, you have a major gap in your hands.
If you are not design-responsible and basically manufacture hardware against customer drawings and specifications, you might not need to know the applicable legal requirements for the product. Actually, it is possible that your customers don’t even want to tell you where the product will be marketed at.
Ron Rompen
Trusted Information Resource
Product legal and regulatory requirements are NOT the only ones you have to be concerned with, although these seem to be the ones that everyone focuses on.
Your management system also needs to address other requirements such as environmental and labour legislation. How do you ensure that you are aware of (as an example) the local requirements for sewage water discharge.
Don't restrict yourself only to Federal and Provincial/State requirements - you also need to consider municipal requirements as well.
Your management system also needs to address other requirements such as environmental and labour legislation. How do you ensure that you are aware of (as an example) the local requirements for sewage water discharge.
Don't restrict yourself only to Federal and Provincial/State requirements - you also need to consider municipal requirements as well.
Similar threads
