Returning customers: To access ISO tools that you have previously purchased, click here to login.
|
User Login
Login to access CASRO
product downloads
|
|
Preparing for the ISO 26362 Audit
A Simple Overview for Implementing ISO 26362:
Step 2: Appoint or assign a Quality Manager or Team. expand
- A company needs to appoint a quality manager/representative to achieve certification. The role could be absorbed into the existing organizational framework or could be shared between several existing roles.
- The role or roles should include representation from both a project management perspective AND an information technology representative for panel management and recruitment of panel members.
|
Step 3: Read the ISO standard(s). Wherever the Standard states 'shall', there is a requirement to be met. Locate and highlight the 'shalls' to determine what the requirements are. Discuss with your IT Department and project management staff to determine what is required and what is currently in place.
Step 4: The development of the software system to manage the panel is the next critical step. expand
- Read the requirements in ISO 26362 to ensure your panel complies with the Standard.
- The CASRO website offers support documentation in relation to panel structure and general capability requirements. CASRO can also provide a list of consultants for advice and support as necessary.
- If you have an existing panel, audit the panel capability against the Standard to ensure it will comply and have complied for a minimum of three months.
|
Step 5: Recruit panel members. expand
- Be aware of the recruitment and panel maintenance requirements of panel membership.
- Be careful to ensure that the source of panel membership can be traced and history of each panel member is transparent and traceable.
- The CASRO website offers support documentation in relation to recruitment and panel management.
|
Step 6: Identify both gaps between requirements of the standard(s) and the existing practices.
Step 7: ISO 26362 will identify mandatory requirements using the word 'shall'. Identify what is required and where there are gaps. Determine who and how the gaps will be filled. expand
- Identify areas where significant changes would be required to meet the whole standard.
- Develop a work program and timetable needed to achieve certification.
- Identify division of work among staff/departments.
- If a documented quality system does not exist, begin development of a Quality Manual or Procedure Manual.
- Check CASRO for ISO research tools to support this work, if necessary.
|
Step 8: General Principles for inclusion in a Quality Manual: expand
- The quality manual is the top level document and should state the overall activities of the business and the quality system in relation to the services provided by the company.
- Section 3 of ISO 20252 is the quality management system framework and must be addressed within the system. This section also applies to ISO 26362 as defined in its Section 4.2.
- Section 4.1 and Sections 4.3 - 4.8 of ISO 26362 describe the components of establishing and managing an access panel. Throughout ISO 26362 there are numerous references to sections in ISO 20252 that also apply
- Keep documentation succinct - less is best.
|
Step 9: General Principles for developing support procedures: expand
- Procedures should then support the quality manual and be specific to process and activities of the business aligned to service delivery functions only. Make an assumption that staff will be trained and are competent, therefore processes need to be activity based rather than instructional based - procedures are not an instruction manual. i.e. procedures should be based on knowledge of the industry and reflect the series of activities undertaken to achieve an end point as compared to instructional material that is training/learning material.
- Each procedure or linked group of procedures not only specifies what is done but also assigns responsibilities; who, by title, does it.
- For most procedures or groups of them, the documented evidence (hard copy or more often computer record) of compliance is described. This becomes important when the system is audited. Most systems do not involve the creation of numerous forms. Much of the evidence will be in the form of or part of documents normally produced through research projects or other processes.
- It may be valuable to include an appendix to cross reference each clause of the appropriate standard to the procedures and quality manual. Although not essential, this serves two purposes. Firstly to ensure that the procedures do fully cover all relevant requirements of the standard(s) and, secondly, to make work easier for external auditors. Such cross referencing is needed because the procedures, as pointed out above, follow the sequence of operations rather than of the standard.
- Once finalized, procedures become a "controlled" document so that only one agreed version is followed at any one time.
|
Step 10: Implementing the System: expand
- Be sure staff is aware of components of the Quality Manual/System relevant to their position description.
- Either hold a series of meetings to inform/train staff or develop a slide show that is sent to each staff member who will be required to view and respond by email to identify that they understand the changes, accept them and agree to implement them.
- Appoint internal auditors to monitor and test the system through audits. Alternatively, have the quality manager or quality team create checklists that can be distributed to departments which cover terms of compliance. Departments can cross check one another's area. Most of this can be done electronically taking a no fuss approach.
- Where anomalies occur or processes need to change simply have the company internal auditors or department staff identify the problem. Then, the quality manager can oversee changes needed and compliance. Keep records to be used as internal audits in compliance with the standard.
- So that there is likely to be sufficient evidence of compliance, a minimum of three months between implementing a quality system and the first assessment is required. Three months is a standard expectation of records of compliance. Panels need to be in place and fully tested for a full cycle of panel operation prior to considering and external audit to ISO 26362. This includes the need to show panel membership periodic maintenance.
|
Step 11: Completion of Certification Forms: expand
- Complete an application for CIRQ Certification Services
- Once the system has been operational for it to be proven and the panel sufficiently tested, the company is now ready to complete the self-assessment form which they submit to CIRQ for pre-assessment.
- Based on the self-assessment form and documents submitted with it, the documented quality system will be reviewed and the company's readiness for audit will be evaluated and documented on the pre-assessment form.
- If it is determined by CIRQ that the company appears to be ready, an audit plan will be developed and the CIRQ audit will be initiated.
|
Step 12: On-site Audit: expand
- CIRQ requires the review of the panel by a technical expert [CIRQ provided] prior to or at the time of audit to ensure the software applications are sufficiently robust to meet the ISO 26362 requirements.
- CIRQ auditors will spend time at the client company's site seeking evidence of compliance with the standard. The assessment and certification specification set out a minimum input by auditors based on the size of the company and complexity of the panel and its activities.
|
How can a CASRO member purchase copies of these standards ?
|
