Iso System Plus User Manual

ISOSYSTEMPLUS
Version 14.3.................................................................................................................................................... 8 Version 14.2.................................................................................................................................................... 8 Version 14.1.................................................................................................................................................... 8
WHAT IS NEW?................................................................................................. 8
WHERE TO GET? ............................................................................................... 8 SOFTWARE VERSIONS ................................................................................... 8 HARDWARE REQUIREMENTS....................................................................... 8 SOFTWARE MODULES..................................................................................... 8 USERS OF APPLICATION............................................................................... 9 INSTALLING/CONFIGURING THE APPLICATION ................................ 9
Admins PC .................................................................................................................................................. 9 Server PC.................................................................................................................................................... 10 Users PC .................................................................................................................................................... 10
LAUNCHING APPLICATION ........................................................................ 10

Admins PC ................................................................................................................................................ 10 Demo-mode .................................................................................................................................................. 10 License mode................................................................................................................................................ 10 Users PCs .................................................................................................................................................. 10
GENERAL FUNCTIONS .................................................................................. 11

Modules ....................................................................................................................................................... 11 Adjustments ............................................................................................................................................. 11 Interface......................................................................................................................................................... 11 Database ........................................................................................................................................................ 11 Location .......................................................................................................................................................... 12 Directories ................................................................................................................................................. 12 Organization ................................................................................................................................................. 12 Users................................................................................................................................................................ 13 Counterparties ............................................................................................................................................. 15 Standards....................................................................................................................................................... 16 Utilities` ..................................................................................................................................................... 16 Uploading files.............................................................................................................................................. 16 Web-version.................................................................................................................................................. 16 Export to Excel............................................................................................................................................. 16 Internal Mail.................................................................................................................................................. 16
2
Auto-mailer ................................................................................................................................................... 16 Internet........................................................................................................................................................... 17 Checking for updates................................................................................................................................. 17 Help ............................................................................................................................................................... 17 Exit................................................................................................................................................................. 17 User Identification Field ................................................................................................................... 17 Adding/Editing/Deleting Records............................................................................................... 17 Adding records............................................................................................................................................. 17 Editing records ............................................................................................................................................. 18 Deleting records .......................................................................................................................................... 18 Monitoring of carrying out planned actions ...................................................................................... 18
DOCUMENTS .................................................................................................... 18
Settings ....................................................................................................................................................... 19 New ............................................................................................................................................................... 20 Adding a single new document record................................................................................................ 20 Several documents..................................................................................................................................... 23 Creating new file ......................................................................................................................................... 24 Uploading new file onto a server PC.................................................................................................... 24 WRAP-UP: ADDING NEW DOCUMENT IN THE DATABASE........................................................... 24 Copy .............................................................................................................................................................. 24 Delete ........................................................................................................................................................... 24 Send .............................................................................................................................................................. 25 File ................................................................................................................................................................. 25 Report .......................................................................................................................................................... 25 Other functions....................................................................................................................................... 25 Search ............................................................................................................................................................. 25 Document Management..................................................................................................................... 25 Analysis....................................................................................................................................................... 26 Chart settings............................................................................................................................................... 26 Types of charts ............................................................................................................................................ 26 Report.............................................................................................................................................................. 26
LETTERS (CORRESPONDENCE) ................................................................. 27

Settings ....................................................................................................................................................... 27 New ............................................................................................................................................................... 28 Adding new record ..................................................................................................................................... 28 Creating new file (letter) ......................................................................................................................... 29 Adding related record................................................................................................................................ 29 Delete ........................................................................................................................................................... 30
3
File ................................................................................................................................................................. 30 Report .......................................................................................................................................................... 30 Other general functions .................................................................................................................... 30 Search ............................................................................................................................................................. 30 Monitoring of carrying out actions planned ...................................................................................... 30 Correspondence management....................................................................................................... 30 Analysis....................................................................................................................................................... 30
PROCESSES ...................................................................................................... 31
Settings ....................................................................................................................................................... 31 New ............................................................................................................................................................... 32 Adding a Basic process ......................................................................................................................... 32 Adding a Complex process .................................................................................................................. 34 Flow-chart ................................................................................................................................................. 34 Links.............................................................................................................................................................. 35 Delete ........................................................................................................................................................... 35 Report .......................................................................................................................................................... 35 Other functions....................................................................................................................................... 35 Search ............................................................................................................................................................. 35 Process Management .......................................................................................................................... 35 Analysis....................................................................................................................................................... 35 Chart settings............................................................................................................................................... 35
TRAININGS ...................................................................................................... 36
Settings ....................................................................................................................................................... 36 Plan................................................................................................................................................................ 37 Training....................................................................................................................................................... 37 Monitoring of Execution of Planned Actions...................................................................................... 38 Training Management......................................................................................................................... 38 Analysis....................................................................................................................................................... 38 Chart settings............................................................................................................................................... 38
AUDITS .............................................................................................................. 39
Settings ....................................................................................................................................................... 39 Non-conformities................................................................................................................................... 40
4
New ............................................................................................................................................................... 40 Report/Plan.............................................................................................................................................. 41 Audit report................................................................................................................................................... 41 Action Plan..................................................................................................................................................... 41 Other functions....................................................................................................................................... 42 Search ............................................................................................................................................................. 42 Monitoring of execution of actions planned ...................................................................................... 43 Audit Management ............................................................................................................................... 43 Analysis....................................................................................................................................................... 43 Chart settings............................................................................................................................................... 43 Types of charts ............................................................................................................................................ 43
EQUIPMENT ..................................................................................................... 44
Settings ....................................................................................................................................................... 44 Class ................................................................................................................................................................ 44 Type ................................................................................................................................................................. 44 Equipment ..................................................................................................................................................... 44 Action .............................................................................................................................................................. 44 Period .............................................................................................................................................................. 45 Template of Code........................................................................................................................................ 45 New ............................................................................................................................................................... 45 Equipment ..................................................................................................................................................... 45 Location .......................................................................................................................................................... 45 Actions ............................................................................................................................................................ 45 Copy .............................................................................................................................................................. 46 Delete ........................................................................................................................................................... 46 Report .......................................................................................................................................................... 46 Other functions....................................................................................................................................... 46 Search ............................................................................................................................................................. 46 Monitoring of execution of actions planned ...................................................................................... 46 Equipment management................................................................................................................... 46 Analysis....................................................................................................................................................... 46 Chart settings............................................................................................................................................... 46 Types of charts ............................................................................................................................................ 46
REQUESTS (COMPLAINTS)......................................................................... 48
Approach to handle the complaint.............................................................................................. 48 Settings ....................................................................................................................................................... 49 Basics ........................................................................................................................................................... 50 New ............................................................................................................................................................... 50 Registration................................................................................................................................................... 50
5
Review............................................................................................................................................................. 51 Consultation .................................................................................................................................................. 52 Delete ........................................................................................................................................................... 52 Report .......................................................................................................................................................... 52 Monitoring of execution of actions planned .......................................................................... 52 Complaint management .................................................................................................................... 52 Analysis....................................................................................................................................................... 52 Chart settings............................................................................................................................................... 53 Types of charts ............................................................................................................................................ 53
NON-CONFORMITIES ................................................................................... 54
Settings ....................................................................................................................................................... 54 Database..................................................................................................................................................... 55 New ............................................................................................................................................................... 55 Source of non-conformity - Audits ................................................................................................... 55 Source of non-conformity is non-Audits......................................................................................... 55 Delete ........................................................................................................................................................... 56 Analysis....................................................................................................................................................... 56 Quantitative evaluation of a non-conformity ................................................................................... 56 Chart settings............................................................................................................................................... 56 Types of charts ............................................................................................................................................ 57 Report .......................................................................................................................................................... 57 Non-conformity management........................................................................................................ 57
Settings .......................................................................................................................................................... 58 Database ........................................................................................................................................................ 59 Basics .............................................................................................................................................................. 59 Analysis........................................................................................................................................................... 60 Review............................................................................................................................................................. 61 Report.............................................................................................................................................................. 61 Hazard Control ............................................................................................................................................. 61 Monitoring of fulfillment of actions planned ..................................................................................... 62
HAZARDS .......................................................................................................... 58
Settings .......................................................................................................................................................... 63 Database ........................................................................................................................................................ 63 Basics .............................................................................................................................................................. 63 Analysis........................................................................................................................................................... 65 Review............................................................................................................................................................. 66 Report.............................................................................................................................................................. 66 Hazard Control ............................................................................................................................................. 66 Monitoring of fulfillment of actions planned ..................................................................................... 67
6
ASPECTS............................................................................................................ 62
HACCP ................................................................................................................ 68
Settings ....................................................................................................................................................... 68 Database ........................................................................................................................................................ 68 PRP ................................................................................................................................................................ 69 Preparation ............................................................................................................................................... 69 Analysis....................................................................................................................................................... 71 Hazards identification................................................................................................................................ 72 Hazards assessment .................................................................................................................................. 72 Control measures........................................................................................................................................ 72 CCP................................................................................................................................................................. 73 Control ......................................................................................................................................................... 73 Review ......................................................................................................................................................... 74 Hazard Control ........................................................................................................................................ 75
Settings .......................................................................................................................................................... 75 Database ........................................................................................................................................................ 76 Basics .............................................................................................................................................................. 76 Analysis........................................................................................................................................................... 77 Review............................................................................................................................................................. 79 Report.............................................................................................................................................................. 79 Hazard management ................................................................................................................................. 79 Monitoring of fulfillment the actions planned................................................................................... 80
RISKS ................................................................................................................. 75
Settings .......................................................................................................................................................... 81 Database ........................................................................................................................................................ 81 Basics .............................................................................................................................................................. 81 Analysis........................................................................................................................................................... 82 Review............................................................................................................................................................. 84 Report.............................................................................................................................................................. 85 Threat management .................................................................................................................................. 85 Monitoring of fulfillment planned actions .......................................................................................... 85
THREATS ........................................................................................................... 80
ISOSYSTEMPLUS DEMO-MODE ............................................................. 86
What is new?
Version 14.3
The user of User class can now edit his/her password (Directories Users Change password) Editing of interface terms is possible (Adjustments Interface Edit) Bulk adding of several document records at once is implemented
Version 14.2
Module Aspects (control of environmental aspects and risk management per ISO 14001:2004 requirements) is added
Version 14.1
Function Start quick access to major applications features - is added Adding of hidden records in the database is implemented
Where to get?
File-installer of demo-version of the software (differences in functionality of demo- and license versions are presented here) can be downloaded from our site, the link is http://www.isosystemplus.com/install/eng/isosystemplus.zip File-installer of the license version of the software is obtained from the software provider after purchasing the license.
Software versions
ISOsystemPlus is developed in two versions: local network version and WEB-version. Further on local network version will be presented. To get familiarized with the WEB-version of the application please visit our site, the page http://www.isosystemplus.com/eng/Web.html . Server database file is common for both versions so users of local network version and WEBversion can be linked to and work with the same server database file.
Hardware requirements
All PCs (server, all users) IBM-compatible computer, Windows 2000 or higher OS, 30 MB free space
Software modules
ISOsystemPlus consists of ten modules (see below). Any number of modules (starting from 1 module) can be purchased. The configurations price is determined with the number of modules in the configuration. Documents Document & records control and management system. Correspondence Manage the "non-system" documents in your organization - letters, orders, requests, etc. Processes Implementation of the "process approach" requirement. Trainings Manage competency/training/development of personnel.
8
Audits Audits/corrective actions/preventive actions. Equipment Control/management of organization's equipment. Complaints Management and handling of customer complaints and requests. Non-conformities Registration/management of non-conformities, comparative analysis of non-conformities, quantitative evaluation the Management System's functional effectiveness, along with a chart representing the results of analysis. Hazards (OHSAS) Development of the OHSMS system (hazard identification, risk analysis and management) in accordance with OHSAS 18001:2007 (operational health and safety) requirements. Aspects (EMS) Development of EMS system (ecological aspects determination and classification, hazard identification, risk analysis and management) in accordance with ISO 14001:2004 requirements. HACCP Development of the food safety management system (hazard identification hazard analysis PRP/control measures application CCT determination CT/CCT control) in accordance with ISO 22000:2005 requirements Risks (ISO-MED) Development of the risk management system for medical devices in accordance with ISO 13485 and ISO 14971 standard requirements. Threats (ISMS) Development of the information security risk management system (ISMS) in accordance with ISO 27001:2005 standard requirements. One license of ISOsystemPlus allows installation and use of the program on unlimited No. of PCs - users workstations.
Users of application
There are three classes of users of ISOsystemPlus: Admin (the users belonging to this class will be referred to as Admin further on), User (referred to as User) and Out. The classes functions are described in Users chapter below.
Installing/configuring the application

The application should be installed/configured first on a PC which will be used as the Admins workstation, then on a server PC, then on users PCs. Installing/configuring the software in demo- and license modes is analogous.
Admins PC
Run the file-installer setup.exe Follow the prompts. Once the installation is accomplished, the following folders system is created: Main folder: \ISOsystemPlus\ contains the program files; Subfolder: \ISOsystemPlus\Docs\ contains files of documents Subfolder: \ISOsystemPlus\Docs\Templates\ contains files of templates of internal documents Subfolder: \ISOsystemPlus\Docs\Records\ contains files of filled records
9
Subfolder: \ISOsystemPlus\Docs\Letters\ contains files of correspondence Subfolder: \ISOsystemPlus\Server\ contains server database file server.isr Subfolder: \ISOsystemPlus\Help\ contains built-in help files
Server PC
Launch the application on Admins PC Save (Adjustments Database Save as) server database file to the databasededicated folder on the server PC (i.e.; l://isosystemplus/server/, where I: is the server PC drive). All users must have full access to the server PC folder where server database file is located (l://isosystemplus/server/ in the examples above). Create (sub)-folders for files of documents, documents templates, filled records and correspondence on a PC-server (the simplest way of doing it is to copy the folder C:\Program Files\isosystemplus\documents\ with all subfolders to the server PC working folder, e.g., l://isosystemplus/server/). All users (except the users authorized to enter records in the Documents module) should have Read only access to these (sub)-folders.
Users PC
Installing the application on a user PC is conducted exactly the same way as the installing the application on the Admins PC. One license of ISOsystemPlus allows installation and work with the program on unlimited No. of PCs - users working stations.
Launching application
Admins PC
Demo-mode
- Launch the application (Start All programs - ISOsystemPlus Start-up) - Select appropriate language - Press OK button
License mode
The instructions on how to enter the application in a license mode is sent to the customer after purchasing a license.
Users PCs
The first launch of the application on a Users PC should be done by Admin Launch the application Link (Adjustments Location Server database file) to the server database file saved on a server PC (defined as described above) Define (Adjustments Location) paths to folders with files of documents, documents templates, and filled records located on a server PC (defined as described above). Exit the application Start up the application the users working station interface is active Select the user from the drop-down users list (determined for each user by Admin in Users mode) Enter the password (determined for each user by Admin in Users mode) Press OK
10
Re-configuring the users workstation If a name/location of server database file or folders with documents/templates defined during the initial configuring of users working place is changed, corresponding paths to the file/folders should be re-defined on users PCs. Launch application on the users PC, enter it as a user-Admin. If the name/location of server database file is changed, re-browse the new location of the server database file on the PC-server in the Windows Explorer Browsing windows and links to it. Re-define (Adjustments Location) paths to folders with document/templates/records. Exit the program.
General Functions
Available at the top of the menu.
Modules
Drop down list of available modules.
Adjustments
Interface
Field chooser This function enables users to select the fields (columns) that will be displayed in the Main Form. The set of fields (columns) displayed is determined for each module. No. of records displayed Two options are available 100 and All. The 100 option is recommended for databases with a large number of records (documents, training details, etc.) to speed up response time when loading and displaying records. Available modules Modules that will be available in the users interface are defined here. This feature can be used to customize the users workstation interface. Edit User-Admin can modify interface terms as appropriate. The Search function helps the Admin to find the needed term quickly. Modified terms are stored in the server database file. Language Select the interface language. Font Select the interface font; MS Sans Serif is the default font. Restore initial settings This function is used to restore default interface initial settings (size of forms, font of the interface, etc.)
Database
Available in the Admins interface only. Auto Backup Back-up copy of the server database file. If this function is activated, a backup copy of the server database file is saved on an hourly basis. The first 8 copies are saved in a default subfolder \isosystemplus\bak\ (this folder can be changed in the Back-up copy folder menu item). The 9th back-up copy replaces the 1st one; the 10th copy replaces the 2nd one, etc.
11
Delete Not-reversible quick deleting of records from database. Delete the records from selected module(s) (documents, processes, audits, etc.) or delete all records from the database (except external standards records). Save as Save a copy of the server database under another name (or in a different location). Restore initial settings Available in license mode only. The license code entered in the database is deleted from the database, thus the server database file can be linked to from another Admins PC. Compress/restore database Reduces the server database file size. It is strongly recommended that only Admin would be linked to the database file while it's being compressed. A list of the users linked to the database can be found in the Directories Users Monitoring tab.
Location
Available in Admins interfaces only. Server database file Lists the location of the server database file that the program is linked to. Folder with documents Path to the folder containing the document files (\ISOsystemPlus\docs\ in the demodatabase). Folder with document templates Path to the folder containing the document template files (\ISOsystemPlus\docs\templates\ in the demo-database). Folder with filled records Path to the folder containing the filled record files (\ISOsystemPlus\docs\records\ in the demodatabase). Folder with correspondence Path to the folder containing the correspondence files (\ISOsystemPlus\docs\letters\ in the demo-database). Folder for uploading files Path to the folder (usually located on the server PC) to which users can upload document files. If the path to the folder is not set, then files cannot be uploaded to the server. This function is available to the Admin and users authorized to enter records in the Documents module. Display hidden records The function to display/conceal records in the Main forms of documents (correspondence, requests). Press Ctrl-A key sequence. The check-box Display hidden records appears Check the box Close the form. The check-box Hidden record is becoming available in Properties tab of the records of documents, correspondence and requests (please see the corresponding chapters below).
Directories
Available in all users interfaces.
Organization
12
Properties Basic information about the organization is entered (the organizations name, address, phone/fax/e-mail, etc.). The organizations name - ABC Limited in demo-mode - is presented in headers of all reports generated by the application; it can be changed in license mode. Currency The currency symbol (used in Equipment and Trainings modules) is entered here. Departments List of departments names of the organization. A mirror form of the analogous one in Users mode. Positions List of position names of the organization. A mirror form of the analogous one in Users mode. Cost center List of cost centers of the organization (code and comment). The cost centers will be used for cost control purposes in Trainings and Equipment modules. Report Report presenting allocation of costs over various cost centers for the defined period of time.
Users
Departments The department names of an organization are listed here. Each department is assigned either to the External or Internal class. Positions Names of positions of the organization are listed here. Groups Groups of users other than departments (e.g., Management, HACCP group, Internal Auditors, etc.) are listed in this tab. Useful options when group actions for documents are defined. Users Software users (internal ones, employees of the company) are listed in this tab. The following parameters are defined for each user: Class Application users can be assigned to any of the three classes: Admin, User or Out class. Admin Users of Admin class have full access to all database records (add/change/delete). User-Admin can assign other users to Admin/User class as well. There should be at least one user of Admin class in the database. User All other active users are assigned to the User class. Users of this class by default have Read only level of access to the database records. There are also a few differences in functionality between the Admin and User interfaces; they will be referred to in the corresponding chapters of this manual. User Those users which do not work any longer with the application are re-assigned to the Out class. These users are not presented in the user drop-down lists in the applications forms anymore although all their previous records remain unchanged. Department, Position The department the particular user belongs to, and the position occupied by the user is selected. Password The user's password to access the interface is defined here. Passwords should be unique.
13
E-mail Optional field. The e-mail address defined in this field will be used for different purposes sending e-mail messages to the users, informing them of new documents, scheduling audits, etc. Groups which users belong to Group(s) that the user belongs to is/are selected from the groups list. Assigning the user to particular group(s) speeds up, for example, distributing documents to several users at once, providing a new user with the access to several required documents, etc. Change password This feature is available for users belonging to User class. To change the password the user highlights its proprietary record in the Users table, presses the button Change password (that becomes accessible) and change his/her password. Insert Inserting several user records at once in the database using copy paste approach. The users names list can be copied into memory from another application (e.g., MS Excel, etc.) Ctrl-C and then inserted into the Users table (Insert or Ctrl-V). Report Generate a report that contains all information about the selected user. Authorization By default only Admin can add new records to the database. The Admin can authorize other user(s) to enter records in particular modules by double clicking the appropriate field in the Users Modules matrix and selecting Yes or No in the drop-down list. An authorized user can change/copy/delete only the records they created. An authorized user cannot change/copy/delete records created by other users. Records added by an authorized user are marked in the users interface with a bold blue color so the user can easily identify his or her records. Adjustments Admin determines which modes will be available for authorized user(s) by checking the appropriate boxes. Settings Authorized users can change records only in Settings modes of corresponding modules. New Authorized users can add records only in Main Forms of corresponding modules. All Authorized users have the Admins rights as for adding/editing/deleting records in the database (except editing/deleting records in the Main Forms added by other authorized users). Delayed actions Number of actions which each user failed to complete by planned date are listed in the tablematrix. Monitoring List of users that are currently connected to the database (users name, users PC network name, time of connection). Delete Delete the connection history for a particular user Report Generate a report containing full information about the user selected in the Users grid. Import To accelerate filling in the Users table list of users can be imported from -.csv file or pasted from memory (Copy Paste).
14
Export to Excel Export of users records into an Excel file. Settings Records parameters that will be exported are selected.
Counterparties
The mode can be used as a dedicated CRM-module to manage contacts with external counterparties. Class Tree of classes / sub-classes of counterparties names. Type List of types of counterparties Status List of statuses of counterparties. Class of contact List of classes of contacts with the counterparty (e.g., E-mail, Meeting, Fax, Call, etc.) Counterparties The major table contains a list of the organizations counterparties. Double clicking the counterparty record opens up a set of tabs - properties of the counterparty. Properties Number and code of the counterpartys record are defined automatically. Counterpartys class/type/status are selected from drop-down lists, a name, phone/fax/e-mail/site are inserted. Extended information about the counterparty is presented in other tabs of the mode. Departments List of departments of the counterpartys organization Positions List of positions of the counterpartys organization Employees List of employees of the counterpartys organization which might be contact points Contacts List of particular contacts planned/executed. If a contact is not executed by planned date the corresponding employees/counterpartys lines are marked with red. Documents List of documents which should be referred to the active counterparty. References The informational form contains list of records in other modules (Correspondence, Complains, Equipment) which refer to the counterparty. Export to Excel Export of counterparties records into an Excel file. Settings Records parameters that will be exported are selected. Report Generating two reports: 1. Counterparty a report presenting all information about the particular counterparty entered in the database. 2. Register of counterparties list of all counterparties entered in the database.
15
Paste To accelerate filling in the Counterparties table list of counterparties names can be pasted from other applications (Excel, -.csv file, etc.) using standard Copy-Paste procedure.
Standards
External standards whose requirements are addressed by the management system are listed. Records of any required standard can be added to the database (Copy Paste).
Utilities`
Uploading files
The function allows users to upload files they create to the server. Available to the Admin and users authorized to add records in the Documents module. The user browses for the file to upload and clicks Open the selected file is uploaded to the folder defined in Adjustments Location - Folder for uploading files.
Web-version
Visit the application site to order an on-line test of the WEB-version of the software.
Export to Excel
Modular export of database records into an Excel file. Settings Record parameters that will be exported are selected.
Internal Mail
The tool for instant exchange messages between users of the software connected to the database (no need for an external message agent). appears at the top part of the users If a new incoming message is received, an icon screen; double clicking the icon opens the Internal mail window to review the incoming messages and send messages to other users. Outgoing (messages). Add Message create outgoing message. Add Respond - cross-copying other users with the outgoing message Incoming (messages). Respond area putting down the respond to the incoming message thatt is displayed in the top grid. Users can review documents/files directly from the Internal mail form (buttons Document and File) Except of regular information exchange the Internal mail is used for: Informing users about actions with documents (e.g., release of new document, etc.) Documents Properties Actions/Revisions Send) Informing interested parties about actions with audits (Audits Properties Auditors/ Departments Send) For auto-informing users about delayed/overdue planned actions (Utilities Auto-mailer)
Auto-mailer
The function of informing users about delayed actions by means of automatic mailing messages to the users responsible for carrying out the actions planned. The function is available in users-Admin interface only.
16
Settings Type Determination of the Active mailer type. E-mail The message will be sent to users electronic adderesses determined in Directories Users table by a built-in e-mailer; there is no need to run any external e-mail agent (like MS Outlook, Outlook Express, etc.) Internal mail The message will be sent using application Internal mail utility. If no type of mailer is checked the function will be switched off. Identification Inserting data needed to perform e-mailing (SMTP-server address, login and password). Settings Number of days in advance (prior to the planned date of action) to send the notification to the responsible user. The default value is 0 it means that the notifying message will be composed at 00.00.01 in the day following the planned date of action. The message is sent if a user-Admin is linked to the database. Auto-mailer The table contains all information about notifying messages sent to users (date of sending, action delayed, etc.) User-Admin can make up a report containing the auto-mailing history, as well as delete the mailing records from the database for the defined period of time.
Internet
A user creates list of favorite sites that can be visited directly from the software.
Checking for updates

Check for the latest software update (Internet connection required).
Help
Interactive help.
Exit
Select from two options: shutting the application down or going to background mode (the application keeps monitoring planned actions and warning users if/when planned action(s) is/are overdue).
User Identification Field

The name of the user currently working with the software is displayed in this field. Admin can select a user from the drop-down list and enter the application in the selected users interface (e.g., to test its functionality, etc.).
Adding/Editing/Deleting Records
Adding records
Main Forms In Documents, Processes, Correspondence, Audits, Equipment, Complaints, and Non-conformities modules records are added by clicking the New button (located in the left vertical blue field of the screen).
17
Trainings and Threats module records in Main Window appear indirectly (see relevant chapters). Context menus containing the Add option are available in most of the windows by right clicking a record in the form. Internal (auxiliary) forms Add button (located in bottom part of each form). Records may be added to the database either by Admin or by authorized users.
Editing records
Option 1: Edit item in the context menu that appears by right clicking Option 2: F2 or Enter key for records in Main Forms Option 3: Double click the record Admin edits any record. An authorized user edits only those records that he/she added to the database.
Deleting records
Delete button in the vertical left field of the main window Delete menu item in the right-click context menu; Del keyboard key Adjustments Database Delete quickly deletes all records either from a selected module (e.g., all document or audit records, etc.) or all database records (except external standards). Admin can delete all records from the database. An authorized user can delete only the records he/she added.
Monitoring of carrying out planned actions

ISOsystemPlus continuously monitors whether planned actions (actions for documents, training, verification of corrective actions, closing complaints, etc.) are performed on time and warns users about overdue actions. The warning is displayed in two ways: 1. A blinking red message in the bottom left part of the display informing the user how many actions are overdue; clicking the message opens up a window containing a list of the overdue actions. 2. The background mode icon in the Windows tray changes from to if an action becomes overdue. Double clicking the icon opens a window listing all overdue actions.
Documents
The primary work area is called the Documents Main Form. Each record in the Main Form corresponds to one systems document. The Control menu (left vertical blue field) of the Main Form contains the following control buttons: Settings: New (add a new document record in the Main Form) Copy (quickly add several similar document records) Delete (delete a document record from the Main Form) Send (send an e-mail/internal mail message) File (reviewing a document file) Report (report on a document)
18
Each line in the Documents Main Form consists of several fields presenting information about a document: Records availability field Code Name Class Status Type Chapter Done? File presence of an icon in this field means that there is a file assigned to the document. Adjustments - Interface Field chooser Author a column with the name of the user who added the record in the database might be made visible in the Main Form Work in the Documents module begins by filling forms in the Settings section, followed by a direct document record entry in the Main Form.
Settings
Class Two fixed classes of documents are built in (Internal and External). Code A particular code is assigned for each class. The codes will be used in Template of code tab to determine the code of a record which will be generated while the new record of document is added into a database. Type Document types can be added; Teach type is assigned to a particular class. Validity Lifesoan of a particular type of document defined in months (basically this is the period of time upon expiring of which the document must be revised). This value is used for the Date of revision filtering procedure and in Revisions tab for monitoring the timeliness of revising documents. File-template File-templates are assigned to each type of internal document. The document template files should be located in a folder defined in the Adjustments Location Folder with filestemplates mode. These templates will be called when the file of a new internal document is composed. Type Record By selecting Yes for a particular line an internal document type (the type can be Record, Form, Blank, etc.) that falls under the definition of Record, given in Ch. 4.2.4, ISO 9001:2008 is defined. Documents of this type (filled records) should be managed in a particular way as required by the abovementioned Ch. 4.2.4; the software provides the opportunity to add and manage filled records in the database. New Calls the file-template to create a new internal document of the selected type. Code A particular code is assigned for each type. The codes will be used in Template of code tab to determine the code of a record which will be generated while the new record of document is added into a database. Status Documents statuses are listed in this tab.
19
Actions Names of actions with documents are listed. It is recommended that actions be listed by stage (e.g., first Drafted, then Agreed, Approved, etc.). Insert Right-click option to insert records in the table if necessary between records added earlier. No. of Days left.. Define X number of days for advanced warning to users about actions that will be overdue. Chapter Chapters of the document system of the organization are listed. Code A particular code is assigned for each chapter. The codes will be used in Template of code tab to determine the code of a record which will be generated while the new record of document is added into a database. Template Code If a template code is set for the field, the value will be displayed in Code field of a new document record being added to the database. Two types of template code could be selected: Fixed - a user inserts the permanent template of code in the field. Exactly this template will be displayed as Code of a new document being added. The generated code can be changed as necessary Structured the user can select codes of particular parameters (Class, Type, Chapter) and digital number which will be used as parts of the code of a newly added record. The generated code of the new document can not be changed. Auto increment If this field is checked the last digit in the code value will be increased by one when a new document record is added.
New
Adding either a single new document record to the database (New Document) or several document records (New Several documents), or creating a new internal document file (New File)
Adding a single new document record

Add a new document record in the Documents Main Form (database). Properties Documents code (unique value) and name are inserted. The document code is generated automatically is corresponding function is switched on. Class, type, status and chapter values are then selected from drop-down lists (filled out in Settings mode). If necessary a new parameter name can be inserted and confirmed by pressing Enter. File - browse the path to the document file; the file should be located in the folder defined in Adjustments Location Folder with documents mode. If such file is present, the appears in the Documents Main Form. documents with hyperlink file address are marked with the Available for all users If this field is checked all users can open the document record and review the corresponding file. These records are marked with the Done? This field may contain only three values: Yes, No or - and is filled automatically.
20
icon
Hyperlink file address can be typed in the File field instead of the file name. Records of such icon.
icon in the Documents Main Form in Admins interface.
Value - is displayed if no action records are listed in the Actions tab. Value Yes is displayed if all actions listed in the Actions tab are completed. Value No is displayed if at least one action listed in the Action tab is not completed (value No in Done? field of the action). If an action is a) not completed and b) overdue, the action record (in the Action tab) and the corresponding document record (in the Main Form) are marked in red color. Hidden record This function makes user-Admin to conceal document records in the Main Form if needed. To conceal the document record in the Main Form: Go to Adjustments Location mode Press Ctrl-A key sequence. The check-box Display hidden records appears Check the box Display hidden records Close the form Locations. Go to Documents module, open the document record, go to the tab Properties. The check-box Hidden record appears. Check the Hidden record box. Click OK. Go to Adjustments Location mode Press Ctrl-A key sequence. The check-box Display hidden records appears. Uncheck the box Display hidden records. Go to Documents module. The document record for which the Hidden record box is checked will not be displayed in Document Main Form until the check-box Display hidden records in Location form is checked.
Actions Add - Users action Action(s) that must be taken by a particular user (listed in Directories - Users mode) are selected; planned date to perform the actions is defined. If the action has already been carried out, the Yes value is selected in the "Done?" column; otherwise the No value remains in this field. The Yes/No checkmark may be changed by the Admin, or by the authorized user, or by the user responsible for carrying out the action. Add - Group action List of document actions that are required by a group of users (e.g., Directed, Distributed). This is a useful feature in the following situations: A document needs to be distributed to several users at once; A lot of documents need to be quickly distributed to one user (for example, a new user is added into the database). For this case the new user is assigned to a particular group (or groups) and all documents available to users of the group(s) will be available to the new user. Only the user(s) listed in the tab (either individual users or users - group members) will be able to open the documents record and/or call its file for review. For all other users the document record/file will not be accessible for review. Document records that are not available for review are marked with the interface. Adding filled records This tab is available only for internal Type Record documents. A user for which the field is checked will be able to add records of filled records in the Filled records tab. Monitoring of carrying out planned actions Imagine the following situation: a document A was entered in the database on January 1st and the Approve action for the document is planned for completion on January 15 by user B. The application continuously compares these three parameters:
21
icon in the user's
system PC date planned action date (Jan-15 for the case) value (Yes or No) defined in the Done? field of the planned action If the user B is expected to approve the document A, he should change the Done? value of the record of his action (from No to Yes) in the Action tab of the document A record. If he does not do it till Jan-15, the application considers thje action as overdue (delayed) one and marks the overdue action record in red in Actions tab displays a red blinking warning message Total delayed actions: X in the user-Admin and user responsible for the action interfaces; double clicking the blinking message opens us a form containing the information about actions delayed sends auto-mailer message to the user(s) responsible for carrying out the overdue action Send Two types of messages to all users listed in the table can be sent by clicking the button: e-mail message (e-mail addresses of users defined in Users mode are presented in To: field) or an Internal mail message. Send Internal Mail Generating an internal mail message addressed to all users listed in the document Actions tab. The users addressees of the message could review the document record or file directly from the internal mail message. Send E-Mail Generating e-mail message addressed to all users listed in the document Actions tab (the users e-mail addess should be defined in Directories - Users tab). The document file (if exists) is attached to the message. Reviewing The form contains a list of users that called file of the document for review. A useful feature to confirm the fact of the reviewing the file by particular user. Available only in Admins interface. In users interface a fact/date of the reviewing the file is confirmed with a message Reviewed on .(date) in the Properties tab of the document record. The fact of the reviewing the file by the user is fixed in two reports: User report (tab and Document report Revisions The revisions date, # of pages in the new revision, necessary comments (e.g., reason(s) for the new revision) are defined here. Comment Any needed information about the revision (e.g., reasons of the revision, etc.) File File - browse the path to the document revision file; the file should be located in the folder defined in Adjustments Location Folder with documents mode. If such file is present, the icon appears in the Documents Main Form. icon. Hyperlink file address can be typed in the File field instead of the file name. Records of such documents with hyperlink file address are marked with the The file determined for the latest revision will be displayed in the File field in the Properties tab. Monitoring of performing planned revisions The application continuously compares three parameters: system PC date date of the last revision validity time of the document prior to the next revision (defined in Dociments Settings Type tab) The application calculates the planned date for the next revision of the document (adding the revision lifespan to the date of the latest revision) and compares the date with the system PC date. On the date when the system PC date starts predating the planned next revision date the application considers the revision as overdue (delayed) one and
22
marks the overdue revision record in red in Revisions tab displays a red blinking warning message Total delayed actions: X in the user-Admin interfaces; double clicking the blinking message opens us a form containing the information about the delayed revision sends auto-mailer message to the user-Admin informing the Admin about the delayed revision References Documents that the active document refers to are listed in this tab. Standards Chapter(s) of an External Standard, whose requirements are addressed by the active document (which we enter), are listed in this tab. Filled records This tab is available only for documents of the type with the Yes mark in the Type Record column in the Documents Settings Type mode. Add - Filled records Records of filled records are added; the original document of Record type is basically a template used for filling in the results of actions. The records code is determined automatically (by adding 1 to the code of the original document record). Date/time of filling in the record, and the record's storage period are defined. File File of a filled record is selected from the files located in the folder defined in the Adjustments Location Folder with filled records field. Add - Actions Actions to be taken with the filled record are defined. Records of overdue actions are marked in red. Records with filled records are identified by the Main Form. Hard copies Information required to manage hard copies of documents is entered in this table (list/date of distribution, a date of destruction of the obsolete copies, etc.) Referring Documents Documents referring to the active document are listed in this tab. The tab is filled out with records automatically, upon adding documents records which refer to the current document. icon in the column Type in Documents
Several documents
The application allows users to add either a single document records in the database, or to exploit bulk upload feature adding several document records at once. The upload a bulk of document records the files of the document records should be selected first. Add Several documents The user select a (sub)-folder in which files of the documents being added into the database are located. This sub-folder must be located in the folder of document files (defined in Adjustments Location Folder with files of documents mode) The application determines number of files located in the selected sub-folder and asks the user to confirm the adding of the corresponding number of document records (each selected file will be assigned to one document record) The user confirms the adding by pressing Yes button. The tab Properties of the document record opens. The user selects necessary values of the corresponding parameters (Class, Type, Status, Chapter), inserts documents code and name. If applicable the user can fill in relevant fields in other tabs of the document record (Actions, Group actions, References etc. and presses OK button.
23
The number of documents equal to the number of files located in the selected sub-folder (step 2) is added to the Document Main Form. The selected parameter values (step 5) will be assigned to all newly added document records; the latest digit in the document codes will differ by one. The user opens the record of the particular document and customize entered information (code, name, etc.) as appropriate.
Creating new file

"ISOsystemPlus ensures consistency in the format of all newly composed internal documents by virtue of using pre-determined files of document templates. The internal document template files should be located in a folder defined in the Adjustments Location Folder with document templates field; the path is defined in "Settings "Type "File-template column. There are two ways of creating a new document of type, for example, Procedure. Settings Type select a Procedure type record and click New button Documents Main Form click once a document record of the Procedure type press New button in the left vertical blue area select File in the drop-down list To avoid making unauthorized changes in the template files protecting the files-templates from unauthorized change is strongly recommended. The protection can be realized either using (e.g., for -.dot templates check the Read only field in the File Properties tab) by defining a Read only level of network access to the folder with the template files for all software users is strongly recommended.
Uploading new file onto a server PC

Menu Utilities Uploading files This function allows users to upload files they create to the server. Available only to the Admin and to the users authorized to add records in the Documents module. The user browses for the file that will be uploaded to the server and clicks Open the selected file is uploaded to the folder defined in the Adjustments Location - Folder for uploading files form.
WRAP-UP: ADDING NEW DOCUMENT IN THE DATABASE

Pre-requisite: only users authorized to add records in Documents module can add records of new documents in the database The user opens the template file (Settings Type select the line of the needed type press New) of the corresponding internal document. The user drafts document-procedure file. The user uploads the file on a server PC into the Draft documents folder. The user adds a new document record to the database, assigns the file to the documents record, defines users responsible for performing actions with the document and initiates the process of documents review/approval ( Actions - Send).
Copy
This is a means of quickly adding several records of similar documents at once to the database. The records created differ only in their code values.
Delete
Delete a documents record from the database. If the document record is referenced by other records, a warning message listing the documents references is displayed.
24
Send
Two types of messages to users listed in the Actions tab of the selected document can be sent: e-mail message (users e-mail addresses are taken from the Settings - Users table) or an Internal mail message.
File
Review the selected document file. The Admin can review all files; a user can only review those documents & files for which he/she is listed in the Actions tab of the document record.
Report
Generating a document-report containing all data on the highlighted document record.
Other functions
Search
Click the Search field Type characters which are contained in the documents name or code Press the Search key or Space key A list of document records that contain the search string in their name or code appears Repeat the sequence described by typing other characters and pressing the Space key if the list needs to be narrowed
Document Management
Users can group/filter documents records using various parameters in this mode. Reports representing each grouping/filtering actions results can be generated. Grouping of records Click the button with the name of a parameter to group by (e.g., Status button) Click Display!. If necessary generate the report by clicking the Report button. As a result all records will be divided into three groups: first documents with an Active status, then documents with a Draft status, then documents with a Passive status (in alphabetical order under each status) Filtering of records Select a parameter value to filter by clicking the field with the value of the parameter and selecting the necessary value from the drop-down list (e.g., select Internal documents, type Procedure) If necessary select additional parameter values to filter the records (e.g., action Approved, user Quality Manager) Click Display!. As a result, the list of documents-procedure which are approved by the Quality Manager is displayed in the Main Form If necessary generate the report by clicking the Report button A combination of grouping/filtering records can be used. Document Revision Date A means to respond to the following question: Which documents will expire by X date? Select X date after clicking the Revision Date field Press the Display button The application adds the document lifetimes (defined in the Documents - Settings Type Validity column), to the latest document revision dates (defined in Revisions tab) and then
25
compares the resulting date with X date. Document records for which the resulting date surpasses X date will be listed in the Main Form.
Analysis
Users can group/filter document records using various parameters in this mode.
Chart settings
Y axis Number of documents is calculated. X axis Selection of document record parameters used to filter the records displayed
Types of charts
Timeline dependence Period Appropriate period is selected from the list (Day, Week, Month, etc.) Parameter Any value can be selected (usually No value is present in the field) From, To Start and end dates of analysis are defined in these fields Clicking the Parametrical Period Value No is selected Parameter Appropriate name of parameter is selected; if necessary, particular values of the selected parameter can be checked. From, To Start and end dates of analysis are defined in these fields Clicking the button generates the chart. button generates the chart.
If necessary document records can also be filtered in the Document Management mode to narrow the list of documents being analyzed and displayed in charts.
Report
Reports representing each grouping/filtering actions results can be generated.
26
Letters (Correspondence)
The module is intended to organize control of non-system documents of an organization (letters, orders, directions, etc.) Main screen area is so called Correspondences Main Form. The following command buttons are located in the left vertical area: Settings New File Analysis Delete Report A line in the Correspondence Main Form consists of a set of fields containing information about a correspondence record: Records availability for review Date (of registration) Code Name/subject Class Type Status Chapter of correspondence system the given document relates to Field (File) contains an icon signaling about a file linked to the correspondence record. Adjustments - Interface Field chooser Author several hidden columns with the correspondence records parameters (Chapter, Sender, Receiver, etc.) might be made visible in the Correspondence Main Form It is recommended to enter information in all tabs of Settings module first and then start adding new records in the Main Form.
Settings
Basic parameters of the correspondence control system are entered in the tabs of the mode. Class Names of classes of correspondence are listed in the tab. Code List of codes of the correspondence classes. Will be used in Template of code function to generate the records code while adding a new correspondence record in a database. Type Names of types of correspondence are entered for each class. File-template File-templates are assigned to each type of internal documents. The files of document templates should be located in a folder browsed in Adjustments Location Folder with filestemplates mode. These templates will be called when a file of new letter is composed. New Calling a file-template to create a new letters file. Code List of codes of the correspondence types. Will be used in Template of code function to generate the records code while adding a new record of correspondence in a database. Chapter Names of chapters of correspondence system are listed in the tab.
27
Code List of codes of the correspondence chapters. Will be used in Template of code function to generate the records code while adding a new record of correspondence in a database. Status Names of statuses of correspondence are listed in the tab. Actions Names of actions with the correspondence are listed in the tab. Subject List of letters subjects. Template of Code See the description of this function in Documents Template of Code chapter.
New
Adding new record of correspondence in the database (New Document), or composing new correspondence file (New File)
Adding new record

Properties Registration Correspondence registration code and date are entered in the fields. The registration code is generated automatically if the corresponding field is filled out in the Template Code tab (Settings Template of Code). Document Code and date of a letter (used for incoming letters only) are entered in the fields. Then the following parameters of the correspondence record are selected from the lists: class, type, status, chapter, sender, receiver, and subject/name. Class. Type. Chapter. Status. Sender. Receiver. Subject. Corresponding names of these parameters are either selected from the lists defined in Settings mode, or new names of the parameters are typed from keyboard (press Enter to confirm adding the new name in the database). File Browsing the file of letter (to be located in the folder defined in Adjustments Location Folder with correspondence). If the file of the letter is defined, an icon line. appears in the right column in the correspondence
Summary, Resolution, Result, Comment relevant information (if needed) is entered in the corresponding forms. Available for all users If the box is checked all users could open up a record of the letter and review the corresponding file. Records of such available to all letters in Main Form are marked with interface. Done? This field may contains only three values: Yes, No or - and being filled in automatically. Value - is displayed if no records of actions is listed in the tab Actions. Value Yes is displayed if all actions listed in the tab Actions are completed. Value No is displayed if at least one action listed in the Action tab is not completed (value No in Done? field of the action). If an action is a) not completed and b) overdue, the record of action (in the Action tab) and the record of corresponding correspondence (in Main Form) are getting marked with red colour.
28
icon in Admins
Hidden record This function makes user-Admin to conceal correspondence records in the Main Form if needed. To conceal the record in the Main Form: Go to Adjustments Location mode Press Ctrl-A key sequence. The check-box Display hidden records appears Check the box Display hidden records Close the form Locations. Go to Correspondence module, open the correspondence record which needs to be concealed, go to the tab Properties. The check-box Hidden record appears. Check the Hidden record box. Click OK. Go to Adjustments Location mode Press Ctrl-A key sequence. The check-box Display hidden records appears. Uncheck the box Display hidden records. Go to Correspondence module. The record for which the Hidden record box is checked will not be displayed in Document Main Form until the check-box Display hidden records in Location form is checked. Actions Add Users action Individual action(s) with the letter are entered (actions name, responsible user, planned date to complete the action). Done? The value Yes or No is selected in the field. The value can be changed by Admin, or by authorized user who added the record or by the user responsible for completing the action. Add Group action Group action(s) with the letter are entered (actions name Distributed, Directed, etc., group, planned date to complete the action). Availability of the letter/file Only the individual users listed in the Users column, and the users members of the groups listed in the Groups column will be able to open the correspondences record and/or review the corresponding call. For all other users the record/file will not be accessible. Records which are not available for the user are marked with the icon Editing the record User for which the box is checked can edit the record of correspondence - for example, to add records of actions (in the tab Actions) to be carried out by other users. It is a useful feature when, for example, the authorized user (receptionist, secretary, etc.) registers the letter (fills in Properties tab) and directs the letter for review to, say, General Manager. The General Manager can then appoint other user to carry out necessary actions with the correspondence. In practice the secretary add a record of action Directed, defines responsible user General Manager and check the box Adding actions for the added record of action. In this case General Manager working on his PC could add other records of actions and appoint other users to be responsible for further proceeding with the letter. References Letter(s) which the active letter refers to is (are) listed in the tab. Related records Letter(s) which refer to the active letter are listed in the tab. The tab is filled out with records automatically, upon adding into database records of other letters which refer to the active letter. in the users interface.
Creating new file (letter)

A new file of letter is created analogously to a new file of document.
Adding related record

29
Right clicking the record in the Main Form Select Add related record from the pop-up list New record of letter is added in the Main Form; a subject of the parent letter is presented in the Subject field; the References tab contains a record of the parent letter as well.
Delete
Deleting selected record from the database.
File
Review of the file determined in Properties tab.
Report
Generating the report that contains all information entered in the records tabs.
Other general functions

Search
Click the Search field Type characters which are contained in the searched letters subject or code Press Space key A list of correspondence records that contain the search string in their name or code appears Repeat the sequence described by typing other characters and pressing the Space key if the list needs to be narrowed
Monitoring of carrying out actions planned

The same approach as the one realized in Documents module.
Correspondence management
Analogous to the Document Management mode grouping/filtering/sorting of correspondence records by parameter.
Analysis
See description of the function in Documents Analysis chapter. If necessary correspondence records can also be filtered in the Correspondence management mode to narrow the list of records being analyzed and displayed in charts.
30
Processes
This module is intended to describe business processes using the IDEF-0 approach. Each line in the Main Form corresponds to a business process of the organization. The record consists of several fields with the following process characteristics: Code Class (of the process) Type (of the process) Name (of the process) Owner (of the process) The following control buttons are located in the left area of the Main Form: Settings New (add a new process record) Copy (available only for the Admin/authorized users) Delete (delete a process record) Flow-chart (process flow-chart/hierarchy tree) Links (links with other processes) Analysis Report (generate reports on the selected process) Work in the Processes module commences from filling forms in the Settings section followed by entering process records (New mode).
Settings
Type of process Names of types of processes (e.g., Management, Resource Provision, Life Cycle and Measurement, Analysis and Improvement) are listed in this tab. Type of process input/output Product, Service, Information and Resources are the process input/output types defined in the supplied database. Type of process resource Personnel, Finance, Information, Product and Equipment are the process resource types defined in the supplied database. Type of process parameters The process results should be analyzed using particular parameters (Quality, Efficiency and Consumer Satisfaction are those defined in the supplied database). Type of customer requirements The types are defined as per specifics of an organizations management system (e.g., Legality, Safety, Quality, Quantity, Effectiveness, Price, etc.). Customer requirements Add particular customer requirements are added. Template of Code If a template code is set for the field, the value will be displayed in Code field of a new process record being added to the database.
31
New
Two classes of processes are fixed: Basic and Complex. Processes of the Basic class are those which are described in IDEF-0 terms (Inputs, Outputs, Resources, Requirements, etc.). Processes of the Complex class are those which are comprised of other processes and thus are not described in IDEF-0 terms.
Adding a Basic process

New Basic The opening form consists of several tabs: Properties Type of process and their owner are selected from drop-down lists, the process code is generated, the process name is entered, the flow-chart of the document process and the document assigning owners of the business-process are selected from the list of documents added in the Documents module. Scope, Goals and Responsibilities of the process participants are entered in the corresponding forms. The default Level of the process is equal to 1 if the process is not included in a hierarchy tree. The View button (available if a document is selected in the tab) calls the selected document file for review. Parameters Add "Parameter - the process parameters used to evaluate its effectiveness are entered in this tab. Add Document select the relevant document(s) describing the parameter(s) entered. Monitoring This mode is used to describe/control measures to ensure monitoring of the process performance. Planned results Add "Planned result - for each parameter planned results are entered. Monitoring Add "Monitoring results of monitoring of achievement of the planned parameters are entered (date of monitoring, achieved result, select Yes/No in the Objective achieved? column). If the No value is selected, actions needed to achieve the planned goal can be defined in Actions field. Resources Add "Resource type/name of resource needed to allocate to run the process are entered here. Add "Resource supplier defining the supplier(s) of the resource (selection from the list of users) Allocation A mode to present information needed to manage actual allocation of required resources. Required resources Add - Required resources required amounts of resources are entered in the grid (date of planned resources allocation, required amount of the resource, comment). Add - Required resources information about actual allocation of resources is entered: date of monitoring, actual amount of allocated resource, conclusion on sufficiency of the allocated resource (Yes/No). Operations List of operations that the process consists of are presented in this tab. Add - Operation name of the operation is entered; the department where the operation is carried out and the user responsible for the operation.
32
Flow-chart Launch the built-in flow-chart editor. For more details about the editor functions see the table below. Task Start the flow chart construction - add the 1st operation Add the 2nd (the next) operation Action Right click the work space of the Flow Chart form Select Add operation Right click the level of the rectangle of the operation entered earlier Select Add operation Above (or Below)` Delete an operation Right click the level of the rectangle of the operation to be deleted Select Delete the operation Adding a decision point Right click the level between the two rectangles of the operations which are to be connected with the decision point Select Add decision point Adding input (output) Right click between the two rectangles of the operations Select Input (Output) Add Delete input (output) Right click a level of input (output) to be deleted Select Input (Output) Delete Defining a No operation Right click on the level of the rhombus of decision point Select Define No operation; select the appropriate operation from the drop-down list Delete a decision point Right click the level of the rhombus of decision point Select Delete decision point Editing an operations name Click on the operations name inside the rectangle
Operation records can be added (edited, inserted, deleted) while working in both the Flowchart and Operations modes. Decision points can be added (edited, deleted) only while working in Flow-chart mode. Inputs Inputs to the process operations are defined in this tab. (Inputs are transformed during the course of a process into outputs; resources are consumed during the course of a process.) Inputs Add Input. Operation and the inputs type are selected from corresponding drop-down lists. The inputs name and comments (if needed) are typed in the corresponding fields. Add Input suppliers listing suppliers for each input (department/user); one input might have several suppliers. Links Link(s) between different processes by output input type (described in Ch.0.2, ISO 9001:2008) are determined. Add Output-Input. A form to define output-input links will open. The process whose output serves as an input of the current process is selected form the process list. Outputs Outputs of the process operations are listed in this tab.
33
Outputs Add Output. The operations name and the outputs type are selected from corresponding drop-down lists. The outputs name and comments (if needed) are typed in the corresponding fields. Add Customers of output listing customers of each output (department/user); one output might have several customers. Requirements Customer requirements for the process outputs are listed in this tab. Process outputs Records in the grid are transferred from the Outputs tab and can't be changed. Requirements of customers The customers requirements are entered in the grid. The requirements name can be either selected from the list (Settings) or typed manually. Linked Processes This tab lists the Output Input links of an active process with other processes. Records in the form are added during the course of adding Output Input links records in the Inputs tab and can't be changed. Links A graphical representation of the Output-Input links between various processes.
Adding a Complex process

New Complex. The form used to add new Complex class records consists of two tabs: Properties and Constituent processes. Properties The Properties tab is filled with records just like the Properties tab of Basic processes. Constituent processes The hierarchy tree of the Complex process is constructed in the Constituent processes tab. The business processes hierarchy tree is constructed by selecting an appropriate process from the drop-down list that appears by right clicking the working area of the Constituent processes form. Hierarchy of business-processes (Process tree) The following approach of constructing the Process tree is realized in the application. All processes are assigned to several levels. The processes at zero level are the most extensive, they cover broad areas of an organization's activities. E.g., in the database supplied with the software the process labeled Continuous improvement is assigned to zero-level. Zero-level processes always consist of other processes which are assigned to the first level. The first-level processes in turn can be Complex or Basic class. In the demo-database there are three first level processes (Internal audit, Handling customers complaints and Risk management). All of them are of Basic class and described in IDEF-0 terms. The process level is determined only when the process is included in the Process tree; thus the Water production process (which also belongs to Basic class) is not assigned to any level as it is not a part of a process tree.
Flow-chart
Generating a report presenting either a process flow-chart (for a Basic class process), or a hierarchy tree (for a Complex class process).
34
Links
Generate the report that presents output input links of the active process with other processes.
Delete
Deleting the process record from the Main Form.
Report
Generates 3 reports (Documents, Process participants and Process map).
Other functions
Search
Similar to the Search function in the Documents module, this is a quick search for a process record with a specific search string in its name and/or code.
Process Management
Analogous to the Document Management mode grouping/filtering/sorting of process records by parameter.
Analysis
Users can group/filter document records using various parameters in this mode. Reports representing each grouping/filtering actions results can be generated.
Chart settings
Y axis Number of processes is calculated. X axis Selection of process record parameters used to filter the records displayed Parameter Appropriate name of parameter is selected; if necessary, particular values of the selected parameter can be checked. From, To Start and end dates of analysis are defined in these fields Clicking the button generates the chart.
If necessary process records can also be filtered in the Process Management mode to narrow the list of processes being analyzed and displayed in charts.
35
Trainings
The module helps to implement personnel training requirements, improve skills/qualifications and evaluating training effectiveness as determined by Ch. 6.2.2 ISO 9001:2008, ISO 10015:1999 and other standards. The working area of the program in this section represents the Training Main Form. Each record in the Main Form corresponds to one training (planned or conducted) and consists of several fields containing the following data: Department (of an employee to be trained) Position (of an employee to be trained) Employee (to be trained) Competence Training Subject Date (of training) Score Adjustments - Interface Field chooser several hidden columns with the training records parameters (Class of training, Type of training, Responsible) might be made visible in the Trainings Main Form. The control menu (left vertical blue field in Training Main Form) contains the following control buttons: Settings Plan (of training) Training (assessment) Delete Analysis Report Work with Trainings Module starts by filling in tabs in Settings mode followed by filling in tabs in Plan and Training modes. Double clicking on a training record in the Main Form opens a Training form in which the assessment information of the planned training may be entered.
Settings
Class (of training) Classes of training (e.g., External, Internal) are listed. Type (of training) Types of training (e.g., Workshop, Seminar, etc.) are listed. Training Grade Listing the training grades and comments/explanations in accordance with the training appraisal system adopted by the organization. Competence List of competences of employees of the organization.
36
Plan
The purpose of filling out this form is to define the range of required competencies for all employees, and create a training plan for employees to be able to qualify for the required competencies. The training plan scope audience can be defined by selecting particular combinations Department Position Employee. Competences Add- Competence create list of competences for which the training plan will be created. Competence names can be either selected from the list (defined in the Settings Competence tab), or the new competence name can be added to the database by typing it and pressing the Enter key. Training Add Training - list of training topics/subjects (includes date/classs/type of training and the topics name) needed for employees to master above defined competences. Trainings price is inserted, particular cost center is selected to assign and control the training costs (Report function in Cost center tab). Later on, in Training mode, the trainings particulars (actual trainings conducting date, trainers name, grade, etc.) will be entered. Training Documents Add- Document list of training documents for each topic. After pressing OK button the list of planned trainings is getting displayed in Trainings Main Form. Report Generate the report Training Plan for the selected Department/Position/ Employee combination in the three fields on top of this form. Delete Deleting a training subject from the form will result in deleting all training records on this subject.
Training
After making up the Training Plan and assigning trainings costs to particular cost centers the next steps in the training management process are: to conduct trainings as planned to evaluate the employees performance during the training to evaluate effectiveness of the training The Training form is intended to perform these tasks. Training Used to select a particular Department/ Position/Employee combination for which the training process will be managed. After selecting the appropriate values in the Department, Position and Employee dropdown lists the Training table is filled in with the records of trainings planned in the Plan mode. If the Training grid remains empty it means that no trainings are planned in the Plan mode for the selected Department/ Position/Employee combination. Admin (or authorized user, or the user responsible for the trainings) enters the following data in the Training table: user - responsible for conducting the training (Responsible column) actual date of training if the training has been conducted the employees grade (if the training is carried out) Evaluation of Training Effectiveness Chapter 6.2.2 ISO 9001:2008 requires evaluating of the trainings effectiveness. Admin, or authorized user, or the user responsible for performing the training effectiveness evaluation.
37
defines: user - responsible for performing the training effectiveness evaluation (Responsible column) date of evaluation Yes/No mark confirming that evaluation has been conducted the evaluation grade
Monitoring of Execution of Planned Actions

The program continuously monitors and compares the following data: system PC date planned date for conducting the training (field Date, Training grid, Training form) status of a value Yes/No ( Done? field, Training grid, Training form) planned date for evaluating the training effectiveness ( Date field, Evaluation of training effectiveness grid, Training form) status of a value Yes/No ( Done? field, Evaluation of training effectiveness grid, Training form) If a training is not conducted as planned, or a training effectiveness is not evaluated by the scheduled date, the following blinking warning messages appears in the bottom part of the Training Main Form: Total overdue trainings: X (left bottom), and Total overdue evaluations of training effectiveness: Y (right bottom). Clicking on the square button near the message (or double clicking the message itself) marks the corresponding overdue records in the Main Form red and calls for a form listing the overdue actions records.
Training Management
Analogous to the Document Management mode grouping/filtering/sorting of process records by parameter.
Analysis
Users can group/filter training records using various parameters in this mode. Reports representing each grouping/filtering actions results can be generated.
Chart settings
Y axis Number of trainings is calculated. X axis Selection of training process record parameters used to filter the records displayed Parameter Appropriate name of parameter is selected; if necessary, particular values of the selected parameter can be checked. From, To Start and end training dates are defined in these fields. Clicking the button generates the chart.
If necessary trainings records can also be filtered in the Training Management mode to narrow the list of trainings being analyzed and displayed in charts.
38
Audits
This module helps to implement requirements to organizations audit/corrective actions system as defined in Ch. 8.2.2 ISO 9001:200 and in ISO 19011:2002. The working area of the software interface is called the Audits Main Form. Each record in the Main Form corresponds to one management system audit. A record of audit in the Main Form consists of several fields (columns) with the following data: (Audit) Code (Audit) Name (Audit) Type Department (being audited) Responsible (user, whose activities are being audited) Process (Business Process being audited) Auditor Audit Date (actual) Adjustments - Interface Field chooser several hidden columns with the audit records parameters (Planned audit date, Chapters (to be audited), Standards (to be audited), Creator (of the audit record) might be made visible in Audits Main Form. The Control menu (left vertical blue field) of the Audits Main Form contains the following control buttons: Settings (basic data on the Audits module) Non-conformities New (add a new audit record in the Main Form) Copy (copying highlighted audit records in the Main Form) Delete (deleting highlighted audit record from the Main From) Report/Plan (Audit Report and Corrective Action Plan modes) Analysis Report Work in the Audits module starts by filling in tabs in Settings mode. Audit records are entered into the Main Form by clicking the new button.
Settings
Forms of this mode are used to enter initial data for the Audits system adopted by the organization. Type of audit Types of audits (e.g., Internal, External. Audit of Supplier, etc.) are listed in the tab. Type of non-conformity Classification of non-conformances adopted in the management system is entered in the form names of non-conformance types and explanation (if necessary). Auditors The following information is entered into this form: 1. Document appointing the audit group 2. Leader of the audit group. 3. Members of the audit group. Requirements to auditors The opening form contains information about requirements to the audit group members.
39
Training Move to Training module in which plan of training for audit group members is determined. Template of Code If a template code is set for the field, the value will be displayed in Code field of a new audit record being added into the database.
Non-conformities
Type of customer requirements Transferred from the Processes Settings mode Customer requirements Transferred from the Processes Settings mode Non-conformities This table contains a list of non-conformities. Each non-conformity is linked to a type of customer requirement /Customer requirement combination (as defined in Process Settings mode). The list of non-conformities entered in the tab will be used as a source of non-conformities. The name of particular non-conformity may be either selected from the drop-down list or entered manually.
New
Information about planned audits is entered in this form. Properties Code: a unique audit code is entered or generated automatically (if the corresponding field is checked in Audits Settings Template of Code tab). Type: audit type is selected from the list defined in the Audits Settings Type of audit tab) or entered manually. Name: audit name is entered. Planned Date: the planned date of the audit is selected in the calendar. Done?: Once the audit is completed, Yes value is selected, the audit date is entered into the Actual Date field. Document: the document is selected from the Documents module; the View button calls the document file for review. Departments The department(s) where the audit will be conducted, and users whose areas of responsibility are being audited are defined in this tab. At least one user must be defined in this tab. Send Clicking this button runs the e-mail agent and generates an e-mail message addressed to all users listed in the tab. Chapter Chapter(s) of the management system being audited are listed in this tab. Processes Process(es) being audited is/are listed in this tab. External Standards Chapters of external standards being audited are listed in this tab. Auditors Auditors responsible for conducting the audit are selected from the Audit Settings Audit Team list. At least one auditor must be entered in this tab.
40
Send Clicking the button runs the e-mail agent and generates an e-mail message addressed to all users listed in the tab. Report Generates the Audit Report.
Report/Plan
Information on the audit report and the corrective/preventive actions planed is entered in these tabs; the Audit Report and Action Plan documents are then generated. If an audit was not conducted (i.e., actual audit date is not defined), depressing the Report/Plan button calls a warning message that proposes either to define the audit date or leave the mode. If the audit was conducted, depressing the Report/Plan button opens up the mode which consists of two tabs: Audit report and Action plan A field in the upper part of the form contains the code/name of the audit (as a source of nonconformities); any audit conducted can be selected to list the non-conformities found during the audit.
Audit report
Information needed for the audit report is entered in this tab. Information in this tab can be entered by the: Admin users authorized to enter records in the Audits module users listed in the Auditors tab of the audit (auditors responsible for composing the audit report) Audit Report Add Audit Report. The issue date of the audit report, the user responsible for composing the report (selected from the list of auditors defined in Auditors tab of the audit record), conclusion on the audit results and if necessary a corresponding document is defined in the block. Non-conformities Add Non-conformity. Non-conformities found during the course of the audit (type of non-conformity, type/name of customer requirement that the nonconformity contradicts, name of non-conformity, and description (reason) of why the non-conformity occurred) are selected from the lists or entered manually. Distribution Add Distribution. Users whom the audit report is distributed to are listed in this grid. Document Document Send. Composing e-mail message addressed to all users listed in the Distribution grid (users e-mail addresses are defined in Settings Users Users table). Document View Calls the audit report file for review. Report Generating "Audit Report" that contains all the data entered in this form.
Action Plan
Information needed to make up the audit action plan (corrective/preventive actions and analysis review of the actions taken) is entered in this tab. A tree (Non-conformity Action(s) to be taken (corrective/preventive) Reviewing the action taken) should be created for the nonconformities found out during the audit. Action plan Add Action Plan. Information in this block can be entered by the:
41
User-Admin users authorized to enter records in the Audits module users listed in the Auditors tab of the audit (auditors responsible for composing the audit report) These users: define the date planned to issue the CAP select a user responsible for composing the Plan (the user is selected from users listed in Departments tab of the audit record in the Main Form) select if necessary the corresponding document of the action plan Database Records of non-conformities in this table are transferred from the Audit Report tab and can't be changed; corresponding corrective/preventive action(s) and a review of actions taken are determined for all non-conformities listed in this grid. Information in this block can be entered by the: User-Admin users authorized to enter records in the Audits module users listed in the Departments tab of the audit (i.e., users whose activities were a subject of the audit) Add Corrective Action/Preventive Action There are two ways of adding action records: 1. Select the nonconformity record click Add Corrective action or Preventive action 2. Right click the non-conformity record select Add from the drop-down list Corrective action The Corrective/preventive actions name/description, user responsible for performing the action, and the actions planned date are entered in the grid; the Yes/No value in the Done? field confirms if of the action is carried out. If actions record is overdue (system PC date is later than the actions planned date, with a No value in the Done? field) the record of the overdue action and the root non-conformance record are highlighted in red. Add Reviewing actions Execution of planned corrective actions should be managed. This grid contains information to ensure this: the user responsible for verifying if the scheduled corrective actions were taken, confirmation of the verification ("Yes"/ "No") and the verification date. There are two ways of adding record of reviewing the action: 1. Select the action record click Add Reviewing action 2. Right click the action record select Add from the context menu Reviewing action Records of overdue reviewing actions are highlighted in red (when the PC system date is later than the reviewing action planned date, and the Done? field contains a No value). Report Generating "Action Plan" document-report that contains all the information entered in this form.
Other functions
Search
Click the Search field Type characters which are contained in the searched audits name or code Press Space key A list of audits records that contain the search string in their name or code appears Repeat the sequence described by typing other characters and pressing the Space key if the list needs to be narrowed.
42
Monitoring of execution of actions planned

The application continuously monitors and confronts the following data: system PC date planned date of conducting the audit or performing an action/reviewing action (field Planned date, form Properties of a record of audit) value Yes/No, field Done? If an audit planned is not conducted in time, planned action or reviewing the action is not completed by planned date, the blinking warning message appears in the bottom part of the Audits Main Form: Total overdue actions: X. A click on a square near the message (or quick double clicking the message itself) paints the corresponding record(s) of overdue audit(s) in red.
Audit Management
Analogous mode to the Document management mode grouping/filtering/sorting of records of processes by needed parameters.
Analysis
Users can group/filter records of audits by various parameters in this mode. Reports representing each grouping/filtering actions results can be generated.
Chart settings
Y axis Number of audit records is calculated. X axis Selection of audit record parameters to group/filter the records displayed.
Types of charts
Timeline dependence Period Appropriate period is selected from the list (Day, Week, Month, etc.) Parameter Any value can be selected (usually No value is present in the field) From, To Start and end dates of analysis (audit dates) are defined in the fields Clicking the button generates the chart.
Parametrical Period Value No is selected Parameter Appropriate name of parameter is selected; if necessary particular values of the selected parameter can be checked. From, To Start and end dates of analysis are defined in the fields Clicking the button generates the chart.
If necessary, audit records can be also filtered in the mode Audit management mode to narrow the list of audits being analyzed and presented in charts.
43
Equipment
This module helps users develop a system to manage an organizations equipment. The work area of the software interface is called Equipment Main Form. Each record in the Main Form corresponds to one piece of equipment in an organization. A record in the Main Form consists of several fields: (Equipment) code (Equipment) class (Equipment) type (Equipment) name (Equipment)s producer (Equipment)s supplier (Equipment) price (Equipment) location Adjustments - Interface Field chooser several hidden columns with the equipment records parameters (Date of purchase, ID) might be made visible in Equipment Main Form. Left vertical blue field of the screen contains the following control buttons: Settings New (adding a new equipment record in the Main Form) Copy (copying equipment records in the Main Form) Delete (deleting equipment record from the Main From) Analysis Report (report on a particular unit of equipment) Work in the Equipment module starts by filling in tabs in the Settings mode. Equipment records are entered in the Main Form by clicking the New button.
Settings
Forms of this mode are used to enter initial data for the Equipment Control System established within the organizations management system.
Class
General classes of equipment are listed in the tab.
Type
Types of equipment (can be used to specify, e.g., the equipments usage/source/location) are listed in the tab.
Equipment
Combinations Class Type Equipment are determined in the tab. Classes and types are either selected from the lists defined in corresponding Settings mode tabs, equipment names are typed.
Action
Possible actions with equipment are listed in the tab. The actions list might include formal actions which carrying out is required by management system (like calibration, verification, maintenance, etc.), as well as informal ones which listing might be useful to ensure proper control over the equipment during its lifetime in the organization (purchasing, installation, breakage, repair, etc.)
44
Period
Periods of time, time measurement units and No. of units in each period are defined in the tab. The periods listed in the tab are to be used to determine time frames for periodic actions with equipment (like calibration, maintenance, etc.)
Template of Code
If a template code is set for the field, the value will be displayed in Code field of a new equipment record being added to the database.
New
Adding a new record of equipment in the Main Form (database).
Equipment
Code: a unique code of the unit of equipment is entered or generated automatically (if the corresponding function is switched on in Equipment Settings Template of Code form). Class, Type, Name, Manufacturer , Supplier the fields are filled in either by selecting of appropriate names from the drop-down lists entered in Settings - Counterparties modes, or by typing the new name (class, type) and pressing Enter. ID: identifier of the unit of equipment (e.g., bar-code, etc.) is entered in the field (optional) Purchase date: appropriate date is defined. Cost center: selection of cost center which the equipment cost will be assigned to Price: goes without saying. Currency unit is selected from the list defined in Settings Organization - Currency mode.
Location
Department(s) where the unit of equipment is located, date of location and a user responsible for the unit of the equipment overseeing, is listed.
Actions
Action Name of actions supposed to be carried out with the unit of equipment are entered; the names can be either selected from the drop-down list defined in Settings-Actions mode. Period For periodical actions (actions which imply actions taken with some regularity e.g., Calibration, Maintenance, etc.) the period value is selected (from the list defined in Settings - Period mode); for non-periodical actions (like Purchasing, Installation, etc.) a value No is selected in the Period period. Date, User Planned date of action and a user responsible for carrying out the action are defined. Done? The fact of completing the action planned is confirmed by selecting Yes value in Done? column. Admin, authorized user(s) and a user - responsible for carrying out the action can change the Yes/No values in the Done? column from their PC. Add period records Select the option in the right-click context menu to accelerate filling in the table with records of periodical actions. After selecting this option (which is available only in the pop-up list appearing after clicking the periodical action) the one-year list of periodical actions is populated. Add one more period record The option in the right-click context menu is used for quick adding record of one more set of periodical actions to the list of action records.
45
Copy
Quick copying a selected record of the equipment in the Main Form. Records being copied differ by one digit in the code.
Delete
Deleting a selected record of the equipment from the Main Form. Admin can delete all records; authorized user can delete only those records which he/she added.
Report
Generating a document-report summarizing all information about the selected unit of equipment.
Other functions
Search
Click the Search field Type characters which are contained in the searched equipment name or code Press Space key A list of equipment records that contain the search string in their name or code appears Repeat the sequence described by typing other characters and pressing the Space key if the list needs to be narrowed.

The program continuously monitors and confronts the following data: system PC date planned date for carrying out the planned action with equipment (field Date, form Actions of a record of equipment) status of a value Yes/No (field Done?, form Actions If a planned action is not carried out in time, red warning message starts blinking in the bottom part of the Equipment Main Form: Total overdue actions: X (left side). A click on a square near the message (or quick double clicking the message itself) paints the corresponding record(s) of overdue pieces of equipment in red.
Equipment management
Analogous mode to the Document management mode grouping/filtering/sorting of records of processes by needed parameters.
Analysis
Users can group/filter records of equipment by various parameters in this mode. Reports representing each grouping/filtering actions results can be generated.
Chart settings
Y axis Number of records of equipment is calculated. X axis Selection of equipment record parameters to group/filter the records displayed.
Types of charts
46
Timeline dependence Period Appropriate period is selected from the list (Day, Week, Month, etc.) Parameter Any value can be selected (usually No value is present in the field) From, To Start and end dates of analysis are defined in the fields Clicking the button generates the chart.
If necessary users select the particular date pertaining to the equipment (either Date of Purchase or Date of Placement the equipment) for building up the charts. Parametrical Period Value No is selected Parameter Appropriate name of parameter is selected; if necessary particular values of the selected parameter could be checked. From, To Start and end dates of analysis are present in the fields Clicking the button generates the chart.
If necessary equipment records can also be filtered in the mode Equipment management to narrow the list of equipment being analyzed and displayed in charts.
47
Requests (complaints)
The module helps users in organizing the system of handling (registering/controlling) customer requests (complaints) as it is required by ISO standards (in particular, by ISO 10002:2004).
Approach to handle the complaint

The following approach to handle the complaints is realized in Complaints module is following: 1 Registration Complaint is registered Admin or authorized user (Registrar) Registrar New mode, Registration form Registration form, Distribution grid Review form, Review grid, Comment field
Directing the complaint to the responsible user Initial review
Complaint is directed to a user responsible for its further handling
Review of complaint, taking a decision on actions needed to handle the complaint
The user whom the complaint was directed to at Step 2 (Responsible user) Responsible user
Involving other users into review
Determination of other users which should review the complaint and provide their feedback (users-advisors) User(s) determined at Step 2 review the complaint and provide the responsible user with their feedbacks Actions needed for closing the complaint are taken, the complaint is closed
Review form, Consultation grid, field Responsible Review form, Consultation grid, field Comment Form Review, grid Review, fields Done? & Actual date
Advising the responsible user
Usersadvisors
Closing the complaint
Responsible user
The working area in this mode is so called Complaints Main Form. Each record in the Main Form corresponds to one customer complaint registered and consists of the following fields: Code of the complaint (should be the unique one for each complaint) Date of registration Class (of complaint) Type (of complaint) Counterparty (who placed the complaint) Review (user responsible for the complaint review) Consultation (user participating the complaint review) Done? confirmation of a fact of closing the complaint Adjustments - Interface Field chooser several hidden columns with the complaint parameters (Status, Actual date, Planned date, Object, etc.) might be made visible in Complaints Main Form.
48
The following command icons are presented in the left vertical blue area: Settings Basics New (adding a new record of complaint registering the complaint) Delete (deleting a record of complaint from database) Review (reviewing the complaint) Report (report on the complaint) The work in Complaints module starts from the filling out the tabs in the Complaints - Settings mode.
Settings
Class Classes (sources) of complaint are listed (e.g., Consumer, Customer, Mass-media, and Authorities). Code A particular code is assigned for each complaint class. The codes will be used in Template of code tab to determine the code of a complaint record which will be generated while the complaint registration. Type For each class of complaint corresponding types are defined (e.g., Request, Complaint, Gratitude etc.) Respond time For each type of complaint the max. number of days during which the complaint of the particular type should be responded/closed is defined. While registering the complaint this number of days is added to the registration date thus determining the planned date for closing the complaint. Code A particular code is assigned for each complaint type. The codes will be used in Template of code tab to determine the code of a complaint record which will be generated while the complaint registration. Status Statuses of complaint are listed (e.g., Registered, Review, Closed). Template of Code If a template code is set for the field, the value will be displayed in the Code field while the new complaint registration. Two types of template code could be selected: 1. Arbitrary - a user inserts the permanent template of code in the field which will be displayed in the Document Code field while the new complaint registration. This code could be changed by the user who enters the new record is necessary. 2. Structured the user can select codes of particular parameters (Class, Type) and index number which will be used as parts of the code of a newly added complaint record. This code could not be changed by the user who registers the new complaint. Autoincrement If this field is checked the last digit in the code value will be increased by one when a new complaint record is being added. If the two template codes fields are not filled in, the new records code should be inserted manually.
49
Basics
Responsibilities Policy selection of a document (from the lists of documents entered in the database), that contains the organizations Policy on dealing with customers complaints. Process selection of a record (from a list of processes entered in the database) that describes the process of dealing with customers complaints. Responsibilities relevant users/responsibilities are defined Documents selection of relevant records of documents describing the process of dealing with customers complaints. Resources To assure effective and efficient functioning of process of dealing with complaints top management shall evaluate need in resources and ensure their allocation. Resources Add Resource. Names of needed resources are added in the grid. Required resources Add Required resource Date of the resource allocation, amount of the resource to be allocated and comment (if necessary) is entered in the corresponding fields of the grid. Allocation of resources Add Allocation of resources Results of monitoring of actual amount of resources allocated are entered in the grid: date of monitoring, actual amount of resource allocated, and comment (if necessary) are entered in the grid. Report Generating document-report containing information on allocation resources entered in the form. Goals Top management shall assure goals definition in area of dealing with customer complaints. These goals should be established on a regular basis in a definite time as particular parameters of the organizations activity. Goals Description of goals of the process Handling with customers complaints is entered. Planned results of parameters For each goal listed in the Goals grid, planned quantitative parameters to achieve, planned date of achieving and necessary comments are determined. Monitoring of results achieved For each planned parameter listed in the Planned results grid results of monitoring of the achieving of the planned results are entered. Date of monitoring, actual results achieved, conclusion on achieving the goal planned (Yes or No) and in case of No comment (corrective action) are entered in fields of the grid.
New
Pressing the button opens up a form Registration to register new complaint (to add it in the database). The form can be filled out with records either by Admin or by authorized user (Registrar).
Registration
User-Registrars name is presented in the forms header. Code A unique identifier of the complaint. The field is filled out (generated) automatically if the corresponding function (Settings - Template code) is activated.
50
Class, Type, Status Selecting relevant values from the corresponding lists (entered in Complaints - Settings tabs) Date of registration PC system date/ time of complaint registration. Planned date to respond Determined by adding No. of days required to respond the complaint of a particular type (defined for the particular type of complaint in Complaints Settings Type Respond time tab). Counterparty A counterparty who placed the complaint is either selected from the list of customers (defined in Directories Counterparties mode); a new counterparty name may be typed. Responded? If the complaint is closed by the user-Registrar the mark Yes is selected in the field. Object, Requirements, Description, Actions Detailed information on the complaint is entered (contact data of the customer, the essence of the complaint, actions undertaken or to be undertaken, etc.) Distribution A user-registrar selects the single Responsible user who will be finally responsible for the whole process of handling/closing this complaint. The Responsible user will be able to open up and edit the record of the complaint in Review mode. Upon filling in the Registration form and pressing OK the complaint record appears in the Main Form; responsible user name is displayed in the Review column. Hidden record This function makes user-Admin to conceal request records in the Main Form if needed. To conceal the record in the Main Form: Go to Adjustments Location mode Press Ctrl-A key sequence. The check-box Display hidden records appears Check the box Display hidden records Close the form Locations. Go to Requests module, open the request record which needs to be concealed, go to the tab Registration. The check-box Hidden record appears. Check the Hidden record box. Click OK. Go to Adjustments Location mode Press Ctrl-A key sequence. The check-box Display hidden records appears. Uncheck the box Display hidden records. Go to Requests module. The record for which the Hidden record box is checked will not be displayed in Request Main Form until the check-box Display hidden records in Location form is checked.
Review
Responsible user is supposed to review the complaint directed to him/her, to respond the customer who placed the complaint, and eventually to close the complaint. Review Records of complaints directed to the particular responsible user are listed in the grid Review in the users interface. In Admins interface all records of complaints are listed.
51
Values in fields Code, Status, Planned data are transferred simultaneously from the corresponding fields on Registration form. Only Responsible user is authorized to: change the planned date of closing a complaint (double click the field Planned date, grid Review); review the data entered in the Registration form of the complaint (Registration button) edit the Comment field (Review grid); the data entered in this field will be available for users-advisors; assign users-advisors (grid Consultation, form Review); determine the expected date of receiving the additional information from users-advisors (Planned date, grid Consultation) define (field Done?) value Yes/No (grid Consultation) to estimate sufficiency of the data provided by users-advisors; select Yes value in the Done? field (grid Review) fixed the fact of closing the complaint; define the date of closing the complaint (Actual date, grid Review).
Consultation
User-consultant can open up records of complaints directed to them by the responsible user. User-consultant is authorized to: enter information required by the responsible user (field Comment, grid Consultation) fix a fact of submitting the info required (value Yes, field Done?, grid Consultation) define a date of submitting the info (field Actual date, grid Consultation)
Delete
A record of complaint can be deleted from the database by Admin only.
Report
Generating two reports: 1. Complaint (report presenting all data about a complaint that record is highlighted in the Main Form) 2. Counterpartys complaints (list of complaints placed by the particular counterparty)

The program continuously monitors and confronts the following data: system PC date planned date for closing the complaint (form Review, grid Review, field Planned date) value in the Done? field (form Review, grid Review) If the complaint is not closed by the scheduled date (PC system date is later then the planned date for closing the complaint, No in the field Done?), a blinking warning message appears in the right bottom part of the Complaints Main Form: Total delayed complaints: X. The overdue complaint record is painted in red in the Main Form. Clicking a square near the blinking message (or double clicking the message itself) opens up a form listing the delayed actions.
Complaint management
Analogous mode to the Document management mode grouping/filtering/sorting of records of complaints by needed parameter(s).
Analysis
Users can group/filter records of complaints by various parameters in this mode. Results of the grouping/filtering operations are represented as bar charts.
52
Chart settings
Y axis Number of records of complaints is calculated. X axis Selection of parameters of records of audits to filter the records displayed in the chart.
Types of charts
Timeline dependence Period Appropriate period is selected from the list (Day, Week, Month, etc.) Parameter Any value can be selected (usually No value is presented in the field) From, To Starting and ending dates of analysis are defined in the fields Pressing button generates the chart.
Parametrical Period Value No is selected Parameter Appropriate name of parameter is selected; if needed particular values of the selected parameter could be checked. From, To Starting and ending dates of analysis are defined in the fields Pressing button generates the chart.
If necessary records of the audits can be additionally filtered in the mode Control of audits to narrow the list of audits being analyzed and presented in charts.
53
Non-conformities
Non-conformities module helps users of the program to: Develop a system for classification of nonconformities Define criteria of their quantitative evaluation Organize registration of nonconformities and effectively control their correction Carry out comparative analysis of nonconformities based on various parameters that are customized to your needs Perform quantitative analysis of effectiveness of implementation and functioning of your organization's management system Wrap-up and present results of the analysis in an easy to understand (graphics, charts) form suitable for management analysis and business unit decision making The work area in the module is called the Non-conformities Main Form. Each record in the Main Form corresponds to a non-conformity and contains information about the non-conformity found in the organization's management. Records of non-conformities (being entered in Audits module) are transferred to the Nonconformities Main Form automatically. Non-conformities records of other than Audits sources are added to the database manually (Non-conformities New). A record in the Main From consists of the following fields: Code of the non-conformity (unique one) Date of the non-conformity registration Type of non-conformity Name of the non-conformity Department where the non-conformity was found Corrected - a field that contains a (Yes/No) value stating if the non-conformity was corrected Reason/Comment detailed non-conformity explanation Adjustments - Interface Field chooser several hidden columns with the nonconformity parameters (Source of non-conformity, Standard, Department, etc.) might be made visible in Main Form. Work in the Non-conformities module starts with filling in the tabs in the Non-conformities Settings mode.
Settings
Type of customers requirements List of types of customer requirements (analog of the tab in Processes - Settings mode). Significance The first quantitative parameter used for quantitative evaluation of non-conformities. It is assumed that all types of customer requirements account for 100% of customer satisfaction. A share of significance (in % from overall 100%) is assigned to each type of customer requirement. Code A particular code is assigned for each type. The codes will be used in Template of code tab to generate the code of a record which will be generated while the non-conformity records is added into a database.
54
Customer requirement List of types of customer requirements; analog of the tab in Processes - Settings mode). Type of non-conformity List of types of non-conformities (analog of the tab in Audits Settings mode). Weight The second quantitative parameter used for quantitative evaluation of non-conformities. Particular weight value (in grades) is assigned to each type of non-conformity. The more severe are consequences of non-conformity of the particular type the greater the weight of the type of non-conformity. Code A particular code is assigned for each type. The codes will be used in Template of code tab to generate the code of a record which will be generated while the non-conformity record is added into a database. Source of non-conformity Possible sources of non-conformities are listed in the tab. Two sources names - Audits and Complaints - are fixed and can not be changed, other sources (Working practices, etc.) may be added. Code A particular code is assigned for each source. The codes will be used in Template of code tab to generate the code of a record which will be generated while the non-conformity record is added into a database. Template of code If a template code is set in this form, the non-conformity code will be automatically generated and displayed in the Code field when a non-conformity record is added to the database. Two types of template code could be selected: Fixed - a user inserts the permanent template of code in the field. Exactly this template will be displayed as Code of a new non-conformity being added. The generated code can be changed as necessary Structured the user can select codes of particular parameters (Type of non-conformity, Source of non-conformity, Type of customer requirement) and digital number which will be used as parts of the code of a newly added record. The generated code of the new con-conformity can not be changed. Auto increment If this field is checked the last digit in the code value will be increased by one when a new nonconformity record is added.
Database
Non-conformities List of names of non-conformities is displayed; combinations Type of customer requirement Customer requirement Non-conformity are determined.
New
Depending on the source of non-conformity (Audits or non-Audits) the non-conformity can be added into the database in two different ways.
Source of non-conformity - Audits

As soon as the non-conformity is added to the database in the Audit module (Audit Report form), it it transferred and gets displayed in the Non-conformities Main Form.
Source of non-conformity is non-Audits

55
A new non-conformity record is added manually (clicking the New button). The following properties fields of the new non-conformity must be filled in: Source of non-conformity Type of non-conformity Class and type of the complaint (for non-conformities from the Complaints source) Type of customer requirement (select from the drop-down list or by entering the new type) Customer requirement (select from the drop-down list or by entering the new type) All values can be either selected from drop-down lists created in the Settings mode tabs or the new values can be typed manually. Actions Actions select between the Corrective actions and Preventive actions options the corresponding form to enter all the relevant information on correction of the non-conformity or preventing its occurrence will then open. Comment For non-conformities of Audits source the information in this form is copied from the Reason field of the non-conformity (Audits Report/Plan Audit report - Non-conformities). For nonconformities of Complaints source the record in this field is transferred from the Objects and Description fields (Complaints - Registration form). CAR Set of data needed to generate CAR repor for the active non-conformity. The CAR is generated by pressing Report with the following selection CAR option. Departments Processes Standards Documents Corresponding departments (in whose areas of activity the non-conformity was found), processes (which the non-conformity affects), standards and documents (whose requirements the non-conformity violates) are entered in these tabs. After clicking OK the new non-conformity record appears in the Non-conformity Main Form.
Delete
Deleting the record of non-conformity from Main Form (but for all that source records of audits or complaints remain not affected).
Analysis
Users can group/filter records of audits by various parameters in this mode. Reports representing each grouping/filtering actions results can be generated.
Quantitative evaluation of a non-conformity

Each non-conformity entered into the database is assigned to a particular type of nonconformity and to a type of customer requirement. Thus the values of the non-conformitys weight (in points) and significance (in %) are automatically determined. Multiplication of these values results in total weight of the particular non-conformity a quantitative parameter that is used for purposes of quantitative evaluation of the non-conformity.
Chart settings
56
Y axis Number of records of non-conformities or their total weigh to display is selected. X axis Selection of parameters of records of audits to filter the records displayed in the chart.
Types of charts
Timeline dependence Period Appropriate period is selected from the list (Day, Week, Month, etc.) Parameter Any value can be selected (usually No value is presented in the field) From, To Starting and ending dates of analysis are defined in the fields Pressing button generates the chart.
Pareto chart Pareto-type charts can be generated (as a sub-category of parametrical chart) if the corresponding box Pareto chart is checked.
Report
Generating a) document-report containing all information on the selected non-conformity or b) the report listing all records entered in Non-conformities - Database mode.
Non-conformity management
Analogous to the Document management mode grouping/filtering/sorting of records of nonconformities by needed parameter(s).
57
Hazards
The purpose of this module is to develop a risk management system in accordance with the requirements of OHSAS 18001:2007. Each line in the Main Form corresponds to one identified hazard. The hazard line consists of the following fields: Type of object Object Type of hazard Hazard Source of hazard Risk (Risk) acceptability Adjustments - Interface Field chooser several hidden columns with the hazards parameters (Likelihood, Severity, Occupance/Use, Justification) might be made visible in Main Form. Hazard records in the Main Form are added by means of filling in the form Identification of hazards in the Analysis mode. The vertical blue field in the Main Form contains the following command buttons Settings Database Basics Analysis Review Report It is recommended to start work from the filling in the Settings mode forms.
Settings
Type of hazard Hazard types (e.g., chemical, physical, fire, etc.) are listed in the tab. Type of requirement Types of requirements (legal, operational, financial, customers ones, etc.) applicable to the risk management system (Ch. 4.3.2 OHSAS 18001:2007) are listed in the tab. Type of object Types of organizations objects which the risk analysis will be applied to (Action, Item, etc.) are listed in the tab. Severity Levels of severity of hazard occurrence consequences are entered (numerical value, concise explanation and comments if necessary); will be used for risk calculation purposes in the risk analysis mode for estimation of risk purposes. Likelihood Levels of probability of hazard occurrence are entered (numerical value, concise explanation and comments if necessary); will be used for risk calculation purposes in the risk analysis mode for estimation of risk purposes.
58
Occupancy Levels of occupancy of hazard occurrence are entered (numerical value, concise explanation and comments if necessary); will be used for risk calculation purposes in the risk analysis mode for estimation of risk purposes. Risk estimation Risk calculation Appropriate formula (combination of probability, severity and if necessary - occupancy) for estimation of risk purposes.
Database
Records in the tabs of this mode are added either directly, or during adding the records in the Risk analysis mode. Hazard source List of sources of hazards. Hazards List of hazards. Control measures List of control measures.
Basics
Objects Description of organizations objects which the risk management process will be applied to. Objects List of the organizations objects names which the risk management process will be applied to. Documents List of documents describing the highlighted object. The report (Report Documents) is generated based on the information entered in this tab. Plan Drop-down list of five forms: Scope of application, Verification plan, Responsibilities, Action analysis requirements and Risk acceptability criteria. Information entered in these forms will be used for generating the Emergency Plan report. Report Two reports - Objects and Emergency plan are generated for the selected object. Responsibilities Policy The document that contains the Safety Policy of the organization (par 4.2 OHSAS 18001:2007). Process The process describing the risk assessment approach implemented in the organization is selected. Management appointee Select the user - Management Appointee. Responsibility Responsibilities of each management level, and documents describing said responsibilities are entered (Ch. 4.4.1 OHSAS 18001:2007). Goals Goals Goals of the management system (Ch. 4.4.1 OHSAS 18001:2007) are listed.
59
Planned results Parameters (quantitative) to be achieved and date planned for achieving the parameters are entered for each goal listed in the Goals grid. Monitoring of results achieved Monitoring the results achieved by the planned parameters are entered here. Date of monitoring, actual results achieved, conclusion on achieving the planned goal (Yes or No) and in case of a No value comment (corrective action) are entered in grid fields. Report Generates a document-report that contains all the information entered in this tab. Resources Resources List of the resources required for the functionality of the management system (Ch. 4.4.1 OHSAS 18001:2007). Required resources The resources required to run the risk management process are defined in the grid. The date the resource was allocated, amount of the resource being allocated and a comment (if necessary) is entered in the corresponding fields of the grid. Allocation of resources Results of monitoring the actual amount of resources allocated are entered in the grid: date of monitoring, actual amount of resource allocated, conclusion on allocating the planned amount of resource (Yes/No format) and comment (if necessary) are entered in the grid. Report Generates a document-report that contains all the information entered in this tab.
Analysis
Identification of hazards Performing the analysis The user responsible for performing the risk assessment and the assessment date is defined in this grid. Objects Add Object define Type of object Object combinations for which risk assessment will be conducted. Identification of hazards For each object identified in Objects grid the combination(s) Type of hazard Hazard Source of hazard is(are) determined. Risk evaluation Add Risk evaluation. Values of likelihood of the hazard occurrence, severity of its consequences and if necessary occupancy of the hazard are consequently selected from the corresponding drop-down lists. The quantitative level of risk is calculated, the conclusion on acceptability of the risk estimated (Yes or No) is made in the Accepted? field. Those hazards for which risk level is acknowledged as unacceptable ( No value in the Accepted? field) are considered in the next step of the risk assessment process (tab Control measures). Control measures Control measures to minimize the risks estimated at the previous stage of risk analysis are determined in this mode. Hazards Records of hazards with an unacceptable risk level defined on the previous Risk Analysis stage are transferred in the grid from Identification of hazards form and cannot be edited.
60
Control measures Add Control Measure. For each hazard record displayed in the Hazards grid, control measures reducing the risk of the hazard are defined. Verification Add Verification of implementation. Verification of implementation of the control measures is required to make sure that the control measure is implemented. The user responsible for the verification, verification date and confirmation of the verification are selected. If the verification is not made (mark No in the Completed? field) red alarm message starts blinking in the bottom left part of the Hazard Main Form. Residual risk evaluation After risk control measure(s) implementation the residual risk should be evaluated to decide whether the implemented measures have reduced the risk to acceptable level. The evaluation is performed analogously values of probability, severity and occupancy are determined, risk is calculated and the decision about the risk acceptability is taken. Report The documents-report Hazard analysis is generated (either for a highlighted object or for all objects).
Review
Risk management is an evolving process and periodic review of the risk management activities is needed to ascertain whether they are being carried out correctly, to rectify any weaknesses, to implement improvements, and to adapt to changes. Management group meetings List of management group meetings is entered in the grid. The date of the meeting and its participants are entered for each meeting listed. Decision Decisions taken in management meeting are entered in the form. Execution date and users responsible for the execution of the decision taken are defined for each decision. The Completed? field contains a (Yes/No) mark signaling the decisions execution status. If the decision is not executed by the date planned the overdue decision record is marked in red.
Report
The document-report Management team meetings is generated.
Hazard Control
Analogous mode to the Document Management mode grouping/filtering/sorting of records of non-conformities by the required parameter(s).
61
Monitoring of fulfillment of actions planned

A message displayed in the bottom part of the Hazards Main Form signals the number of overdue control measures and management meeting decisions. The application continuously compares the following parameters: Mode Control measures System PC date; Planned date of verification of the control measure implementation Yes"/No value in the Done? field Mode Review - Decision: System PC date; Planned date of execution of the decision taken Yes"/No value in the Done? field If the planned date exceeds the system PC date and the No value is still displayed in Done? field, the action record is considered overdue and highlighted in red in interfaces of the Admin and user(s) responsible for execution of the planned action.
Aspects
The purpose of this module is to develop an ecological aspects and risk management system in accordance with the requirements of ISO 14001:2004. Each line in the Main Form corresponds to one combination aspect:hazard. The line consists of the following fields: Type of ecological aspect Name of the aspect Type of hazard Hazard Risk (Risk) acceptability Adjustments - Interface Field chooser several hidden columns with the hazards parameters (Likelihood, Severity, Significance, Justification) might be made visible in Hazard Main Form. Records in the Main Form are added by means of filling in the form Identification of hazards in the Analysis mode. The vertical blue field in the Main Form contains the following command buttons Settings Database Basics Analysis Review Report It is recommended to start work from the filling in the Settings mode forms.
62
Settings
Type of hazard Hazard types (e.g., chemical, physical, fire, etc.) are listed in the tab. Type of requirement Types of requirements (legal, operational, financial, others) applicable to the risk management system (Ch. 4.3.2 ISO 14001:2004) are listed in the tab. Type of aspect Types of organizations ecological aspects which the risk analysis will be applied to (e.g. Significant, Insignificant) are listed in the tab. Severity Levels of severity of hazard occurrence consequences are entered (numerical value, concise explanation and comments if necessary); will be used for risk calculation purposes in the risk analysis mode for estimation of risk purposes. Likelihood Levels of probability of hazard occurrence are entered (numerical value, concise explanation and comments if necessary); will be used for risk calculation purposes in the risk analysis mode for estimation of risk purposes. Significance Levels of significance of ecological aspect are entered (numerical value, concise explanation and comments if necessary); will be used for risk calculation purposes in the risk analysis mode for estimation of risk purposes. Risk estimation Risk calculation Appropriate formula (combination of probability, severity and if necessary - significance) for estimation of risk purposes is selected from the list.
Database
Records in the tabs of this mode are added either directly, or during adding the records in the Risk analysis mode. Hazard source List of sources of hazards. Hazards List of hazards. Control measures List of control measures.
Basics
Aspects Identification and classification of organizations ecological aspects which the risk management process will be applied to is performed in this form. The purpose is to create a complete listing of how the organization interacts with the environment. The organization must include the effect of non-routine situations in the listing such as emergency conditions, start-up and shutdown activities. The procedure that is developed to produce the list of environmental aspects must recognize the concept of continual improvement. The procedure and the list of aspects can be influenced by future actions such as new legislation, changes in operations, etc. The Management Review (4.6) section mandates continual improvement because the environmental management system must be reviewed on a periodic basis to insure that it is still effective
63
based upon the organization's activities, products and/or services. Aspects List of the organizations ecological aspects names which the risk management process will be applied to (par. 4.3.1 ISO 14001:2004). The organization shall identify the specific environmental aspects that can be controlled, and over which it can be expected to have influence. This requirement leads to confusion in its interpretation. The simple approach here is to include only those aspects over which the organization has total control. The total control approach might be to limiting when the question of conformance to ISO 14001 is evaluated. An organization that produces a product that is utilized by another organization might take the position that it cannot control the final disposal of that product. However, the producing organization might be evaluated for conformance with ISO 14001 based upon whether it had employed life cycle analysis in the design and production of the product. This is a "grey" area in the standard. The organization must develop a procedure for the determination of control and influence. The procedure must define whether an organization is going to be proactive, or approach this step in a narrow fashion. Documents List of documents related to the highlighted aspect. The report (Report Documents) is generated based on the information entered in this tab. Plan Drop-down list of five forms: Scope of application, Verification plan, Responsibilities, Action analysis requirements and Risk acceptability criteria. Information entered in these forms will be used for generating the Emergency Plan report (Ch. 4.4.7 ISO 14001:2004). Report Two reports - Aspects and Emergency plan are generated. Responsibilities Policy The document that contains the Ecological Safety Policy of the organization Ch 4.2 ISO 14001:2004). Process The process describing the aspect classification and/or risk assessment approach implemented in the organization is selected. Management appointee Select the user - Management Appointee. Responsibility Responsibilities of each management level, and documents describing said responsibilities are entered (Ch. 4.1.1 ISO 14001:2004). Goals Goals Goals of the management system (Ch. 4.3.3 ISO 14001:2004) are listed. Planned results Parameters (quantitative) to be achieved and date planned for achieving the parameters are entered for each goal listed in the Goals grid. Monitoring of results achieved Monitoring the results achieved by the planned parameters are entered here. Date of monitoring, actual results achieved, conclusion on achieving the planned goal (Yes or No) and in case of a No value comment (corrective action) are entered in grid fields. Report Generates a document-report that contains all the information entered in this tab.
64
Resources Resources List of the resources required for the functionality of the management system (Ch. 4.4.1 ISO 14001:2004). Required resources The resources required to run the risk management process are defined in the grid. The date the resource was allocated, amount of the resource being allocated and a comment (if necessary) is entered in the corresponding fields of the grid. Allocation of resources Results of monitoring the actual amount of resources allocated are entered in the grid: date of monitoring, actual amount of resource allocated, conclusion on allocating the planned amount of resource (Yes/No format) and comment (if necessary) are entered in the grid. Report Generates a document-report that contains all the information entered in this tab.
Analysis
Identification of hazards Performing the analysis The user responsible for performing the risk assessment and the assessment date is defined in this grid. Aspects Add Aspect select Type of aspect adding records of aspects for which risk assessment will be conducted. Identification of hazards Select the aspect record press Add Hazards. For each identified aspect the combination(s) Type of hazard Hazard Source of hazard is(are) determined. Risk evaluation Add Risk evaluation. Values of likelihood of the hazard occurrence, severity of its consequences and if necessary significance of the aspect are consequently selected from the corresponding drop-down lists. The quantitative level of risk is calculated, the conclusion on acceptability of the risk estimated (Yes or No) is made in the Accepted? field. Those hazards for which risk level is acknowledged as unacceptable ( No value in the Accepted? field) are to be reviewed on the next step of the risk assessment process (tab Control measures). Control measures Control measures to minimize the risks estimated at the previous stage of risk analysis are determined in this mode. Hazards Records of hazards with an unacceptable risk level defined on the previous Risk Analysis stage are transferred in the grid from Identification of hazards form and cannot be edited. Control measures Add Control Measure. For each hazard record displayed in the Hazards grid, control measures reducing the risk of the hazard are defined. Verification Add Verification of implementation. Verification of implementation of the control measures is required to make sure that the control measure is implemented. The user responsible for the verification, verification date and confirmation of the verification are selected. If the verification is not made (mark No in the Completed? field) red alarm message starts blinking in the bottom left part of the Hazard Main Form.
65
Residual risk evaluation After risk control measure(s) implementation the residual risk should be evaluated to decide whether the implemented measures have reduced the risk to acceptable level. The evaluation is performed analogously values of probability, severity and occupancy are determined, risk is calculated and the decision about the risk acceptability is taken. Report The documents-report Hazard analysis is generated (either for a highlighted object or for all objects).
Review
Risk management is an evolving process and periodic review of the risk management activities is needed to ascertain whether they are being carried out correctly, to rectify any weaknesses, to implement improvements, and to adapt to changes. Management group meetings List of management group meetings is entered in the grid. The date of the meeting and its participants are entered for each meeting listed. Decision Decisions taken in management meeting are entered in the form. Execution date and users responsible for the execution of the decision taken are defined for each decision. The Completed? field contains a (Yes/No) mark signaling the decisions execution status. If the decision is not executed by the date planned the overdue decision record is marked in red.
Report
The document-report Management team meetings is generated.
Hazard Control
Analogous mode to the Document Management mode grouping/filtering/sorting of records of non-conformities by the required parameter(s).
66
Monitoring of fulfillment of actions planned

A message displayed in the bottom part of the Hazards Main Form signals the number of overdue control measures and management meeting decisions. The application continuously compares the following parameters: Mode Control measures System PC date; Planned date of verification of the control measure implementation Yes"/No value in the Done? field Mode Review - Decision: System PC date; Planned date of execution of the decision taken Yes"/No value in the Done? field If the planned date exceeds the system PC date and the No value is still displayed in Done? field, the action record is considered overdue and highlighted in red in interfaces of the Admin and user(s) responsible for execution of the planned action.
67
HACCP
The ideology and methodology of the approach realized in the HACCP module completely meets requirements to integrate food and quality management systems as outlined in ISO 22000:2005, based on the HACCP approach explained in detail in the Guidelines for HACCP SYSTEM Application (ALINORM 93/13A, Exhibit II) of Codex Alimentarius Commission. Each line in the Main Form corresponds to one identified hazard. The hazard line consists of the following fields: Type of object Object Type of hazard Hazard Source of hazard Risk (Risk) acceptability Adjustments - Interface Field chooser several hidden columns with the hazards parameters (Likelihood, Severity, Justification) might be made visible in Main Form. The Main Form is filled with hazard records indirectly, upon entering hazard records in Analysis mode.
Settings
Type of Hazard Names of hazards (risks) are defined in this tab. Three classical hazard types advised by HACCP include microbiological (M), chemical (C) and physical (P) factors. Any other hazard types (e.g., Quality (Q), etc.) can be inserted. A hazard type may be deleted (Delete) only if no hazards of the selected type is identified in Hazard Identification mode. Likelihood Levels of hazard likelihood are entered (a numerical value, concise explanation and explaining comments if necessary). The program allows entering up to 10 levels of hazard effects probability ranging from 1 (the lowest probability) to 10 (the highest probability). Numerical values entered in this form as hazard effects probability will be used in the Risk Evaluation tab during the course of hazard significance calculation. Severity Levels of hazard severity are entered (a numerical value, concise explanation and explaining comments, if necessary). The program allows you to enter up to 5 levels of the severity of hazard effects ranging from 1 (the lowest level) to 10 (maximum impact of the hazard occurrence). Numerical values entered in this form as hazard effects probability will be used in the Risk Evaluation tab during the course of hazard significance calculation. Risk evaluation The formula that will be used for the calculating risk level (Analysis mode) is selected.
Database
ISOSYSTEMPLUS has its own self-learning knowledge base a set of the following tables to store auxiliary records entered in the database: Hazard Source of hazard Control Measures Measurement rate Measurement Unit
68
Control parameter Validation object PRP Records in these tables facilitate the process of filling the programs database by minimizing the necessity of entering the same record several times. This also means that the HACCP plan and Food Management system becomes more consistent and non-contradictory. Records can be added to the database either directly (Settings - Database), or indirectly during the course of filling out forms in Analysis mode.
PRP
Organization shall develop, implement and maintain pre-requisite programs . (Ch. 7.2.1, ISO 22000:2005). List of PRPs which are included in the FMS is presented in the form. New PRP are added (click Add) either by selecting the required record from the list of control measures defined in Database mode or by typing the name of the new PRP and confirming the new record adding with pressing the Enter button. Description Scope of application Double clicking these fields opens up the corresponding forms to enter relevant information and define the corresponding reference documents (if applicable). Control measures Requirements Approval Verification Validation Information describing the corresponding aspect for each PRP is entered in these forms. Report Generating the document-report that contains all PRPs information entered in this form.
Preparation
Food Safety Management Group Policy A document with the organizations Food Safety Policy is selected. Resources Determination of resources needed for a functioning Food Safety Management system. Appointment Food Safety Management Group A document stating that top management formally appointed members of the Group, its leader and allocated the necessary resources. Food Safety Group Leader Group Leader is selected from the list of all program users. The users are automatically displayed in the first line of the Group Members form (see below) Food Safety Group Leader Members of the Group are listed.
69
Training Depressing the button opens up the Training module in which information on training for users members of Food Safety Management Group is entered. Description Product A comprehensive description of the foodstuff is created, including relevant information on its safety, e.g., formula, physical/chemical composition (including water base activity Aw, acidity level pH and the like), types of treatment (heat treatment, freezing, salting, smoke-drying etc), packing, shelf life, storage conditions and delivery method. Any supposed product use must be based on an analysis of product consumption by the end user. If necessary, the most vulnerable population groups (children, pregnant women, diabetics and the like) must be considered separately. Products that are covered by the Food Safety Management System are listed in the grid (Add adds a new product record). Clicking the buttons in the left part of the form opens corresponding forms to describe any entered products in conformity with the product description methodology recommended by HACCP. Each opened form provides an opportunity to enter any comments and to refer to a document containing the product description: General information Ingredients Product parameters relevant to its safety (Aw, pH, etc.) Primary/secondary/transport packaging Storage conditions Transportation conditions Shelf life Special marking Preparation for consumption Vulnerable population groups Hazards of improper use Label information Raw materials Raw materials used to manufacture food products should be described. Raw material records are added in the Raw materials list (Add - add a new product record). Clicking the buttons in the left part of the form opens corresponding forms to describe raw materials in conformity with the description methodology recommended by the standard. General information Ingredients Storage conditions Transportation conditions Shelf life Information on the label Report Clicking this button generates a document-report containing all the information about the product/raw materials entered in the Product Description mode forms. Deleting a product record A product record may be deleted from the database provided that all records referring to the product record are also deleted. Those records are characteristics of the products (Product Description), operations, the production cycle for the product (Process Diagram), as well as any hazards identified for all stages and operations of the production process for the product (Hazard Analysis mode). Process Diagram Product The product which a process diagram to be constructed for is selected in the products list.
70
Processes Records of processes that comprise manufacture/warehousing/delivery of the product to the end user are listed in the grid. The name of the process, a reference to the document (if any) that contains the process flowchart and the date of validation of the flow-chart are defined in fields of the grid. The flow-chart of a process has to be validated on its conformity to the real process steps with a planned regularity; all members of the HACCP team must participate the validation; the date of validation should be registered. Process steps For each process listed in the Processes grid, steps (operations) comprising the process are listed. Operations should be entered sequentially, i.e., an operation occurring before all other operations in a real process must be entered first in the list, etc. The Insert option in the right-mouse click context menu allows for inserting an operation record between the already entered records. Inputs and Outputs A process step (operation) consists of several components: inputs to an operation (e.g., products undergoing any changes during the operation), the operation itself (process providing a desirable change of input product) and outputs (products obtained as a result of changes in the input product). All these components might become a source of hazards; therefore, in compliance with HACCP requirements, they must be included into a process diagram and duly analyzed for the presence of a hazard. The inputs and outputs are to be listed for each operation in the Inputs and Outputs grid (Add Add input/output of the operation. In practice, the product-output of an operation may form the product-input of another operation (and vice versa). When an input is being added to the grid, one can select the input from the drop-down list of outputs (which were added earlier) or type the name of a new input. (And vice versa the output can be either selected from a list of inputs or typed from scratch). All inputs, operations and outputs entered in the grid, will be deemed as the process stages in the next step (Hazard Analysis). Deleting an operation record An operation record may be deleted from the tab only provided that no hazards are identified for this operation. If such hazards are identified and listed in Hazard analysis for an operation, the operation record may be deleted only after deleting the relevant hazard record. Diagram A built-in graphical editor for constructing process diagrams (flow-charts). Inputs, operations and outputs can be added to the database using the editor in graphical way or they can be added to the database in a tabular way by filling in the corresponding grids in the Process diagram form. Process stages are added to the database by selecting the appropriate options from the context menu that appears upon right clicking the work area of the Diagram form. To construct the flow-chart from scratch, an empty field is clicked, the Add operation option is selected from the drop-down menu. A rectangle with the name 1.New appears inside. The first operation name is typed in the rectangle. Two options are available afterwards: Right click on the level of the first operations rectangle to open the context menu with the operations (Add - Above/Below or Delete (operation). Right clicking above or below the level of the first operations rectangle opens a context menu with products inputs/outputs of the operations OK - saves the information entered, Cancel exits without saving. Refresh item from the menu updates and centers the constructed flow-chart in the work window. Deleting the operations linked to inputs/outputs results in deleting the linked inputs/outputs.
Analysis
The first product/process combination, the stages of which will be hazard-analyzed is defined in two fields in the upper part of the form.
71
Hazards identification
A list of all hazards that - with reasonable probability - may emerge at each stage of production, processing, packing and delivery of a foodstuff up to the moment of its consumption should be created. Process Add Step: process steps for which hazard analysis will be conducted are selected from the list of steps defined in the Process diagram mode. Hazards Select a record of the step Click Add Hazard select the type of hazard, hazards name and source (from the lists defined in Database mode). If there is a need to enter a new hazard name/source the information can be typed and entered by pressing the Enter key.
Hazards assessment
Risk Select the hazard record. Add Risk risk evaluation. The Hazard Assessment concept is of great importance for further hazard analysis. Since a rather large number of hazards can be identified for each foodstuff (its ingredients and production process stages), the likelihood and severity of each hazard origin has to be appraised to separate hazards with acceptable risks from those with unacceptable risks. If the probability of a given hazard is rather small, or the effects of such hazard will not constitute a considerable damage to consumers health, the risk of occurrence of such hazard is deemed acceptable and such hazard is excluded from further analysis (Critical Control Points determination) bearing in mind the rational distribution of limited resources of the organization and focusing attention at hazards with an unacceptable level of risk only. The hazard risk is determined by means of selecting likelihood values of the hazard occurrence and severity of the hazard consequences if it occurs. The combination of the values selected results in a quantitative value of the hazards risk. Then the conclusion is made whether the calculated risk value is acceptable (Yes No options). Information explaining why the calculated risk is considered acceptable is entered in Justification of analysis field.
Control measures
All identified hazards must be managed. Thus certain control measures have to be applied to all process steps for which hazards with unacceptable risk levels have been identified. Select the hazard record Add Control measure select a control measure (from the list of measures entered in the Database Control measures grid) or enter the new measures name. After application of a control measure the residual risk has to be evaluated in the same manner as was done for the hazard prior to application of the control measure. Select the control measure record. Add Risk risk evaluation. Steps of determination of control measures and consequent risk evaluation can be repeated as many times as it is considered reasonable. Hazard records with unacceptable residual risk are highlighted in red as is the process step record for which the hazard is identified. Records of those process steps for which residual risk of identified hazards after application of all control measures still remains unacceptable are transferred for further analysis Determination of Critical Control Points or CCP mode.
72
CCP
At this stage of hazard analysis special process steps called Critical Control Points (CCP) are identified. CCPs are stages or operations of a production process that should be managed so that, as a result of applied control measures, the risk of a hazard may be prevented, eliminated or reduced to acceptable level. CCP must be defined for those process stages where hazards with unacceptable risks have been identified. Process steps with hazards with acceptable risks are to be managed within the framework of pre-requisite programs (Training, GMP, Sanitary&Hygiene, etc.); they are excluded from the further hazard analysis. Hazards with unacceptable risk As mentioned above, only hazards for which residual risk after application of all control measures still remains unacceptable are listed in this grid. CCP determination implies application of a CCP decision tree algorithm to such hazards to determine whether the process step with the hazard is a Critical Control Point or not. CCP determination Clicking the button starts up a dialog to apply the particular CCP decision tree algorithm to the hazard selected in the grid. Two decision trees are developed for different process steps. Decision Tree 1 (offered in 1992 by the National Advisors Committee on Microbiological Criteria of Foodstuffs USA (NACMCF) and approved by Codex Alimentarius Commission) is used for analysis of process steps mainly operations Decision Tree 2 is recommended mostly for analysis of process steps involving raw materials Based on answers (select between Yes/No options) in a dialog box a particular conclusion is made - whether the process step is a CCP or not. Hazards identified as a CCP are to be controlled within HACCP plan, hazards for which CCPs are not identified are to be controlled further within oPPM plan. Report Generates a document-report presenting the results of the CCP determination conducted.
Control
Up to now, a considerable amount of time has been allotted to hazard analysis determination of CCP. Potential hazards were identified and the risk of their effects has been evaluated and assessed. Control measures for efficient control of hazards have been defined. Finally, process stages have been identified, to which particular control/preventive measures must be applied to eliminate or reduce the risk of hazard effects to an acceptable level (Critical Control Points or CCP). At this stage all identified control measures should be studied and categorized to decide whether they will be managed using oPRP or HACCP Plan. Clicking the Control button in the left vertical blue area opens up the corresponding Control form. Control Measures This grid contains records of control measures identified for the hazard record that was selected in the Main Form when the Control button was clicked. For control measures to be managed within oPRP Plan, Monitoring procedures, Corrective Actions and Validation procedures must be determined. For control measures to be managed within HACCP Plan, Critical Limits, Monitoring, Corrective Actions and Validation procedures must be determined.
73
Critical Limits Add Parameter adds a parameter record to be measured (managed). The measurement unit is selected from the drop-down list; values of critical and working (operations) limits are defined in the corresponding fields. This grid is available for filling out only for control measures classified as Plan HACCP. Monitoring Add Monitoring description of monitoring, its frequency and the user responsible for monitoring are entered in the grid. Relevant document(s) describing the monitoring methods can be selected in the Documents grid. Documents/records confirming that monitoring actions have been performed as planned are defined in the Documents grid. This grid is available for filling out control measures classified as oPRP or Plan HACCP.
Corrective Actions If CCP monitoring shows that critical limits set are exceeded definite corrective actions should be undertaken to get the CCP back under control. The actions undertaken/results must be recorded. Add Corrective Action - description of corrective actions and user responsible for carrying them out appropriately are entered. Relevant documents/records can be defined in the Documents grid. Documents/records confirming that corrective actions have been performed as planned are defined in the Documents grid. This grid is also available for filling out control measures classified as oPRP or Plan HACCP. Validation Validation is about actions to test that the process with the Critical Limits set eliminates the hazard. If a hot deli serving table is to maintain food above 140F, then validation proves that it does. Add Validation name of the action, user responsible for carrying out the action, planned date for completing the action, and a Yes/No value (field Done?) that confirms the validation has been completed are entered in this tab. Documents/records confirming the validation actions are defined in the Documents grid. This grid is available for filling out control measures classified as oPRP or Plan HACCP.
Review
The Food Safety Management system should be reviewed on a regular basis. The review should be carried out in Food Safety Management Group meetings. Food safety Management Group meeting Add Add meeting corresponding fields. Meeting participants Add Add participants participants of each meeting are listed in the Group meeting grid and defined in the Participants grid. Decision This button opens the Decision form. Information about decisions taken during Group meetings (Add Add decision), and the user responsible for executing the decisions made (Add Add responsible), are entered in the grids of the form. Report Generates the document-report containing all the information entered in the forms of the Review mode. meetings date is defined; subject of the meeting is entered in the
74
Hazard Control
This mode allows users to quickly find hazard records by filtering them from the total list of hazards entered in the Main Form using various selection criteria. When clicking on a field, nearby there is a button with the name of the parameter in a drop-down list containing values of the parameter. Upon selecting one of the values from the list and clicking the Display button a list of records filtered by the selected value is displayed.
Risks
This module is dedicated to develop the risk management system in accordance with requirements of ISO 14971:2000. Basically, the Risks module is the Risk Management File as it is described in Ch. 3.6 of the standard. Each line in the Main Form corresponds to one identified hazard. The hazard line consists of the following fields: Object Objects lifecycle stage Hazard Hazardous situation Harm Risk (value) Risk acceptability Adjustments - Interface Field chooser several hidden columns with the hazard parameters (Likelihood, Severity, Justification) might be made visible in Main Form. Hazard records in the Main Form are added after filling in forms in the Analysis mode. The vertical blue field in the Main Form contains the following command buttons Settings Database Basics Analysis Review Report It is recommended to start filling in the database in the module from the Settings mode forms.
Settings
Type of hazard Hazard types (e.g., chemical, physical, microbiological, etc.) are listed in the tab. Type of object Objects types are listed in the tab. Type of requirement Types of requirements (legal, operational, financial, customers requirements, etc.) applicable to the risk management system (Ch. 3 1 ISO 14971) are listed in the tab. Lifecycle stages Names of life cycle stages which will be used in determination of responsibilities (p. 5 ISO 13485, p. 3.3 ISO 14971) and at risk analysis stage (par.4 ISO 14971).
75
Probability Levels of probability of hazard occurrence are entered (numerical value, concise explanation and comments if necessary). Up to 5 levels of probability can be entered; they will be used in risk analysis mode. Severity Levels of severity of hazard occurrence consequences are entered (numerical value, concise explanation and comments if necessary). Up to 5 levels of probability can be entered; they will be used in risk analysis mode. Risk estimation Risk calculation Selection of appropriate formula (combination of probability and severity) to calculate the risk at the risk estimation stage.
Database
Records in the tabs of this mode are added either directly, or during adding the records in Risk analysis mode. Sources of hazard List of sources of hazards to be used in Risk analysis mode. Hazards List of hazards to be used in Risk analysis mode. Sequence of events List of names of sequence of events to be used in Risk analysis mode. Harms List of names of harms to be used in Risk analysis mode. Control measures List of control measures to be used in Risk analysis mode
Basics
Objects Description of devices objects of risk analysis (par 4.2. ISO 14971). Objects List of devices which the risk analysis will be applied to. Information about intended use of each object is entered in the table (par 4.4.2 ISO 14971). Documents Documents describing the objects listed are selected. The report Technical file is made up based on the information entered in this tab. Plan (Risk management plan) Pop-up list of 5 positions: Scope of the plan, Verification plan, Responsibilities, Action analysis requirements, Risk acceptability criteria. Information required by par. 3.5 14971 is entered in the corresponding forms. These data will be used for composing the Risk management plan report. Report Generating three reports: 1. Accompanying documents 2. Technical file 3. Risk management plan The reports are made up for each object separately.
76
Responsibilities Policy Selection of the document that contains the Safety Policy of the organization (par 5.3 ISO 13485). Process Risk management process is selected (par. 3.2 ISO 14971). Management Appointee Selection of the user appointed as a Management Appointee. Responsibility Determination of responsibilities of each management level, and documents describing the responsibilities (par. 5 ISO 13485). Goals Goals Lists of goals for the management system (par. 5.4.1 ISO 13485). Target parameters Parameters (quantitative) to be achieved and planned date of achieving the parameters are entered for each goal listed. Monitoring of results achieved Monitoring of achieving the parameter planned are entered. Date of monitoring, actual results achieved, conclusion on achieving the goal planned (Yes or No) and in case of No comment (corrective action) are entered in fields of the grid. Report Generating a document-report that contains all information entered in the tab. Resources Resources Listing of resources required for functioning the management system (par. 6 ISO 13485) . Required resources Resources required to make the process running are defined in the grid. Date of allocation the resource, amount of the resource to be allocated and comment (if necessary) is entered in the corresponding fields of the grid. Allocation of resources Results of monitoring of actual amount of resources allocated are entered in the grid: date of monitoring, actual amount of resource allocated, conclusion on allocating the planned amount of resource (Yes/No format) and comment (if necessary) are entered in the grid. Report Generating a document-report that contains all information entered in the tab.
Analysis
The following risk analysis algorithm is realized in ISO-MED (in accordance with ISO 14971 requirements): Identification of hazard Identification of sequence of events Identification of hazardous situation and harm Identification of risk Risk evaluation Application of control measures Residual risk evaluation Risk:benefit analysis Overall residual risk evaluation
77
Identification of hazards Performing the analysis User performing the analysis and the date of the analysis are defined (par. 4.1 ISO 14971). Objects Selection of objects for which risk analysis will be conducted. Hazard identification For each combination Type of object Object Life cycle stage hazards (sources of potential risks) are determined (hazard type, hazard name, hazard source). Sequence of events For each identified hazard sequence of events are identified. Hazardous situation Harm For each identified sequence of events potential hazardous situations and harm are identified. Estimation of risk Values of probability of the harm occurrence and severity of its consequences are selected (par.4.4 ISO 14971). By the risk calculation formula the quantitative risk level is calculated, and the conclusion about acceptability of the risk is made. Combinations Hazardous situation Harm for which risk is acknowledged as unacceptable (value No in Acceptability field) are passing on to the next step of risk analysis (they are transferred in the tab Control measures). Export to Excel Exporting data entered in Risk analysis mode into Excel file. Control measures Hazards This table contains records of harms with unacceptable level of risk. The risk should be minimized by applying appropriate control measures. Control measures For each hazard with unacceptable level of risk control measures reducing the risk are defined (par. 6.3 ISO 14971). Verification Verification of implementation the control measures is required to make sure that provided that the measure is implemented the risk is reduced to acceptable level (par. 6.3 ISO 14971). User responsible for the verification, verification date and confirmation of the verification are entered. If the verification is not made (mark No in the Completed? field) by the planned date the red blinking message appears in the left bottom part of the Main Form. Residual risk evaluation After applying identified control measure(s) the residual risk should be evaluated to determine whether the implemented measures have made the risk acceptable (par. 6.4 ISO 14971). The evaluation is performed in the same way (determining hazards probability and severity and calculating the risk). If the residual risk is determined as unacceptable, there may be two options: Identification/applying of other control measure(s) to reduce the risk further. Risk/benefit analysis (par. 6.5 ISO 14971). Other generated hazards It is recognized that risk control measures alone or in combination might introduce a new and sometimes quite different hazard. Thus risk control measures should be analyzed to identify threat of generating other hazards by the measures and assess related risks (par 6.6. ISO 14971) Hazardous situations This tab contains records of hazardous situations/harms identified at the Hazard Identification stage of Risk Analysis process. The records in the grid can not be changed in this tab. Identification of generated hazards. This tab contains records of hazards and associated control measures determined at the Control measures stage of risk analysis. For each applied control measure other hazards/sequence of
78
events/hazardous situations/harms which might be caused with the application are determined, the risk is calculated. If the residual risk is determined as unacceptable, the hazard is assessed at the next step of the risk analysis process - Risk/benefit analysis (par. 6.5 ISO 14971). Risk/benefit analysis There will be some occasions where the risk associated with a medical device is greater than would be generally accepted. The manufacturer should be able to provide a high-risk device for which careful evaluation is done and to show that the benefit of the device outweighs the risk. Hazards Records of hazardous situations/harms with unacceptable risk level determined at the stages Control measures and Other generated hazards are listed in the grid; the records in the grid are fixed and can not be changed. Risk/benefit analysis All risk and benefits associated with the device usage are determined and listed in the grid. Overall risk residual evaluation During the process of risk analysis manufacturers identify hazards, evaluate the risks, and implement risk control measures in their design one at a time. This is the point (par. 7 ISO 14971) where the manufacturer has to step back, consider the combined impact of the individual residual risks, and make a decision as to whether to proceed with the device. It is possible that the overall residual risk can exceed the manufacturers criteria for acceptable risk, even though individual residual risks do not. This is particularly true for complex systems and devices with a large number of risks. Even if the overall residual risk exceeds the criteria in the risk management plan, the manufacturer has one last opportunity to do an overall risk-benefit evaluation to determine whether a high risk, but highly beneficial, device should be marketed. Approval The user (manager) who approves the eventual conclusion about acceptability of the overall residual risk is defined in the field. This user can define the values Yes No in the fields Acceptable? and Done? in this grid. as well as the approval.
Review
It cannot be emphasized too often that risk management does not stop when the device goes into production. Risk management is an imperfect process because it is based on an idea with no physical manifestation of the device. Risk estimates can be refined throughout the design process and made more accurate when a functioning prototype is built. However, no amount of modeling can substitute for an actual device in the hands of actual users. This is where all the potential hazards become real. Because of this, manufacturers should monitor post-market information for things that may affect their risk estimates and, therefore, their risk management decisions. With this post-production information, the risk management process truly becomes a repetitive closed-loop process. Risk management is an evolving process and periodic review of the risk management activities is needed to ascertain whether they are being carried out correctly, to rectify any weaknesses, to implement improvements, and to adapt to changes. (par. 3.3, d) ISO 14971). Management group meetings List of management group meetings is entered in the grid. Date of the meeting and its participants are determined for each meeting listed. Decision The decisions taken at the meetings(s) are entered in the form. Execution date and the user responsible for the execution of the decision taken are defined for each decision. Completed? field contains a mark (Yes/No) signaling on a fact of execution of the decision taken. If the decision is not executed by the date planned the overdue decision records is painted with red.
Report
Document-report Management review is generated.
Hazard management
79
Filtering of hazard records in the Hazards Main Form by the following parameter(s): Type of object Object Hazard type Hazard source Hazard Risk acceptability of the hazard (Yes No)
Monitoring of fulfillment the actions planned

A message displayed in the left bottom part of the Hazards Main Form signals about number of overdue in Control measures and Review - Decisions modes. The application continuously compares the following parameters: Mode Control measures - System PC date; - Planned date of verification of the control measure implementation - Value Yes/No in the Done? field Mode Review - Decisions: - System PC date; - Planned date of execution the decision taken - Value Yes/No in the Done? field If the planned date exceeds the system PC date and the value No is defined in the Done? field the action record is considered overdue and marked with red in interfaces of Coordinator and user(s) responsible for execution the action planned.
Threats
This module is dedicated to develop the risk management system as a part of comprehensive information security management system (ISMS) in accordance with ISO 27001:2005 requirements. Each line in the Main Form corresponds to the identified threat. The line consists of the following fields: Type of asset Asset Assets vulnerability Type of threat Threat Source of threat Risk (value) Risk acceptability Records of threats in the Main Form are added after filling in Risk Analysis forms in the Analysis mode. The vertical blue field in the Main Form contains the following command buttons Settings Database Basics Analysis Review Report
80
It is recommended to start filling in the database in the module from the Settings mode forms.
Settings
Type of threat Types of threat (e.g., chemical, physical, legal, etc.) are listed in the tab. Type of asset Types of assets which risk assessment procedure will be applied to are listed in the tab. Type of requirement Types of requirements (legal, operational, financial, customers requirements, etc.) applicable to the ISMS are listed in the tab. Records in these three types tabs could be added either directly in the tabs or while filling in Analysis mode forms. Value Levels of asset value are entered (numerical value, concise explanation and comments if necessary); will be used for risk calculation purposes in the risk estimation mode. Probability Levels of probability of threat occurrence are entered (numerical value, concise explanation and comments if necessary); will be used for risk calculation purposes in the risk estimation mode. Severity Levels of severity of threat occurrence consequences are entered (numerical value, concise explanation and comments if necessary); will be used for risk calculation purposes in the risk estimation mode. Risk analysis Risk evaluation Risk calculation formula (combination of probability, severity and value of asset) to be used for risk estimation purposes in Risk analysis mode is selected. Threat:vulnerability Selection between two possible approaches for identification of the ISMS vulnerabilites and threats in the course of Risk analysis. One threat one vulnerability or One threat many vulnerability. Depending in the option selected in this form, the tabs in Analysis Risk analysis mode will have different design (see Risk Analysis).
Database
Records in the Database tabs could be added either directly in the tabs or while filling in Risk analysis forms. Source of threat List of sources of threats (will be used in Risk analysis mode). Corresponds to the list proposed by ISO_IEC_TR_13335-3. Threats List of threats (will be used in Identification of threats mode). Corresponds to the list proposed by ISO_IEC_TR_13335-3. Vulnerabilities List of vulnerabilities of the ISMS that might be exploited by threats (will be used in Identification of threats mode). Corresponds to the list proposed by ISO_IEC_TR_13335-3. Controls Controls tree structured list of control sections, control objectives and controls of the organizations ISMS (as defined in ISO 27001:2005, Anex.1).
Basics
81
Assets The form contains information about assets which the risk assessment procedure is applied for. Assets The list containing types/names of assets, assets owners, necessary comments. Documents List of documents/files/comments describing the asset listed in the Assets grid. Report Asset report containing all information about the highlighted asset is generated. Excel Exporting all data entered in the form into Excel file. Responsibilities Policy The document that contains ISMS Policy of the organization. Process The process of risk assessment that is implemented in the organization is selected. Management appointee Selection of the appropriate user Management Appointee. Responsibility Responsibilities of each management level as well as corresponding documents are listed in the grid. Goals Goals Lists of goals for the organizations ISMS. Target parameters Parameters (quantitative) to be achieved, together with planned dates for achieving the parameters are entered. Monitoring of results achieved Monitoring of achieving the parameters planned. Date of monitoring, actual results achieved, conclusion on achieving the planned target (Yes or No) and in case of No comment (corrective action) are entered in fields of the grid. Report Generating a document-report that contains all information entered in the tab. Resources Resources Listing of resources required for functioning the ISMS. Required resources Resources required to make the process running are defined in the grid. Date of allocation the resource, amount of the resource to be allocated and comment (if necessary) is entered in the corresponding fields of the grid. Allocation of resources Results of monitoring of actual amount of resources allocated are entered in the grid: date of monitoring, actual amount of resource allocated, conclusion on allocating the planned amount of resource (Yes/No format) and comment (if necessary) are entered in the grid. Report Generating a document-report that contains all information entered in the tab. Requirements List of requirements to be met by ISMS outcomes.
Analysis
82
The mode consists of two functions: Risk analysis and SOA. Risk analysis Performing the assessment User who performed the risk assessment is selected; the assessment date is defined. Assets One threat one vulnerability Combination Type of asset Asset for which threats/vulnerabilties will be deternined on the next stage of the Risk Analysis process are identified in the grid One threat many vulnerabilities Vulnerabilities related to assets are identified in the grid (combinations Type of asset Asset Vulnerability are selected). Identification of threats One threat one vulnerability For each combination Type of asset Asset the assets vulnerabilities are determined as well as the threats which can exploit the identified vulnerrabilies (type of threat, name of threat, source of threat). One threat many vulnerabilities For each combination Type of asset Asset Vulnerability threats which can exploit the vulnerabilities identified in the Assets grid are determined (type of threat, name of threat, source of threat). Risk estimation Values of probability of the threat occurrence (or, in other words, ease of exploitation of the identified vulnerability by the threat), severity of the threat occurrence consequences and/or value of the asset are selected. Selected numbers results in the quantitative risk value calculation (using risk calculation formula defined in Settings mode). A conclusion regarding acceptability of the risk (Yes No selection) is made in Acceptability field. Those threats for which risk level is defined as unacceptable (value No is selected in Acceptability column) are considered on the next step of risk assessment process (they are transferred to the Controls tab). Export to Excel Exporting all data entered in Risk analysis mode into Excel file. Controls Threats This table contains records of threats with unacceptable risk level determined on the first stage of risk assessment (Identification of threats). The records in the table can not be changed. Controls For each threat with unacceptable risk level corresponding controls reducing the risk (Control Section, Control Objective and Controls itself) are identified. Verification Verification of implementation of the planned controls is required to make sure that - provided that the control is implemented - the risk is effectively reduced. User responsible for the verification, verification date and confirmation of the verification are selected. If the verification is not made (mark No in the Completed? field) the red alarm message appears in the bottom left part of the Main Form of threats. Residual risk evaluation After implementation of controls the residual risk should be estimated to determine whether the implemented measures have made the risk acceptable. The evaluation is performed in the same way as before by defining the threats occurrence likelihood, severity and assets value and by the corresponding risk value. If the residual risk is determined as unacceptable, there may be two options:
83
Identification/applying of another control to reduce the risk further. Risk/benefit analysis as the last step of the Risk Assessment process. Export to Excel Exporting data entered in Risk analysis mode into Excel file. Risk/benefit analysis There will be some occasions where the risk associated with an assets utilization is greater than would be generally accepted. The organization should be able to provide such high-risk assets with careful risk:benefit evaluation and show that the benefit of the asset outweighs the risk. Threats The threats with unacceptable risk level determined after the second - Controls - step of risk assessment process are listed in the grid and can not be changed. Risk/benefit analysis All risk and benefits associated with the asset utilization should be determined and listed in the grid. Overall risk residual evaluation During the process of risk analysis the organization identifies threats, evaluates the risks, and implements risk controls. This is the point where the organization has to step back, to consider the combined impact of the individual residual risks, and to make a decision as to whether to proceed with the asset further. It is possible that the overall residual risk can exceed the organizations criteria for acceptable risk, even though individual residual risks do not. This is particularly true for complex systems and assets with a large number of risks. Even if the overall residual risk exceeds the criteria in the risk treatment plan, the organization has one last opportunity to do an overall risk-benefit evaluation to determine whether a high risk, but highly beneficial, asset should be utilized/marketed. Approval The user (manager) who approves the eventual conclusion about acceptability of the overall residual risk is defined in the field. This user can change the value Yes No in the fields Acceptable? and Done? in this grid as well as the approval. Export to Excel Exporting data entered in Risk analysis mode into Excel file. SOA The function helps making up the organizations SOA in a comprehensive and effective way. Controls Controls List of ISO 27001:2005 controls ias defined in Database Controls mode is presented. Applicability Those controls which have been referred to during Risk analysis mode are checked. User can check any other controls if applicable. Owner User - owner of the control/control process is selected from the list of users. Comment Applicable comment is entered. Documents The document(s) describing the control is (are) selected. Report SOA Generating SOA report. Documents Generating Documents report which demonstrates links between documents and controls Export to Excel Exporting data entered into Excel file.
Review
84
Risk management is an evolving process and periodic review of the risk management activities is needed to ascertain whether they are being carried out correctly, to rectify any weaknesses, to implement improvements, and to adapt to changes. Management group meetings List of management group meetings is entered in the grid. Date of the meeting and its participants are determined for each meeting listed. Decision The decisions taken at the meetings(s) are entered in the form. Execution date and the user responsible for the execution of the decision taken are defined for each decision. Completed? field contains a mark (Yes/No) signaling on a fact of execution of the decision taken. If the decision is not executed by the date planned the overdue decision records is painted with red.
Report
Two reports - Statement of applicability and Risk analysis - are generated.
Threat management
Filtering of threat records in the Hazards Main Form by the following parameter(s): Type of object Object Hazard type Hazard source Hazard Risk acceptability decision on a threat (Yes No)
Monitoring of fulfillment planned actions

Message displayed in the bottom part of the Hazards Main Form signals about the number of overdue controls verification, risk:benefit analysis conclusion approvals and management meetings decisions. The application continuously compares the following parameters: Mode Controls - System PC date; - Planned date of verification of the control measure implementation - Value Yes/No in the Done? field Mode Risk:benefit analysis - System PC date; - Planned date of management approval of the analysis conclusion - Value Yes/No in the Approved? field Mode Review - Decision: - System PC date; - Planned date of execution the decision taken - Value Yes/No in the Done? field If the planned date exceeds the system PC date and the value No is defined in the Done? field the action record is considered overdue and marked with red in interfaces of Coordinator and user(s) responsible for execution the action planned.
85
ISOsystemPlus demo-mode
The following limitations are imposed while working with ISOsystemPlus in demo-mode vs. license mode: 1. Number of records which can be entered in the database is limited (15 document records, 10 correspondence records, 8 processes records, 15 threats records, etc.). These numbers are displayed in headers of the corresponding modules forms. 2. Name of the company presented in headers of all reports (ABC Limited) can be neither changed in demo-mode. 3. Reports generated by the application can be converted into -.doc or -.xls files only in license mode. The only one report (Documents Report) can be converted in -.doc or -.xls file in demomode. All other functional capabilities and features of the application in demo- and license modes are similar. Number of start-ups and time of testing the application while working in demo-mode is not limited either. Good luck!
86

Iso System Plus User Manual

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Iso System Plus User Manual

Uploaded by

Copyright:

Available Formats

ISOSYSTEMPLUS

LAUNCHING APPLICATION ........................................................................ 10

GENERAL FUNCTIONS .................................................................................. 11

LETTERS (CORRESPONDENCE) ................................................................. 27

ISOSYSTEMPLUS DEMO-MODE ............................................................. 86

Installing/configuring the application

Checking for updates

User Identification Field

Monitoring of carrying out planned actions

Adding a single new document record

icon in the Documents Main Form in Admins interface.

icon in the user's

Creating new file

Uploading new file onto a server PC

WRAP-UP: ADDING NEW DOCUMENT IN THE DATABASE

Adding new record

Creating new file (letter)

Adding related record

Other general functions

Monitoring of carrying out actions planned

Adding a Basic process

Adding a Complex process

Monitoring of Execution of Planned Actions

Monitoring of execution of actions planned

Monitoring of execution of actions planned

Approach to handle the complaint

Directing the complaint to the responsible user Initial review

Complaint is directed to a user responsible for its further handling

Review of complaint, taking a decision on actions needed to handle the complaint

Involving other users into review

Advising the responsible user

Closing the complaint

Monitoring of execution of actions planned

Source of non-conformity - Audits

Source of non-conformity is non-Audits

Quantitative evaluation of a non-conformity

Monitoring of fulfillment of actions planned

Monitoring of fulfillment of actions planned

Monitoring of fulfillment the actions planned

Monitoring of fulfillment planned actions

You might also like