Search results

Home / Search

Category:
Select
Select

11275 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Task Link Issue

    Please note that regardless of whether you use the wizard to review or approve the document or not at the time of receiving the document review task, the checkpoint for the definition of the date of the next review is the date of approval of the document.

    This means that the tasks are created every x months (depending on what you have defined as the update frequency in the properties tab) from the date of approval.

    For example, if you have approved the document on March 1, 2021, and the update frequency is 6 months, then a new review task will be created every 6 months from March 1, regardless if you proceed with the review through the wizard or not.

  • Document Set

    The Advisera GDPR toolkit includes all the necessary documents needed for you to complete your GDPR-compliance journey. Since you are processing special categories of personal data (health data), I recommend performing a Data Protection Impact Assessment, per Article 35. As part of the Advisera GDPR Toolkit, there is a DPIA Methodology document that can help you. Also, you need to consider informing the data subjects affected by these transfers. As part of the GDPR Toolkit, there are templates for Privacy Notices.

    As an American company, you need to check whether you are subject to FISA 702 US Regulation. If yes, you need to take additional measures in order to protect EU data, according to Chapter V in GDPR - TRANSFERS OF PERSONAL DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS. The best transfer mechanism to use in this case is the EU Standard Contractual Clauses, per art Article 46 – Transfers subject to appropriate safeguards, but you need to take additional measures such as encryption of data-at-rest and in-transit, with a key stored on a server in EU.

    The risks would be clearly reduced if you have full storage of data on EU servers managed by an EU organization.

    Please also consult these resources:

  • Risks registered is not effectives

    Thanks for the tips and points to enhance risks registered , however 140 risks is huge no to maintained the risks regardless the treatment, i'm expecting something around 20 risks max to be easly maintainted especiallty the main dimensions for security control under CIA , in addition ISO is not need inssist to include asset on risks handling, 

     

     

  • ISMS

    1. Within the document of the scope of the ISMS in point 3.3 Networks and IT infrastructure, should the network segments, IT Infrastructure (routers, switches, etc.) be fully detailed or is it enough to place a graphic of our diagram network?

    A general description of networks and IT infrastructure, like a diagram network, is enough to include in the ISMS scope document.

    For further information, see:

    2. In the ISMS implementation project plan Doc, point 3.1 Project objective, can the date that is set as a limit be changed as the ISMS implementation progresses, or should that date not be changed once? what has been defined?

    The information in the Project Plan document, such as the implementation date deadline, can be changed as the ISMS implementation progresses. You only need to ensure to get proper approvals and communicate with people affected by the changes.

    3. In the ISMS Implementation Project Plan Doc, point 3.4.2 Project Manager, can two or more people be designated as project manager, or can it only be one person?

    For small projects, only a single project manager should be considered as the main alternative (in many cases there won’t be enough work to justify designating more than one project manager). When more than one is designated, you need to make clear their responsibilities and authorities, to avoid overlap.

    For further information, see:

    4. In the ISMS implementation project plan Doc, point 4 Management of saved records, within the table is only the project plan document detailed or should all the documents that are of the ISMS be detailed (e.g. scope document , security policy, etc.)?

    In section 4 of the Project Plan document, you need to include only the documents related to the management of the project, not the project’s deliverables. Project progress reports are examples of records related to this section.

  • Audit questions for purchasing department

    Purchasing name has been changed to ‘’Control of externally provided processes, products, and services’’ in ISO 9001:2015 and IATF 16949:2016 standards.

    Therefore, standard item 8.4 and all 8.4 items show the purchasing process. You should prepare your questions for the purchasing process, including all items of 8.4.

  • ISO 22301 - 4.2.2

    To see a procedure that covers the identification of requirements compliant with ISO 22301, please take a look at this demo: Procedure for Identification of Requirements https://advisera.com/27001academy/documentation/procedure-for-identification-of-requirements/

    The purpose of this document is to define the process of identification of interested parties, as well as statutory, regulatory, contractual, and other requirements related to information security and business continuity, and responsibilities for their fulfillment.

    This article will provide you a further explanation about the identification of requirements (the same concepts apply to ISO 22301):

  • Issue with self-certification process  for class I product according  to MDR

    Thank you so much, so  you don't need to register with each national authority where you are putting your device on the national Market

  • Excluding Clause 7.3 (Design and development) from QMS

    If you do not develop completely new products or new services, then it is possible to exclude requirement 7.3. In other words, any change or adaptation of the product, creation of a new version of the product, or development of a new service means that requirement 7.3 is applicable.   

  • Safety Practice in Mining Sector

    I have a question "an organization is AS9100 Rev D certified but organization has no production since one year from any customer then how can compliance of QMS can be interpreted? How internal audits be conducted? How KPI be translated ? What standard say that if an organization have no customer since long time then how QMS compliance be evaluated?

  • Validity of 17025 accreditation

    You asked Once a lab is accredited to 17025, does this expire?

    ISO 17025 accreditation is awarded for a cycle which could vary between two and five years, depending on the discipline and accreditation body’s policies. Before the end of the cycle, the laboratory needs to reapply for accreditation so that a new certificate will be issued before expiry. At this point the assessment will be as if as per original application,  in other words more thorough.

    You also asked are there defined time frames for external audits, eg ever other year or so?

    Yes these are called surveillance assessments. The frequency depends on the accreditation body, but are typically annual. I suggest you engage with the accreditation body to obtain specific information for your laboratory.

    For more information have a look at the Webinar What are the steps in the ISO 17025 accreditation process? [free webinar on demand] at https://advisera.com/17025academy/webinar/what-are-the-steps-in-the-iso-17025-accreditation-process-free-webinar-on-demand/ or attend the next scheduled webinar on that topic.
Page 105-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +