Search results

Business Impact Analysis Methodology

Please note that for some processes or services there are periods when they are more required, or need to provide more outputs, and these should be identified to help determine minimum business requirements.

For example, for a store, sales near commemorative dates (e.g., Christmas, Easter, Valentine’s Day) are considerably higher, and when planning minimum business continuity objectives you should consider them.

For further information, see:

• How to implement business impact analysis (BIA) according to ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-implement-business-impact-analysis-bia-according-to-iso-22301/

Mass pieces

To start off, the balance needs to be calibrated by a calibration laboratory periodically. To ensure that equipment is fit for purpose, namely the balance in this case; and to provide metrological traceability for a test to be performed; the test laboratory must perform intermediate checks to ensure that the calibration is still valid. This is known as verification which is usually performed on use or on a daily basis. The mass pieces used for verification must also be fit for purpose. This means you should have mass pieces that cover the range of use of the balance and have calibration certificates for the mass pieces. This should indicate that they are fit for purpose, meaning the accuracy and the measurement uncertainty is acceptable. Note that there are various classes of weights as per ASTM and OIML that are matched to the class of the balance. See OIML R 111-1 (E) Edition 2004 available at https://www.oiml.org/en/files/pdf_r/r111-1-e04.pdf.  The laboratory must ensure both the balance and mass peices are suitable to provide the resolution and accuracy required.

For more information on associated calibration intervals, refer to ILAC G24:2007 Guidelines for the determination of calibration intervals of measuring instruments (note currently under revision) available for download at https://ilac.org/?ddownload=818 

For more information, have a look at

The article: What does ISO 17025:2017 require for laboratory measurement equipment and related procedures? at https://advisera.com/17025academy/blog/2019/07/25/iso-17025-measurement-requirements-of-the-standard/
The ISO 17025 toolkit document template: Equipment and Calibration Procedure at https://advisera.com/17025academy/documentation/equipment-and-calibration-procedure/

Facilitating training of medical devices organization for their management

A person who performs education about ISO 13485:2016 must have some proof that he/she understands all necessary requirements which are specific to the medical device manufacturer. This proof can be a certificate for the ISO 13485:2016 Lead auditor or experience with work in medical device manufacturers. ISO 13485:2016 has some specifics which can be seen only in that standard, therefore understanding and knowledge of ISO 13485 are necessary.  
 

Appointing a representative

Here you can find more information about Supervisory Authorities:

• EU GDPR: What is it and how does it work? https://advisera.com/eugdpracademy/what-is-eugdpr/
• The obligations of controllers towards Data Protection Authorities according to GDPR https://advisera.com/eugdpracademy/blog/2017/12/11/the-obligations-of-controllers-towards-data-protection-authorities-according-to-gdpr/
• Useful resources for complying with EU GDPR https://advisera.com/eugdpracademy/knowledgebase/useful-links/

If you are interested in implementing EU GDPR compliance, you can consider enrolling in our free EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course/

Microsoft tools for compliance

We are not experts in MS Compliance tool, so what we can suggest you is to ask your IT department to demonstrate how this tool covers each mandatory clause of ISO 27001 (clause 4 to 10) and Controls from Annex A. From this assessment, you can identify if this tool can cover all your needs or if an additional solution is required. 

For example, how does MS Compliance cover the definition of the ISMS scope? Does MS Compliance handle information security competence and awareness? How MS Compliance handles controls A.7.1.1 Screening and A.7.1.2 Terms and conditions of employment?

From MS Compliance documentation made available by Microsoft, it seems that this tool covers a lot of clauses and controls from ISO 27001, but not all of them.

You can also sign up for a free trial in Advisera's ISO 27001 compliance software Conformio https://advisera.com/conformio/ and double-check how the Microsoft tool compares to it.

ISO 27001 certification

For certification against ISO 27701, please note that ISO 27701 was developed as an extension of ISO 27001 and ISO 27002.

Considering that, the most common approaches for implementation are implementing on your own, or implementing on your own with expert support. Each alternatives have their pros and cons, and I suggest you to take a look at this white paper to identify which alternative is best for you:
- Implementing ISO 27001 with a consultant vs. DIY approach https://info.advisera.com/27001academy/free-download/implementing-iso-27001-with-a-consultant-vs-diy-approach

When considering DIY approach, using a specialized platform can help you a lot, and for that I suggest you take a look at our Conformio platform at this link: https://advisera.com/conformio/

If you decide to use a consultant, this article will help you: 5 criteria for choosing an ISO 22301 / ISO 27001 consultant https://advisera.com/27001academy/blog/2013/03/25/5-criteria-for-choosing-a-iso-22301-iso-27001-consultant/

Asset to Vulnerability Error

Please note that the Person Responsible for treating a Nonconformity is defined on a case-by-case basis in the Nonconformity register, because for each nonconformity you may have different persons with interest/skill/ authority to solve it. In the Nonconformity register you will be able to add a person responsible for a particular nonconformity.

In the Procedure for Nonconformities and Corrective Actions, you only define in a generic way that a person needs to be in charge of the nonconformity, so the specific person is defined in each nonconformity.

For further information, see:
- Case study: How to solve nonconformities using online ISO 27001 compliance software https://advisera.com/conformio/blog/2020/08/12/case-study-how-to-solve-nonconformities-using-online-iso-27001-compliance-software/
- Practical use of corrective actions for ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2013/12/09/practical-use-of-corrective-actions-for-iso-27001-and-iso-22301/

Is maintenance required to have a critical parts list?

According to IATF 16949:2016 standard, article 8.5.1.5; critical spare parts should be kept and followed up with a minimum stock level.

When equipment failure and part replacement is required, if the item to be replaced is a hard-to-find and critical item, spare parts should be in stock of the organization.

BIA - The time after which the resource is needed

Your understanding is correct.

When considering all three scenarios at the same time, then you need to adopt the shortest one to ensure all scenarios can be handled in case of disruption.