Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Non-conforming work

    Nonconforming work is an event when an aspect of the laboratory’s activities or results of this work (outcome or actual test results) deviated from what was supposed to happen. It can happen when ever there is a deviation from the laboratory’s own procedures or agreements with a customer. For example, equipment performance was not verified (as required in a procedure) , or incorrect sample storage meant a sample could not be tested.  Another example would be if environmental conditions are found to be out of specified limits and the sample analysis was delayed. This means that even if the sample is stable and the results are not affected, this is still a nonconforming event (work) because the existing control of a risk (temperature) failed and an objective of turnaround time, for example, or customer satisfaction is affected.

    For further information on dealing with nonconformances, see the Article Corrective actions principles and root cause analysis in ISO 17025 at https://advisera.com/17025academy/blog/2020/11/04/corrective-actions-principles-and-root-cause-analysis-in-iso-17025/

    and the Toolkit ISO 17025 templates: 

  • Control procedure

    Writing a new procedure covering the specifics for information security-related documents is acceptable to fulfill ISO 27001 criteria.

    Another possibility is you adjust your current document to define the specification for information security. For example, you can write:

    • “QMS documents are approved by [job title responsible for QMS], and ISMS documents are approved by [job title responsible for ISMS]
    • Information Classification levels are applicable only to ISMS documents
    • Permission for retrieving records are applicable only to ISMS documents

  • FDA

    1. Does the EU has also an emergency use authorization as FDA does for medical devices, specifically ventilators?

    Yes, the EU also has a strategy rescue stockpile of medical equipment for COVID-19. All details you can find on the following link: https://ec.europa.eu/commission/presscorner/detail/en/ip_20_476  

    2. Are you familiarized with the process for EUA Authorization of the FDA?

    Yes, we are familiar with the information that can be found on the Internet. Feel free to ask what interests you.

  • Verifying customers' identity

    "Should we be verifying customers' identity via email when the email they are contacting us from is the same email they used to purchase a product from us?"

    I assume you are asking if you need to verify the identity of the customer when he/she contacts you in order to excersice the data subject's rights. The answer is yes, you need to be sure that the indivual requesting to access, delete, modify personal data is the legitimate data subjects. 


    Here you can find more information about data subjects rights:
    Four main questions for obtaining and managing data subjects’ consent under GDPR: https://advisera.com/eugdpracademy/knowledgebase/four-main-questions-for-obtaining-and-managing-data-subjects-consent-under-gdpr/
    Is consent needed? Six legal bases to process data according to GDPR: https://advisera.com/eugdpracademy/knowledgebase/is-consent-needed-six-legal-bases-to-process-data-according-to-gdpr/


    If you want to understand how to implement GDPR compliance in your organization, you can consider enrolling in our free EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course/

     

  • Manage Risk Effectively

    First, ISO 9001:2015 promotes using the process approach. Using the departmental approach is not wrong, but it is not the most effective approach.

    In this free webinar on-demand - How to implement risk management in ISO 9001:2015 - https://advisera.com/9001academy/webinar/how-to-implement-risk-management-in-iso-90012015-free-webinar/ - I show some examples of determining risks and then acting on them. ISO 9001:2015 mentions risk about:

    • Context interacting with interested parties (clause 6.1)
    • Products and services (clause 5.1.2 b))
    • Processes (clause 4.4.1) 

    Your organization is a set of interrelated processes. Each process is a set of activities that transform inputs into desired outputs.

    ISO 9000:2015 defines risk as to the effect of uncertainty. Because there is uncertainty, sometimes we don’t have the expected:

    • Inputs
    • Activities
    • Outputs
    • Results 

    For example, what is a non-conformity? We don’t design processes to deliver non-conformities. So, when a non-conformity happens, we have the manifestation of risk. Non-conformities are potential risks that have materialized. Same for complaints.

    Seen in this way, the risk-based approach is a very effective methodology for developing a plan to control a process, its quality, and its results. The control will materialize, for example, in operations of control, verification, improvements in the process, in work instructions, in improvements in monitoring, in increasing the competence of the participants.

    You can find more information below about risks.

  • Questions regarding ISO27001 documentation

    1 - In the pack that we bought, we can’t find the document regarding Business Continuity Strategy. First I thought that it is the same as the Disaster Recovery Procedure but after having a look here https://advisera.com/27001academy/documentation/business-continuity-strategy/, I found out that this is not the case. Could we receive a .doc italian version of this document, like we did for the rest?

    ISO 27001 aspects on business continuity process (section A.17 from ISO 27001 Annex A) are related to ensuring the availability of information and information systems during either crisis or disaster situations, so a Business Continuity Strategy document is not mandatory for this standard, and you will only need the DRP template included in your toolkit. In this DRP template, in the first row of the table in section 3 you can describe an overview of your Business Continuity Strategy (this will be sufficient for ISO 27001 purposes). 

    2 - All along the instructions we can see that the documents refer to clauses (e.g., A.17.2.1, 7.5…). These clauses sometimes match with the code of controls, other times they don’t. Do these clauses refer to controls or not? If yes, why don't they always match? If not, what do they refer to and is there a list of clauses?

    Please note that references to controls from ISO 27001 Annex A start with “A.” (e.g., A.17.2.1 refers to control Availability of information processing facilities), while references to clauses from the main part of the standard (clauses 4 to 10) start with a number (e.g., 7.5 refers to Documented information).

    This material can provide you more information about ISO 27001 clauses:- Clause-by-clause explanation of ISO 27001 https://info.advisera.com/27001academy/free-download/clause-by-clause-explanation-of-iso-27001 

    3 - In our documents we put the reference documents towards the end of the documents in the same table with the records. Is that ok or is it better to separate them and put the Reference documents at the beginning of the documents like you did?

    You can keep your reference documents as you define them. ISO 27001 does not prescribe this level of detail in formatting documents, so organizations can define the content order as best it fits them.

    4 - In some of our documents/politics we describe the Violations of the Politics in a dedicated paragraph while in your documents we don’t find them. Can we keep these paragraphs regarding Politics Violation or not?

    You can keep your paragraph dedicated to Violations of the Politics in your documents. ISO 27001 does not prescribe this level of detail in document content, so organizations can define the content as best it fits them.

    5 - Can we put a document/section with the Organisation chart emphasising the key figures with responsible roles in ISMS? And linked to this topic two more questions: could we use a RACI matrix in the documents?  Could you suggest the best way to call these figures in Italian?

    Key roles and responsibilities for the ISMS are included in the Information Security Policy template (section 4.4). Please take a look if the information in this section of this template can fulfill your needs. If yes you can include the organizational chart, but you also can develop a separate document to present this chart.

    Regarding the RACI matrix, you can use it in the documents, as a means to provide a quick view about how something needs to be done, but please note that required responsibilities are already defined alongside the documents, and you need to ensure the RACI matrix covers them properly.

    In the Italian version of the toolkit we translated the ISMS roles in various policies and procedures where we found an appropriate term in Italian; the rest are left in English.

  • Microbiology Lab for Implants (Plates and screws)

    The main point here is that these medical devices must be sterile. So I assume they are produced in a cleanroom. Microbiology requirements then include the following:

    • Microbiology monitoring of the environment (surfaces, air, workers hand, machines that are used in the cleanroom)
    • Bioburden before sterilization so that you know what is the microbiological load of your products to know which sterilization method to choose
    • Testing the sterility of your product after the sterilization

    All of this is stated in the following standard:

    • EN 556-1:2001 Sterilization of medical devices - Requirements for medical devices to be designated "STERILE" - Part 1: Requirements for terminally sterilized medical devices

    The microbiology laboratory for performing all this work must be accredited. It is stated in the MDR 2017/745, Article 106 - Article 106 – Provision of scientific, technical, and clinical opinions and advice – that the EU Commission designated the expert laboratories. Accreditation is one way how a laboratory can be designated.

    For more information, please see:

    • EU MDR Article 106 - Article 106 – Provision of scientific, technical and clinical opinions and advice https://advisera.com/13485academy/mdr/provision-of-scientific-technical-and-clinical-opinions-and-advice/

    • ISO 9000 and ISO 9001

      ISO 9000 never changed into ISO 9001.

      The first versions of ISO 9001 and ISO 9000 were published in 1987.

      ISO 9000:1987 was mostly about guidance in selecting and using ISO 9001, ISO 9002, and ISO 9003. In the year 2000, ISO 9002 and ISO 9003 were removed, and ISO 9000 absorbed the quality vocabulary standard ISO 8402.

    • Contract Review and Operational Planning

      Contract review was a language used by ISO 9001 until the year 2000 version. After contract review you have a contract signed, you know what are the client requirements. Operational planning implementation is about planning how to execute that contract. Things like:

      • Who will lead this contract?
      • What team will work there?
      • What machines and tools will be used there?
      • What materials need to be ordered to what dates?
      • What quality control plan to use?
      • What contract schedule to follow?
      • What monitoring to follow?
      • What invoice plan?

    • 17025 Accreditation for Electronic Test Laboratory

      Yes a laboratory can be accredited for electronic tests, either as a testing or calibration laboratory. This will depend on the service to be offered. I suggest you contact your accreditation body for further information on which programme will suit your scope of work. You can search for your national body ans others at https://ilac.org/ilac-membership/members-by-economy/

      For more information on ISO 17025 see ISO 17025 – Main guidelines at https://advisera.com/17025academy/what-is-iso-17025/
Page 132-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +