Search results

Home / Search

Category:
Select
Select

11275 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Measurement uncertainty and lab validation

    You asked

    "If tests come with accepted tolerance ranges do you still do measurement uncertainty?

    I assume, based on you next question you are referring to a Standard test method. ISO 17025 states in clause 7.6.3, note 1 that if a laboratory follows a well-recognized test method that specifies limits to the values of the major sources of measurement uncertainty and specifies the form of presentation of the calculated results; and the laboratory follows reporting instructions, the laboratory is considered to have satisfied requirements of clause 7.6.3 to evaluate measurement uncertainty. So if this is the case, you will not need to perform MU as a testing Laboratory. Note that in all cases however you need to assess the risk of misrepresenting the results to clients. Furthermore calibration laboratories must always report the MU on a calibration certificate.

    You also asked

    Also if you use international standards which are validated already do you still need to validate the method in the lab?"

    You must meet the requirements of ISO 17025:2017 Clause 7.2, meaning if it is standard method your extent of validation is to verify that your laboratory can meet the performance criteria of the standard test with you conditions of venue, equipment and personnel. This could be, for example the required sensitivity, specificity, or other parameters stated.  

  • Conversion to UK version of GDPR

    Thanks for your response. Would you say that if a policy is already designed to comply with EU GDPR, then simply amending the language to also reference UK GDPR is sufficient? In other words, is the only change required to specify that it’s UK, but no actual substantive changes to the policy are needed?

    Yes, that is right. Of course, I suggest you monitor the Information Commissioner Officer (you can subscribe to the newsletter which is good) if any change in the legislation happens. Now, the UK GDPR is mirroring the EU GDPR (it was a condition to benefit from the adequacy decision for data transfer between the UK and the EU), but in the future things may change.

  • Documents and clauses

    As you have acknowledged and actioned, it is very important to keep track of your implementation project.

    You asked 

    which clause this will fit under?

    There is no specific clause in ISO 17025 to meet in terms of implementing the system, as ISO 17025 has requirements for meeting the requirements and controlling risks and changes (rather than how to developp processes and go about implementation). This is why we recommend using the Project Plan template, available at https://info.advisera.com/17025academy/free-download/project-plan-for-iso-17025-implementation and provide you with the Project-checklist-for-iso-17025-implementation available at https://info.advisera.com/17025academy/free-download/project-checklist-for-iso-17025-implementation.

    Note however, that requirements for controlling changes to your system are covered specifically in clauses

    • 5.7  (Management must control planned change to maintain integrity of the management system)
    • 7.11 Control of data and information management
    • 8.9  Management Review

    Practically I also advise you to use the Internal audit checklist to record your progress.
    The checklist is part of the toolkit, available for preview under “Performance Evaluation” at https://advisera.com/17025academy/iso-17025-documentation-toolkit/

  • Documentation of requirements

    Please note that our ISO 27001 Documentation Toolkit covers all mandatory documents and some documents that are not mandatory. Many of the clauses and controls you mentioned do not need to be documented according to the standard, and in our opinion, it would be an overhead to document each and every one of them in a small company. 

    Our toolkit is created specifically for smaller companies that want to implement ISO 27001 in a quick way, without unnecessary paperwork; for larger companies that require more documents, we recommend getting some other solution.

    This article will also help you:

  • What is EQA Test in ISO17025

    EQA stands for “External Quality Assurance” and refers to the ISO 17025 requirements in clause 7.7 Ensuring the validity of results, for a laboratory to  monitor its performance by comparison with results of other laboratories. How a laboratory does this depends on the type of testing and the type of comparison that is available and appropriate. This can be participation in proficiency testing or other means, for example, is appropriate bi-lateral comparisons or use of certified reference material. I suggest you contact your accreditation body and obtain their rules for Proficiency Testing and other comparison programme requirements for ISO 17025 accredited facilities in your sector. See too the ILAC P9:06/2014 ILAC Policy for Participation in Proficiency Testing Activities (the policy for accreditation bodies on the use of proficiency testing activities in the accreditation process), available from https://ilac.org/publications-and-resources/ilac-policy-series/

    For more information, have a look at previously answered topic Documentation and PT program https://community.advisera.com/topic/documentation-and-pt-program/

    For more information on what is required for ISO 17025, read the whitepaper Clause-by-clause explanation of ISO 17025:2017 available for download from https://advisera.com/17025academy/free-downloads/ and preview the Toolkit at https://advisera.com/17025academy/iso-17025-documentation-toolkit/ which includes the Quality Assurance Procedure and the Proficiency Testing Record.

  • Scope of ISMS

    The paper archive will need to be part of the ISMS scope if it contains information you want your Information Security Management System to protect.

    For example, if the paper archive contains employees’ information, and you want the ISMS to protect only customer information, then the paper archive does not need to be part of the ISMS scope.

    These articles will provide you a further explanation about defining the ISMS scope:

    This material can also provide more information:

  • Terminating Employee

    When an employee is part of the ISMS scope, to his employment termination to be compliant with ISO 27001 requirements you should ensure that his access rights are revoked, and information security responsibilities and duties that remain valid after termination of employment are communicated to the employee (e.g., keep the information confidential). This last part of the process is often done through contractual obligations.

    This article will provide you a further explanation about terms and conditions of employment:

  • Translation of IFU

    There is no strict requirement that translation validation must be performed. However, from the ISO 13485 point of view, validation must be performed for all processes where the resulting output cannot be monitored or measured by subsequent monitoring or measurement. Translation validation will ensure that each time translations will be provided in a proper manner and that information provided in the IFU are correct. It should be done once and there is no need for another validation while native speakers do not change.  

  • ISO 27001 implementation

    Unless you have requirements for specific cloud security controls, your information security implementation compliant with ISO 27001 follows the same steps as for a non-cloud environment:
    getting management buy-in for the project;

    1. defining ISMS basic framework (e.g., scope, objectives, organizational structure), by understanding organizational context and requirements of interested parties;
    2. development of risk assessment and treatment methodology;
    3. perform a risk assessment and define the risk treatment plan;
    4. controls implementation (e.g., policies and procedures documentation, acquisitions, etc.);
    5. people training and awareness;
    6. controls operation;
    7. performance monitoring and measurement;
    8. perform internal audit;
    9. perform management critical review; and
    10. address nonconformities, corrective actions, and opportunities for improvement.

    Regarding your question about which policies, this will depend on the results of risk assessment and identified legal requirements.

    For further information, see:

    This article will provide you a further explanation about ISMS implementation:

    To see how documents compliant with ISO 27001 looks like, please take a look at the free demo of our ISO 27001 Documentation Toolkit: https://advisera.com/27001academy/iso-27001-documentation-toolkit/

    These materials will also help you regarding the ISO 27001 implementation:

  • Amount of non-conformances that an auditor issue after an audit

    No, there is no ''rule of tumb'' for the amount of non-conformances that an auditor issue after an audit. As a good practice, an auditor should raise all non-conformities determined during an audit.

    Please consider the following information:
Page 142-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +