Search results

Requlatory Requirements for a DNA testing lab

You asked

I assume accreditation is mandatory for outsourced testing labs.

Typically, including outsourced testing, the required laboratory quality level is legally determined. For example, government departments such as immigration will only accept DNA test results for immigration and citizenship applications from laboratories accredited by a ILAC member accreditation body. Besides legal requirements, the benefit of accredition is that the competency of a laboratory is shown through their accreditation, so there is assurance in using an accredited laboratory for such tests.

You also asked

Is ISO 17025 the relevant accreditation?

Answer

Both ISO 17025 (testing and calibration) and ISO 15189 (medical pathology) are applicable quality standards for genetic testing while ISO 17025 is the relevant accreditation for an outsourced laboratory for testing for GMP (Good Manufacturing Practice). ISO 15189 is the accreditation required for diagnostic work on patient material. For certain clinical and preclinical analyses, the referral lab may need to comply / perform the study under OECD GLP, GCLP, ISO/IEC 17025, or ISO 15189 criteria.

The specific type of testing must be included under the scope of accreditation. For this reason, some laboratories will have both ISO 17025 and ISO 15189 accreditation as they perform general testing and diagnostic testing work. It is therefore important to clarify the needs of your clients.

For more information on ISO 17025 see ISO 17025 – Main guidelines at https://advisera.com/17025academy/what-is-iso-17025/

BYOD

Such procedures and testing plans can greatly vary according to organizations requirements (i.e., organizations may have different requirements for system engineering and system acceptance), so it is unfeasible to develop templates to cover every possible scenario, and our recommendation, in this case, is that each organization develop their own documentation.

For further information, see:

• What are secure engineering principles in ISO 27001:2013 control A.14.2.5? https://advisera.com/27001academy/blog/2015/08/31/what-are-secure-engineering-principles-in-iso-270012013-control-a-14-2-5/
• How to integrate ISO 27001 A.14 controls into the system/software development life cycle (SDLC) https://advisera.com/27001academy/how-to-integrate-iso-27001-controls-into-the-system-software-development-life-cycle-sdlc/

Is link to LinkedIn private use ?

Your website is clearly for personal use, so you don’t fall under EU GDPR regulation.

Here you can find some information about GDPR applicability:

• Is the GDPR applicable to our company? https://advisera.com/eugdpracademy/knowledgebase/who-needs-to-be-gdpr-compliant-an-easy-explanation/

• Application of GDPR to emailed CVs

  During the retention period, you can store the unsolicited CV, you don't need explicit consent because the legal basis falls under the request of pre-contractual measures on request of the data subjects (Article 6 par. 1 lett. b) GDPR). You need to state in the privacy notice that personal data in CVs will be processed for the purpose of selecting candidates for a job application and that will be stored for 6 months. 

  Here you can find the legal basis in EU GDPR

  • Article 6 GDPR https://advisera.com/eugdpracademy/gdpr/lawfulness-of-processing/ 

  • How to address the new standard requirement

    In ISO 45001 the previous requirements for identifying hazards and risks are not drastically changed from the OHSAS 18001 requirements, but these previous requirements only address the hazards and the OH&S risks defined in the ISO 45001 clause 6.1 requirements. Along with what is already in place from OHSAS 18001, you also need to identify other risks as well as OH&S opportunities and other opportunities. While it is possible to document these in the HIRA document you already use, it is not required to do so and in many cases you many not want to especially if the HIRA document is mandated by legal requirements.

    So while it might be good to include the OH&S opportunities along with the HIRA document (maybe a new column) as these are related to the hazards, you may want to include the other risks and opportunities of the OHSMS along with other strategic planning risks and opportunities of the company. How they are documented is not dictated in the standard.

     

    You can read a simplified explanation of the new requirements for hazards, risks & opportunities, and how this requirement works, in the article: The basics of ISO 45001 hazards, risks, and opportunities, https://advisera.com/45001academy/blog/2021/02/22/the-basics-of-iso-45001-hazards-risks-and-opportunities/

  • Lead Auditor / Lead Implementer

    1. If someone enrolls for ISO 27001 Lead Auditor/Lead Implementer training at ISO accredited training provider and passes the exam, he/she/they will automatically be eligible to include ISO 27001 Lead Auditor/Lead Implementer at the end of his/her/their complete names?

    Attending the course and passing the exam is not sufficient to be eligible to use the credentials of Lead Auditor / Lead Implementer, because professional and audit/implementing experience may be required. The specific requirements to obtain the qualification vary depending on the organization issuing the certificate.

    2. Related to question #1, how to ensure someone’s else credential in ISO 27001 Lead Auditor/Lead Implementer certification? Any URL to validate it?

    The organization issuing the certification must maintain an available record of their certified members, so you only need to ask the person about his/her certification register and organization issuer, so you can check the validity of the credential.

    These articles will provide you a further explanation:

    • How to become ISO 27001 Lead Auditor https://advisera.com/27001academy/knowledgebase/how-to-become-iso-27001-lead-auditor/
    • What does ISO 27001 Lead Implementer training look like? https://advisera.com/27001academy/blog/2016/11/28/what-does-iso-27001-lead-implementer-training-look-like/

    These materials will also help you regarding personal certifications:

    • Free online training ISO 27001 Lead Auditor Course https://advisera.com/training/iso-27001-lead-auditor-course/
    • Free online training ISO 27001:2013 Lead Implementer Course https://advisera.com/training/iso-27001-lead-implementer-course/

  • Conformio questions

    1. Can I treat the Project Plan as a statement of intention? If we do not meet the deadlines, we have set in the Project Plan, would this be a problem during certification?

    Answer: The purpose of the project plan is to clearly define several elements (e.g., the objective of the project, documents to be written, deadlines, roles, and responsibilities, etc.), so yes - project plan can be used as a statement of intention. On a general level, the top-level objectives are also a statement of intention.

    ISO 27001 does not require a project plan to be documented (it is a supporting document for the implementation, not for the ISMS itself), so if you do not meet initial deadlines this will not be a problem during the certification (the project plan always can be updated to reflect the real progress of the implementation). 

    For further information, see:
    - ISO 27001 project – How to make it work https://advisera.com/27001academy/blog/2013/04/22/iso-27001-project-how-to-make-it-work/
    - How to use Scrum for the ISO 27001 implementation project https://advisera.com/27001academy/blog/2017/03/27/how-to-use-scrum-for-the-iso-27001-implementation-project/

    2. At the end of each document in the wizard, there is a set review cycle of 6 months or 12 months depending on the document. Why is this set in such a way and could I change it?

    Answer: 6 months and 12 months are the most frequent review periods adopted by organizations. ISO 27001 does not prescribe document review time, so organizations can define them as they fit their needs.

    You can change the review period according to your needs by adjusting the document review period field in the document properties tab when you are creating it.

    For further information, see:
    - How to manage documents according to ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2021/06/27/how-to-manage-documents-according-to-iso-27001-and-iso-22301/

     

  • ISO 9001 8.3 in a fertility clinic setting

    Yes, that is my understanding of the situation.

  • Consequences and Costs of not abiding waste management

    What are the details of the possible consequences and cost implications of employers and employees not abiding by legislation and regulations with regard to waste management?

  • Interested Parties

    What follows is a list of potential interested parties. Annex A.3 of ISO 9001:2015, last paragraph, states that only an organization has the authority to determine who are the relevant interested parties.

    You may consider:

    • Client (payer)
    • Client (users)
    • Regulators
    • Programmers (as suppliers or as employees)
    • Influencers 

    Please, check this free webinar on-demand - ISO 9001:2015 clause 4 - Context of the organization, interested parties, and scope - https://advisera.com/9001academy/webinar/iso-90012015-clause-4-context-of-the-organization-interested-parties-and-scope-free-webinar/ - where I present examples of different interested parties and their requirements and expectations.

    You can find more information below

    • How to determine interested parties and their requirements according to ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/11/10/how-to-determine-interested-parties-and-their-requirements-according-to-iso-90012015/
    • Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    • Book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/