Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Annex A.8.3.1 to 8.3.3

    In your second paragraph, I’m assuming you are referring to control A.8.3.2, instead of A.8.2.3.

    Considering that, please note that these controls have different coverages:

    • control A.8.3.2 (Disposal of media) focuses on the proper disposal of media that contains information, regardless it is physical or digital media.
    • control A.11.2.7 (secure disposal or reuse of equipment) focuses on the proper disposal or reuse of equipment that contains media with sensitive information.  

    You can think of control A.11.2.7 as a specific application of control A.8.3.2, although these controls can be applied independently of each other.

    For further information, see:

  • Can the Procedure for Design and Development be applied in my company?

    First, design and development are not something only applicable to products. It is also applicable to services.

    You wrote “sale of electronic products and provides technical assistance services”. I think that the answer to your question

    “I would like to know if the procedure for design and development can be applied in my company?”

    Depends on how your organization writes the scope of the management system. If the scope is closed, it lists all the technical assistance services provided under the management system, all services are already designed and developed. Any new services provided will not be included under the scope. In that case, design and development are not applicable. However, if your scope is open, if it is more generic, to be applicable to new services to be designed and developed in the future, then design and development are applicable.

    For more information about exclusion, the right ISO wording is applicability, consider the following:

     

  • Eddy Current Testing or Electromagnetic Testing

    To meet ISO 17025 requirements, the testing laboratory must label, code or identify in some way that allows the user of the equipment to identify the calibration status or period of validity. As long as this is very clear to the user, there is no mandatory need to have a sticker placed by the third party calibration laboratory. The relevant documention (calibration certifcate) must also be available to the user.

    For more information see What does ISO 17025:2017 require for laboratory measurement equipment and related procedures? at https://advisera.com/17025academy/blog/2019/07/25/iso-17025-measurement-requirements-of-the-standard/

     

  • GMP license

    There are differences in requirements for ISO 17025 accreditation and GMP certification. It is outside of the scope of the ISO 17025 Academy to comment on regulatory requirements, for example that of Health Canada. I suggest you contact the regulatory body.

    For more information on ISO 17025, have a look at What is ISO 17025 at

    https://advisera.com/17025academy/what-is-iso-17025/

  • Multi-site certification and group certification

    Multi-site or group certifications are possible for management systems, although they are not common across continents. The real determination is the applicability of the QMS rules and polices across the different locations, if this is too different then a multi-site certification can be difficult. The certification comes down to the scope identified for the QMS, and this scope can include one location or several, but as stated if the multiple locations are very different from each other in processes, products or services this can be difficult. Additionally, legal requirements may be different across locations on different continents.

    It is also important to note that not all certification bodies will be willing to do a certification like this. To certify multiple locations, you will need all locations audited and this may not be possible or accepted for all certification bodies.

     

    You can read a bit more on scope of the QMS in these articles from the 9001Academy which are applicable: How to define the scope of the QMS according to ISO 9001:2015, https://advisera.com/9001academy/blog/2015/10/13/how-to-define-the-scope-of-the-qms-according-to-iso-90012015/ and Certifying different legal entities under one certification scope in ISO 9001, https://advisera.com/9001academy/blog/2018/03/27/certifying-different-legal-entities-under-one-certification-scope-in-iso-9001/

  • Conformio - setting up people and departments

    For small companies (up to 50 employees) it is not critical that the project sponsor do not get directly involved with the project. This “no involvement” is normally defined because the project sponsor is often part of top management, and if he gets to involved with the project (i.e., acts as a project manager), this situation may end impacting his other functions.

    In case the managing director (MD) has the necessary authority to solve problems that can make the project stuck, and make decisions to ensure project success, there is no problem for this role to be assigned as the project sponsor, instead of the chairman.

    For further information, see:

  • Implementing the ISO 9001 standard for an Information Technology company

    I am working on implementing the ISO 9001 standard for an Information Technology company. They do not have any in-house manufacturing of equipment or hardware. They only offer IT services such as Managed Services, Cybersecurity, reseller or Hardware, a reseller of Software, VoIP, Access control.

    What clauses will be applicable for them in ISO9001?

    Answer:

    ISO 9001:2015 clause 8.5 is not only about manufacturing, it is about “Production and service provision”. So, 8.5 applies to service provision. It’s like a delivery services company being ISO 9001 certified.

    While implementing ISO 9001 for certification, only clauses from section 8 can be candidates for classification as non-applicable. ISO 9001:2015 is a generic standard applicable to all kinds of organizations. The company:

    • Has clients and consumers – clause 8.2 is applicable.
    • If the organization has its management system scope closed. If the scope details all IT services provided then Clause 8.3 may not be applicable. If the organization has a general scope that can accommodate new services in the future, then Clause 8.3 is applicable.
    • Buys resources - clause 8.4 is applicable.
    • IT services are provided, quality must be controlled and non-conforming services must be treated - clauses 8.5, 8.6, and 8.7 are applicable.

    Inside 8.5 typical candidates for non-applicability are:

    • Subclause 8.5.3 – does the company works with confidential information provided by the client? Does the company install the software at the client’s premises? If a new version of software originates problems for the client, does the company is liable? If yes to one of these questions the clause is applicable.
    • Subclause 8.5.4 – preservation seems not applicable at first sight but then look into the “NOTE”. You can find there the word “transmission”. What is that about? It is about how information is transmitted and protected, preventing risks of loss, tampering, and protection of information which may include property of the customer and supplier. There are examples of this information transmitted electronically such as electronic payments, mail, electronic files, computer files, information available on websites, etc.
    • Subclauses 8.5.5 and 8.5.6 – include after-sales support and new versions


    Also, do you have a toolkit that is specifically for IT industry?

    Answer:

    No, we do not have an ISO 9001 toolkit specific to the IT industry. However, support 1on1 is provided to clients. Perhaps, in your case, this tool kit “ITIL® AND ISO 20000 DOCUMENTATION” - https://advisera.com/20000academy/ used together with this free document - “ISO/IEC 20000-1:2011 vs. ISO 9001:2015 matrix” 
    - https://info.advisera.com/20000academy/free-download/iso-iec-20000-1-2011-vs-iso-9001-2015-matrix?_gl=1*ud8gcr*_ga*MTI5NjM5NjM3LjE2MjcyOTkzOTY.*_ga_4P5GYSBRB2*MTYzMTAwMDYyNi4zMS4xLjE2MzEwMDIwNTQuNjA. This document is being updated according to ISO/IEC 20000-1:2018

    While considering the use of ISO 9001 for software development activities, consider this support ISO/IEC/IEEE 90003:2018 - Software engineering — Guidelines for the application of ISO 9001:2015 to computer software - https://www.iso.org/standard/74348.html

     

  • Receiving CE Mark

    please go on

  • GSPR and IFU/manual

    According to the Article 32. Safety and clinical performance must be performed only for implantable devices and for class III devices, other than custom-made or investigational devices. Therefore, this article and this requirement from GSPR are not applicable to you.  

  • ISO 27001 Lead Auditor exam - Doubts regarding a question

    Thank you for that.

    Nonetheless...

    With regard to the question about owners to be assigned to each critical risk... 
    Considering the fact that the question was structured in a way "Does each critical risk should have the owner assigned?" and not in a way : Does ONLY critical risk should have risk owner assigned?", if my response YES was marked as incorrect, I would like to  appeal to my exam results.

    In both approaches to IS part of the exam I was missing only 6% to pass, which is basically 1 question probably.  And I had this question both times in it.

    Could you please check and let me know if this can be somehow proceeded?

    I will be grateful.
Page 146-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +