Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Basic question on GDPR

    No, there is no international standard that certifies GDPR requirements, although some standards can help you to implement GDPR principles and design correctly policies. I.e,  ISO27001 on information security or ISO17000 on conformity. Therefore, there is no expiration date and you will apply GDPR as soon as it will be enforceable. The previous EU directive had been enforceable for more than 10 years, so the time frame is long.

    In order to verify the requirements to pass the CIPM certification, you should consult the IAPP website.

    Here you can find more information about ISO standards:

    If you want to know how to implement ISO 27001 standards or the EU GDPR, you may consider enrolling in our free online foundations courses:

    • Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
    • EU GDPR Foundations course: https://advisera.com/training/eu-gdpr-foundations-course/

       

    • CISSP

      ISO certification of persons works in a different way.

      Accredited ISO training providers comply with ISO 17024 – which provides general requirements for bodies operating certification of persons.

      Provided they fulfill this standard’s requirements, each training provider can have their own sets of questions to use in their exams.

      These articles will provide you a further explanation about ISO 27001 personnel certifications:

      These materials will also help you regarding ISO 27001 personnel certifications:

    • Cyber security certificates that guarantee entry-level work

      Please note that the answer to this question depends on the type of work you are considering (e.g., database security, network security, cloud security, security management, etc.).

      For ISO 27001, the lead ISO standard for information security management, the entry-level certifications would be:

      • ISO 27001 Foundations
      • ISO 27001 Internal Auditor

      More advanced certifications are:

      • ISO 27001 Implementer
      • ISO 27001 Lead Auditor

      These articles will provide you a further explanation about ISO 27001 personnel certifications:

      These materials will also help you regarding ISO 27001 personnel certifications:

    • Error proofing

      I don't think there is a standard for Error-proof devices. But according to article 10.2.4 of the IATF 16949.2016 standard; Both production and product verification methods of error-proof devices must be specified in the control plan. For example, let's assume that there is 100% control of the product on the production line with a camera. You verify this camera with the "NOK" master sample per shift. Here in the control plan, you need to enter the verification of each shift with the "NOK" master sample. 
       

    • Question about training

      1 - I wanted to know for the Security Awareness Training, if we have our own training, can this be used and we just have to log when the training was completed? Who should participate in the training as all employees take this training.

      You can have your own training, but you need more than a log when the training was completed. You need to identify the training content and results achieved (e.g., who has participated, by means of attendance lists, who was approved, by means of exams results or certificates, etc.). In your toolkit, you have a Training and Awareness plan, located in folder 9 Training and awareness, that will help log all information you need to be compliant with ISO 27001 related requirements.

      Regarding whom needs to participate, you need to identify which security competencies need to be fulfilled, so you can identify who needs them. These are the people who need to attend the activities.

      For example, if you need to fulfill a gap related to clean desk and clean screen, may all employees in the scope will need this one. On the other hand, if you need to fulfill a gap in network security, maybe only IT personnel need to attend the activity.

      For further information, see:

      2 - It's from a site KnowBe4. I wanted to know for this part can our employees use this site or they have to use your site for ISO? Do we have to show who has had training?

      ISO 27001 does not prescribe how to perform awareness and training, so organizations can use their own training/awareness material, use a training provider, or adopt a mix of these approaches.

      Regarding training providers, you can use anyone you see fits your needs.

      Regarding records to be kept, the same records you keep when you perform training by yourself need to be kept.

    • Classification

      To my understanding of this equipment, equipment that generates oxygen for medical applications is not a medical device. A medical device is the oxygen tank if that oxygen has a medical device purpose and not as medicine.  

    • Checklist for medical device labeling including advertising and claims

      The best way to prepare the audit checklist is to go through the Annex 1 General safety and performance requirements of the Medical device regulation MDR 2017/745. There in Chapter 3 – Requirements regarding the information supplied with the device you have all requirements that need to be covered in labels and instructions of use

      For more information, see:

      • EU MDR Annex 1 – General safety and performance requirements https://advisera.com/13485academy/mdr/general-requirements/

      • Missing documents

         Please note that controls A.12.4.1 (Event logging) and A.12.4.3 (Administrator and operator logs) are covered in template “Security Procedures for IT Department”, located in folder 08_Annex_A_Security_Controls >> A.12_Operations_Security

        Regarding controls A.12.4.2 (Protection of log information) and A.12.4.4 (Clock synchronization), please note the ISO 27001 does not require every applicable control to be documented, and in such cases, a short explanation about its implementation included in the Statement of Applicability will be enough (you can find documented information about these controls in the SoA template located in folder 06 Applicability of Controls).

        This article will provide you a further explanation about controls documentation:

      • Is ISO 9001 mandatory for company distributing medical devices?

        No, ISO 9001 is not mandatory for the companies distributing medical devices. However, in the ISO 13485: 2016 standard in section 0.1 Introduction - General it is stated that the ISO 13485:2016 standard can be used by an organization involved in one or more stages of the lifecycle of a medical device including design and development, production, storage and distribution and so on.

      • Implementation questions

        1. Do I need to perform mechanical tests on the liner? If so, which organization can do this?

        You are the ones who determine the tests that need to be performed on your product. If this test is crucial to show that your product meets the specifications, then a test is needed.

        As for the laboratories where the test needs to be conducted, MDR requires it to be some accredited institution.

        However, we are not authorized to refer you to the appropriate institutions because we do not know your product and its specifications.

        2. How long do I need to do clinical trials on the liner? How many months and how many patients need to wear the liner as part of the clinical trials?

        Clinical trials for medical devices must be prepared in accordance with the standard ISO 14155:2020 Clinical investigation of medical devices for human subjects — Good clinical practice. How long the research will take depends on many factors, which are listed in this standard.

        However, please be aware that clinical trials are necessary for those medical devices that are completely new and that there is no other source for clinical data. So, usually, it is for completely new types of medical devices, with new technologies or materials.

        For all other medical devices, it is possible to perform the clinical evaluation with the available clinical and scientific data for the literature (Article 61 in the MDR 2017/745). If I understand what silicone prosthetic liner is, it is not a new device, therefore you can find a lot of clinical data on the internet. When you use literature data for your medical device, you need to find an equivalent device with which you will compare your medical device. Equivalence must be demonstrated at the clinical, technological, and biological levels.

        For more information, see:

        On the following links you can find how we have prepared in the ISO 13485&MDR Documentation toolkit documents and reports for clinical evaluation:

Page 156-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +