Search results

Home / Search

Category:
Select
Select

11275 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • ISMS TIER 1 - 4 Documents

    Please note that ISO 27001 does not prescribe or make reference to documents tiers.

    Considering that, the concept of tiers is a common interpretation made by organizations to make ISO documentation management easier to understand.

    In this interpretation the tiers are:

    1. Policies: define rules for the ISMS. They are composed of the Information Security Policy and additional subject-specific policies (e.g., Access Control Policy, Backup Policy, etc.).
    2. Procedures: they describe what needs to be done, by who, when, and in what order.
    3. Work instructions: they detail how specific tasks are performed.
    4. Records: documents that provide evidence of performed activities or results achieved.

    This material will provide you a further explanation about document management:

  • Exclusion to 8.3

    thank you very much, Sir. This information is very helpful.

  • Measurement uncertainty in chemical process

    Measurement uncertainty is a statistical measure, offering a range within which there is an equal probability of the result value lying, at a particular confidence. This uncertainty estimate is therefore a combination of all  the factors that affect the variability of results, on a method to method basis. The approach is to firstly know your method and the process steps, then determine the type of contributors to uncertainty. This depends on your method. It helps to use a checklist and record to guide and report the process. Where detailed measurement uncertainty evaluation is not possible due to the nature of the test method, the measurement uncertainty may be estimated based on principles of the techniques or practical experience of the performance of the method.

    Advisera’s ISO 17025 toolkit guides you through the implementation of ISO 17025. The  ISO 17025 document template: Evaluation of Measurement Uncertainty Procedure and related Measurement Uncertainty Checklist and Measurement Uncertainty Record are available as part of the ISO 17025 toolkit; or as separate documents; to guide you in the process.   A complete discussion of measurement uncertainty is however outside of the scope of the toolkit. 

    Technicians responsible for uncertainty calculations need some technical training and support to fully understand what is required because you need to have an understanding of type a and type b uncertainties and the statistical calculations. Type A are based on the statistical analysis of measurements and Type B is based on other sources of information such as calibration or reference material certificates and that reported uncertainty from the certificate. In many chemical processes , Type A contributors to precision are typically the largest contribution.

    For more information regarding the measurement uncertainty, see the ISO 17025 toolkit document template: Evaluation of Measurement Uncertainty Procedure at https://advisera.com/17025academy/documentation/evaluation-of-measurement-uncertainty-procedure/ This covers the basic principles and steps to plan, measure and calculate the data required for an evaluation of measurement uncertainty. The two appendices related to the document, Measurement Uncertainty Checklist and Measurement Uncertainty Record support the process. 

    I recommend you also look to your sector and suppliers for commonly used approaches.

  • Incident Response and Business continuity Disaster Recovery instructor led training

    We do not have knowledge of instructors for these specific training, so your best approach would be looking for them on professional social networks like LinkedIn, or organizations that issue certificates for business continuity professionals like BCI and DRII. You may find the information you are looking for on these sites:

  • Business impact analyses questionnaire

    1 - What impact analyses should I document?

    The business processes to be considered are those related to the defined business continuity objectives. For example, if your business objective is to ensure continuity of customer support services, then the processes related to these services need to undergo business impact analysis (e.g., customer service tickets management, escalation process, etc.).

    For further information, see:

    2 - Do I do a granulate approach and document things like power outages or does things like power outages become a prerequisite to a process not being available.

    Please note that for Business Impact Analysis you do not need to take into account risks, only the impact of the disruption over the processes. Risk identification (so you can identify the ones with the most chance to occur) can be performed either before or after BIA, but it is a completely different and independent process.

    For further information, see:

  • Calling organization's products after certified ISO 13485 QMS in place

    With a certified ISO 13485 QMS in place  which is in alignment to national regulatory body as well (though not audited by national regulatory body), can an organization call its products:
    1. GMP grade products or
    2. ISO13485 conforming products or
    3. ISO 13485 and GMP conforming products
    Note: I have not used the word compliant for GMP since as I understand that the organization needs to be audited by regulatory body to claim the same?

  • Clause 5.1 / internal audit

    To evidence fulfillment of clause 5.1, you need to look for evidence like:

    • management meeting minutes, where decisions like approval of information security policy and of information security objectives are recorded.
    • policies and procedures, where you can find definitions of security roles and responsibilities.
    • performance reports, where you can find the results related to information security objectives.

    As examples of questions, you can find them in the internal audit checklist template included in your toolkit, in the folder Internal Audit.

    This article will provide you a further explanation about the internal audit checklist:

  • ISO 27001 questions

    1 - We are a translation company and have only identified one general entry - our customers - in the list 02.01 of statutory official contractual requirements. Could you tell us if this is enough?

    We are not legal experts, and without more information about your scope, we cannot provide a more robust solution.

    Please note that you may have other interested parties which may define requirements for information security, like suppliers, and the government. Additionally, as a translation company, you may have requirements regarding how translations should be performed (and if you do not comply with these your translation may have information integrity issues).

    Considering that, we advise you to hire legal expert advice to help you identify these requirements.

    For further information, see:

    2 - We obtain standard services from our service providers and do not always negotiate individual contracts. Is it sufficient for our certification if our service providers are themselves certified according to ISO 27001?

    It is not enough your service providers are certified according to ISO 27001. You need to ensure they treat the risks you identified as relevant that are related to them as you expect (e.g., if unauthorized access to information is a relevant risk to you, you need to ensure they treat this risk properly). This is normally treated by defining a contract or service level agreement with them including information security clauses covering the risks you want them to treat.

    For further information, see:

    3 - As a small company, management and IT have double roles of responsibility, so that the separation of duties is not always possible. Did we take this into account correctly in the documents? How is this to be dealt with in general?

    When separation of duties is not feasible to treat relevant related risks, you need to consider compensatory controls, like monitoring activities and management supervision, to ensure that even without segregation of duties the identified risks are properly handled.

    For further information, see:

  • Asset inventory

    First is important to note that an asset inventory is required for ISO 27001 only if:

    • there are unacceptable risks that treatment demands such inventory
    • there are contracts, laws, or regulations you have to follow which demands such an inventory
    • there is a top management decision demanding such inventory

    If none of the above-mentioned situations occurs, then there is no need to keep such inventory.

    In case the inventory is required, the assets should be included considering those that can affect the information you want to protect. For example, if you want to protect R&D information, you need to identify on which servers, networks, and workstations this information flows through, is processed, or stored.

    For further information, see:

  • Risk Management and FMEA

    FMEA is the risk method that best meets all the requirements of ISO 14971: 2019, so it is recommended that it be used for class I medical devices.
Page 159-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +