Search results

Home / Search

Category:
Select
Select

11272 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • BIA and Risk Assessement

    1 - Thanks for the reply. I will highly appreciate if you can give me one example of risk which has been done for a BIA process.

    Answer: First is important to note that risks are not identified as part of a BIA process. Risk assessment and BIA are different processes. From risk assessment you can identify risks that can help you prioritize on which business process to perform BIA first. For BIA it is irrelevant which risks might materialize - the only relevant thing is the duration of the outage (irrespective of the incident).

    Examples of risks that can be identified and used to prioritize business processes to apply on BIA are fire, earthquake, bomb threat, and interruption of power supply.

    To see how such risks can help understand which business processes a BIA should cover first, I suggest you take a look at the demo of this template: https://advisera.com/27001academy/documentation/examples-of-disruptive-incident-scenarios/

    For further information, see:
    - Risk assessment vs. business impact analysis https://advisera.com/27001academy/knowledgebase/risk-assessment-vs-business-impact-analysis/
    - How to implement business impact analysis (BIA) according to ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-implement-business-impact-analysis-bia-according-to-iso-22301/

    2 - Also as per you answer, should I perform RA only for the process which I have in BIA? If that’s the case, should I consider RA w.r.t People , process and technologies boundaries? or should I consider operational and business risks as well?

    Thanks

    Answer: In case your purpose is to ensure business continuity, considering the ISO 22301 standard, which provides requirements for business continuity management, then you should apply RA only for the process which you have in BIA (which are all the processes included in the Business Continuity Management System scope).

    Regarding risk categories, ISO 22301 does not prescribe which ones to apply, so you can define the ones that better fit your needs.

    To see how documents compliant with ISO 22301 BIA and RA looks like, please take a look at the free demos of these toolkits:
    - ISO 22301 Business Impact Analysis Toolkit https://advisera.com/27001academy/iso22301-business-impact-analysis-documentation-toolkit/
    - ISO 27001/ISO 22301 Risk Assessment Toolkit https://advisera.com/27001academy/iso-27001-22301-risk-assessment-toolkit/

  • Question about requirements

    No, everything is covered there. So for the periodic audits after 26th May 2021, you need to have in place the following elements for the MDR (point 17.-4 in the document that you referred to):

    a) Registration of economic operators and of devices (see Art. 31 MDR and Art. 29 MDR)
    b) Post market surveillance (PMS) (see Art. 83-86, 92 MDR including Annex III but without the PMS having to be an integral part of the QMS)
    c) Market surveillance (see Art. 93 – 100 MDR, but device standards to be met = Directives)
    d) Vigilance (see Art- 87-92 MDR)

  • Storing data on Google Suite/Drive

    We wondered if you could help us regarding the following. We would like to know:

    When collating our list of client emails when sending out a seasonal greeting (our annual Christmas email) we store the list on Google Suite/Drive, and also CETA - our facilities managing database. Is this permitted?

    Yes, the data controller can choose the means and purpose of data processing and Google is a third-party processor which claims to be compliant with EU GDPR.

    I update an online excel sheet which tracks which clients attend for which jobs. This is also stored on G Suite and CETA. Is this permitted?"

    Yes, you need to verify if any particular category of data is stored and if it is protected (maybe you can add a password to access the sheet in order to increase security).Remember to verify the Google G Suite privacy notice because the personal profile gives fewer security options compared to the business account.

    Here you can find some information on cybersecurity:

    If you need to have an overview on the EU GDPR compliance you can consider enrolling to our free EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

  • Rework procedure

    Rework procedure is just needed if the rework is possbile. As you know, it is mandatory to have a procedure to handle non conformities, and rework is one of the possibilities of treating a non conformity. That is why in our toolkit, we covered rework in documented procedure:  15_Procedure_for_Control_of_Non_Conforming_Products. 

     

  • Test method validation

    Validation must be performed in the cases when you are not able to verify the product by subsequent monitoring or measurements. Of course, validation of the product should be on the final product, not on the sample from the design. Therefore, as soon as you perform the transfer from the design to the real production, a process in which the final product will be produced must be validated. For more information on the validation, please provide a more specific question.

    In the following link you can find some more details for the validation process:

Page 169-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +