Search results

Home / Search

Category:
Select
Select

11277 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Auditing process

    First of all, you can start with checking the procedure, is there a procedure in place, who is responsible to carry out the procedure, to whom non-compliances products should be reported. Then you can check when the last time was reported non-conforming product and how it was resolved. Have any corrective actions been taken, what records are there about that? Review the evidence that the corrective action taken is effective.

    For more detail on this topic, you can see the following articles:

    You can see how we prepared the form for the non-conforming product so, maybe it will give you an idea about the additional questions:

    • Non-Conforming Product Record https://advisera.com/13485academy/documentation/non-conforming-product-record-iso-13485-2016/
    • Registry of Non-Conformities https://advisera.com/13485academy/documentation/registry-of-non-conformities-iso-13485-2016/

    • Clinical Evaluation for Class A Medical Software

      In Iso 13485:2016 there is a requirement 4.2.3 Medical device file. It is stated that for each medical device, the organization must establish and maintain files containing documents to demonstrate conformity to the requirement of this ISO standard, but also of applicable regulatory requirements. On the EU market, medical devices must be in compliance with MDR, and there is a requirement that within technical documentation there must be a clinical evaluation.

      For more information regarding the clinical evaluation for medical software please see the following guidance: https://ec.europa.eu/docsroom/documents/40323

    • GDPR - Credit card details

      Yes, under the legal basis of a contract. The data controller can process and store data required to perform a contract (book your room) and to fulfill with a legal obligation (i.e. anti-fraud, billing, taxation).

      Here you can find an article that explains the legal basis of data processing under GDPR.

      If you want to know more about the EU GDPR compliance, you can consider enrolling in our free online training EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

    • Business continuity terms

      Considering the definitions from ISO 22300 (which can be seen here - https://www.iso.org/obp/ui/#iso:std:iso:22300:ed-2:v1:en), Maximum Tolerable Period of Disruption (MTPD) and Maximum Acceptable Outage (MAO) are equivalent terms. The maximum Tolerable Downtime (MTD) term is not used by ISO 22301, but it is equivalent to MTPD and MAO: the maximum time business activities, in a given performance level, can be disrupted before the impact becomes unacceptable.

      This article will provide you a further explanation about ISO 22301 terminology:

       This material will also help you regarding ISO 22301:

    • Mandatory and non-mandatory documents

      1 - So what are the Documents needed to pass and What documents are NOT, and Still Pass the ISO 27001 cert?

      First of all, sorry for this confusion.

      Since you subscribed to Conformio, it will take care you have all the mandatory documents plus any nonmandatory documents that are the most appropriate for your situation.

      The mandatory documents required for ISO 27001 certification are:

      • Scope of the ISMS (clause 4.3)
      • Information security policy and objectives (clauses 5.2 and 6.2)
      • Risk assessment and risk treatment methodology (clause 6.1.2)
      • Statement of Applicability (clause 6.1.3 d)
      • Risk treatment plan (clauses 6.1.3 e, 6.2, and 8.3)
      • Risk assessment report (clauses 8.2 and 8.3)
      • Logs of user activities, exceptions, and security events (clauses A.12.4.1 and A.12.4.3)

      2 - Are you saying the List you show in the List are the Items We dont Need?

      Please not note that “commonly used documents” are nonmandatory documents that many organizations find useful to make the information security management system implementation and operation easier (and that’s why they are presented in this article). The need for these documents should be evaluated considering your organization's context.

      For further information about which documents to have, see:

    • ISO 27001 Lead Implementor - need to maintain certification

      Thank you for this question, Lee!
      After obtaining the certificate, the certificate is valid until the standard itself changes its version officially. Specifically for ISO 27001, minor changes have been made to the standard in 2017, but the current version of the standard remains ISO 27001:2013. From this, we conclude that the standard will not change very soon.

    • Procedure on personnel

      The ISO 17025:2017 clause on personnel is one of the most stringent in terms of mandatory requirements for a procedure and retaining records. The procedure must explain firstly how the personnel needs of the laboratory are determined (6.2.5a). Then the recruitment, training, supervision and authorisation process must be explained (6.2.5 b to e).  You need evidence (records) for each step, including evidence of competence. Only once personnel have the required competence level, can they work on their own.

      For further assistance, have  a look at the Advisera Expert Advice Community answers on personnel training (https://community.advisera.com/topic/personnel-training/) and deeming someone competent for more information (https://community.advisera.com/topic/how-training-should-someone-have-before-they-are-deemed-competent-for-a-specific-task/)

      The whitepaper Clause-by-clause explanation of ISO 17025:2017 will assist you with overall ISO 17025 awareness for Personnel requirements. It is available at https://info.advisera.com/17025academy/free-download/clause-by-clause-explanation-of-iso-17025/

      For more information on competence, have a look at the article How to manage competence in a laboratory according to ISO 17025, available at https://advisera.com/17025academy/blog/2021/05/20/how-to-manage-competence-in-a-laboratory-according-to-iso-17025/.

      The Advisera ISO 17025 toolkit includes the mandatory personnel procedure as ISO 17025 document template: Competence, Training and Awareness Procedure along with 4 appendices: Training Program, Training Record and Performance Monitoring, Record of Attendance and Competence. You can preview the template at https://advisera.com/17025academy/documentation/competence-training-and-awareness-procedure/

    • Article 1÷

      Thank you very much.  Your advice and your service here is priceless.  I will check with the UK Commissioner.  I guess as it is not a Data Breach I will not be entitled to any compensation.

      I think the Data Processor should also have told me that they were processing my sensitive data or at least checked that the Data Controller had informed me.

    • Text source about obligation to have IT Security Structure in place on premises

      The GDPR only states that the data controller must ensure that data are “processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures (‘integrity and confidentiality).” (Article 5 paragraph 1, f) GDPR)Article 32 GDPR, among the obligation of the data controller, states that:“Taking into account the state of the art, the costs of implementation and the nature, scope, context, and purposes of the processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller, and the processor, shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:

      A) the pseudonymization and encryption of personal data;

      B) the ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services;

      C) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;

      D) a process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing. In assessing the appropriate level of security account shall be taken in particular of the risks that are presented by processing, in particular from an accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored, or otherwise processed.

      Setting access policies and determining roles and responsibilities is considered an organizational security measure and of course there is no indication of what technical security measures must be applied, the aim of GDPR is to be technological neutral but ISO27001 standard on the security of information can be a good guide.

      Here you can find some information on security aspects and GDPR:

      If you want to know more about the EU GDPR compliance, you can consider enrolling in our free online training EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

    • Email marketing

      It depends on the country you are located in. I would choose a consultant from where I'm based in order to have an idea of the privacy legislation which applies to my current situation.
Page 170-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +