Search results

Home / Search

Category:

Sort by:

Select

Types of user:

Select

11277 results

Guest

Create New Topic As guest or Sign in

Business department* About business* Organization size*

Title *

Body *

HTML tags are not allowed

Category *

Select

Assign topic to the user

Select user

Xl sheet

All Type A and Type B standard uncertainties must be combined to calculate combined standard uncertainty and then an expanded uncertainty. The specific mathematical, statistical aspects are not part of the scope of the ISO 17025 Academy toolkit. I suggest you look to sector guidelines and the references in the ISO 17025 Toolkit. The Evaluation of Measurement Uncertainty Procedure and associated checklists at https://advisera.com/17025academy/iso-17025-documentation-toolkit/ guides you on what is required to meet ISO 17025 requirements.
Stage 1 and stage 2 in internal audit

Specific questions will depend on each audited control, but generally speaking, the questions are related to:
- how actions are performed. E.g., how do you perform backup procedures?
- information knowledge. E.g., what can you tell me about the information security policy?

Additionally, verifications can be made by observing behavior, like asking someone to do something to keep him/her away from his/her workstation and see if the person locks his/her computer when he/she leaves, or by asking for evidence demonstration, like requiring to see the reported incidents from last week.

The important thing is that audit questions are open questions, i.e., they cannot be answered simply by a Yes or No, the answer needs to be developed by the auditee.

In the ISO 27001 Internal Auditor Online Course you bought you can find more details in Module 10 - The main audit “Interviewing techniques”

These articles will provide you a further explanation about auditor questions:

- Which questions will the ISO 27001 certification auditor ask? https://advisera.com/27001academy/blog/2015/07/20/which-questions-will-the-iso-27001-certification-auditor-ask/
- How to make an Internal Audit checklist for ISO 27001 / ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/
Data Protection Legislation

I am afraid that you will need a Data Protection Officer and a Data Protection Impact Assessment because your organization is going to process on a large scale the health data which belong to a particular category of data under Article 9 GDPR.

Here you can find more information about the DPO and the DPIA process:
- How to hire the right DPO? https://advisera.com/eugdpracademy/blog/2018/08/27/how-to-hire-the-right-dpo/
- 5 phases of the EU GDPR Data Protection Impact Assessment: https://advisera.com/eugdpracademy/knowledgebase/5-phases-of-the-eu-gdpr-data-protection-impact-assessment/
If you need to know how to implement GDPR in your organization you can consider enrolling in our free EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//
Requirement for Post Market Surveillance

According to Article 83 - Post-market surveillance system of the manufacturer - is stated that for each device, manufacturers shall plan, establish, document, implement, maintain and update a post-market surveillance system in a manner that is proportionate to the risk class and appropriate for the type of device. Then, in Article 85 - Post-market surveillance report - Manufacturers of class I devices shall prepare a post-market surveillance report summarising the results and conclusions of the analyses of the post-market surveillance data gathered as a result of the post-market surveillance plan.

Therefore, class I medical devices are not exempt from the post-market surveillance system.

More information on the Post-market surveillance system you can find on the following link:
- What are the post-market surveillance requirements in the MDR? https://advisera.com/13485academy/blog/2021/04/29/what-are-the-post-market-surveillance-requirements-in-the-mdr/
- Integration ISO 13485 & ISO 9001
  
  No, we do not have integrated ISO 9001 and ISO 13485. It is not necessary to have both standards. ISO 13485 is a quality management standard specially made for medical device manufacturers. Some manufacturers also have ISO 9001, so we left ISO 9001 in References for them.
  
  If you want to get ISO 9001 toolkit, you do not maybe need to buy the whole toolkit, only some documents according to which ISO 9001 differs from ISO 13485.
  
  Here you can find an article regarding similarities and differences between ISO 9001 and ISO1 3485:
  - Similarities and differences between ISO 9001:2015 and ISO 13485:2016 https://advisera.com/9001academy/blog/2015/01/21/iso-9001-vs-iso-13485/
  - Processore / Controllore
    
    "Salve, intanto la ringrazio per la risposta e le vorrei chiedere alcune cose in merito alla figura del "processore". Cosa fa a livello di raccolta dati personali il "processore"?Chi si può considerare "processore" all'interno di un'azienda?La posizione da "processore" può essere svolta da una figura esterna?"
    
    Il processore (responsabile del trattamento) è un soggetto esterno che tratta i dati per conto del controllore (titolare del trattamento), può anche raccogliere dati (ad esempio un fornitore del servizio di lead generation). Solitamente è il fornitore di un servizio (ad esempio il cloud che ospita i dati aziendali è un esempio di processore, oppure l'ufficio paghe che elabora le buste paghe dei dipendenti per conto del datore di lavoro). Non è una figura interna all'azienda.
    
    Forse sto facendo confuzione con la traduzione legale dall'inglese all'italiano di "Processor".
    
    Processor dovrebbe essere Responsabile del trattamento. Mentre il Controllore è il Titolare del Trattamento. Giusto?
    
    Esattamente.
  - Post-market surveillance
    
    This is a really helpful response to the question
  - Vigilance
    
    We are currently making update dof our toolkit and some more information will be covered until June 2021.
  - Corporate Branding policy
    
    For this purpose, you should consider at least these controls:
    - 18.1.2 Intellectual property rights: this one can be your main guidance on how to protect your corporate logo
    - A.15.1.2 Addressing security within supplier agreements: this one can help you control how your corporate logo should be used by your suppliers.
    These materials will help you regarding security controls:
    - ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +

Search results

11277 results

Create New Topic As guest or Sign in

Assign topic to the user

Want to vote?

Xl sheet

Stage 1 and stage 2 in internal audit

Data Protection Legislation

Requirement for Post Market Surveillance

Integration ISO 13485 & ISO 9001

Processore / Controllore

Post-market surveillance

Vigilance

Corporate Branding policy

Didn’t find an answer?