Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • PMS process

    This document, Post-Market Surveillance Report, is a report that you need to have for class I medical devices and that you will submit it for the audit.

    You can use any form for presenting data that you find useful, both figures and graphical form with appendices.

  • GDPR and DPA Genome/Sensitive data

    Who collected the genetic data? A hospital? A research lab? The data subject should contact the data controller who collected the data and exercise the right of erasure according to the privacy notice.

    The data controller will verify if the request can be fulfilled or not. Member States may introduce specific limitations to data subjects' rights (even to the sensitive data under Article 9 GDPR) in order to protect scientific research programs, for example. So maybe there is a legitimate base to keep the genetic data in the database without the consent of the data subject.

    Controller processing genetic data should have a Data Protection Officer (DPO), so the data subject may contact the DPO in order to have clarification.

    Here you can find more information about consent:

    If you need to understand how to process consent under GDPR, you can consider enrolling in our free online training EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

  • Quality audit in manufacturing company

    We can have vertical and horizontal audits. A horizontal audit is when you audit one process across many departments in the organization. A vertical audit is when you audit all the processes used by a department. Process audits are another name for horizontal audits. You can find more information in this article - ISO 9001 Horizontal audit vs. vertical audit - https://advisera.com/9001academy/blog/2015/03/03/iso-9001-horizontal-audit-vs-vertical-audit/

    We can have also product audits.

    The following material will provide you information about audits:

  • Scope as a data controller

    Yes, it is correct, you listed the cases in which your company will act as a data controller. In these cases, in fact, you decide the purpose and means of data processing: the management of the employment relationship, your website, the relationship with your clients, and your suppliers. On the contrary, your app provides a service that other companies (your clients) will use, so all data that you will collect and process through your SaaS will be processed on behalf of your clients, which is the definition of a data processor.

    As a data controller, you are responsible for fair, transparent, and correct data processing, you need to provide information about your processing, collect consent and guarantee that data subjects can exercise their rights. You need to comply with all obligations that the GDPR requires the controller to comply with as stated in Article 24 GDPR.

    Here you can find more information about the distinction between the data controller and data processor:

    If you want to learn how to comply with EU GDPR requirements you may consider enrolling in our free training EU GDPR Foundations course: https://advisera.com/training/eu-gdpr-foundations-course//

  • Concern points 4 and 5 of document procedure for document and record

    Regarding section 4, please note that in clause 7.5.3, ISO 27001:2013 explicitly requires you to control documents of external origin that are important for your ISMS, and this section defines how you fulfill this requirement. External documents are any documents not owned or controlled by an organization that is required to its operation, either mandatory or voluntarily adopted. Examples of external documents to be controlled are Laws (e.g., SOX and EU GDPR), standards and regulations (e.g., the ISO 27001 itself), and documents and records from customers, suppliers, and partners (e.g., contracts, service agreements, product/service specification, operation manuals, etc.)

    Regarding section 5, it defines how the incoming mail register is stored and protected. The incoming mail register is not a mandatory document, so you can simply have a table where you register who received some important external document, or where such a document is stored.

    This article can provide you additional information:

    This material will also help you regarding control of documents:

    • Free video tutorial that you received as part of your toolkit: How to Write ISO 27001/ISO 22301 Document Control Procedure

    This material will also help you regarding document management:

  • Trends in OH & S Performance

    Thank you very much for the explanation. This is really helpful.

  • Best practice approaches related to the Asset Inventory

    In case these SaaS accounts are used to access or handle information that is part of the ISMS scope you are working on, the best approach would be for you to include them as outsourced services in your inventory. In case all these accounts refer to the same service, you only need to add a single register in your inventory (e.g., SaaS solutions for data storage, e-mail, collaborative software, etc.).

    This article will provide you a further explanation about assets management:

  • ISO 9001 and ISO 17025 certification

    No, having ISO 9001 certification does not mean a laboratory has ISO 17025 accreditation. ISO 9001 certification is acknowledgement that the laboratory has successfully implemented a quality management system in accordance to the requirements of ISO 9001 standard. This is not the same as achieving ISO 17025 accreditation. ISO 17025 has requirements that include the ISO 9001 management components; but many other related to technical competency.

    For more information, see ISO 17025 – Main guidelines at https://advisera.com/17025academy/what-is-iso-17025/  and the article ISO 17025 vs. ISO 9001 – Similarities and differences at https://advisera.com/17025academy/blog/2019/07/11/iso-17025-vs-iso-9001-main-differences-and-similarities//

  • Difference between controls

    Please note that ISO 27001 requirements for the Information Security Policy (clause 5.2) do not prescribe that controls need to be implemented based on the Information Security Policy. The purpose of the Information Security Policy is to set the organization’s high-level expectations for information security (e.g., information security objectives, fulfillment of legal requirements, commitment, etc.).

    The definition of controls to be implemented is prescribed by clause 6.1.3 “b” (information security risk treatment).

    This article will provide you a further explanation about the selection of controls:

    These materials will also help you regarding selection of controls:
Page 180-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +