Search results

Home / Search

Category:
Select
Select

11272 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Coding records

    You do not need to code records if it is not suitable for you. The point of the code is that you can differentiate your records. So any system that will allow you how to differentiate records is good. This way of coding in our documentation toolkit was just a suggestion, the way that we considered to be the best. But, do it as it is logical for you.

    Your documentation must suit your company, organizational, and process needs

    Considering the example from your question: 

    If you decide to you codes on the record, then one code will be for one type of the record. It means, that if you have a record PR-001-F, each time when your employee will use this form it will be written on it. It does not depend on the date of issue of that record or the content of the record. The code always stays the same. Some clients put that code in the header or footer.

    Considering the records that run automatically like backup logs - yes you can add that code to the file name of the backup

    More information about document management you can find on the following link:

    • Common mistakes with ISO 13485:2016 documentation control and how to avoid them https://advisera.com/13485academy/blog/2018/03/14/common-mistakes-with-iso-134852016-documentation-control-and-how-to-avoid-them/
    • How to structure Quality Management System documentation according to ISO 13485 https://advisera.com/13485academy/knowledgebase/how-to-structure-quality-management-system-documentation-according-to-iso-13485/

    • Working Instructions for testers under accreditation

      You asked

      Working Instructions for testers under accreditation – is there recommended form and will we receive it?

      Within ISO 17025 there are certain mandatory procedures, documented processes and records required. Work Instructions (WI) can be used when detailed information is needed about how to do a task. There is no prescribed way a WI must be presented. An instruction could be in the form of a written text in a document, workflow of steps, a graphic illustration, series of photographs and or a video.  Either way WIs should be sequential, logical and to the point, menaing clear to follow. The design will depend on your needs. Within the ISO 17025 Academy toolkit, there are a number of procedures and forms, including checklists that contain the information to complete a process. These can be used to write a step by step work instruction. To preview the toolkit see https://advisera.com/17025academy/iso-17025-documentation-toolkit/

      You also asked

      Is it possible to receive support for the structure of the Lab and it place in our organization chart – to be acceptable for accreditation body?

      Simply answered any structure is acceptable where there is overall management, clearly defined roles and there is no conflict of interest. Responsibilities and authorities must be defined, and the structure must safeguard impartiality, confidentiality and drive the objectives of the laboratory.

      Please have a look at my reply to a question Key positions in ISO 17025, at https://community.advisera.com/topic/key-positions-in-iso-17025/ where this is answered. You can also view a preview of the Quality Manual that covers this, available from https://advisera.com/17025academy/iso-17025-documentation-toolkit/ Also feel free to download a complimentary white paper Clause-by-clause explanation of ISO 17025:2017 at https://info.advisera.com/17025academy/free-download/clause-by-clause-explanation-of-iso-17025/, where Structural requirements are explained in section 5.

    • Measuring success of Information Security

      Thank you. Your explanations are clear and understandable.

    • ISO 9001 Engineering drawing

      Unfortunately, there is no guide.  ISO 9001 has no universal guide for archiving records. It is up to each organization to decide how to do it.

      Records are like the memory of an organization. Without memory, learning happens very slowly.

      Two things about records: accessibility and protection.

      How authorized persons can easily find the records they are searching for: where are they located, how are they compiled (topic), how are they organized (how to search – date, alphabetically, numerically, …), for how long they will be kept?

      About protection think about how to guarantee that unauthorized persons have access to them, think about how to protect them from accidents (fire, flood, …)

      You can find more information about documentation below:

    • Política de uso de criptografia

      Para mais informações sobre o uso de criptografia de acordo com a ISSO 27001, por favor veja:

      Este material também pode ser útil:

      Caso você ainda tenha alguma dúvida específica, você pode fazer uma pergunta em nossa comunidade: https://community.advisera.com/

    • Encryption Use Policy

      For more information on the use of encryption according to ISO 27001, please see:

      This material will also help you regarding cryptography:

      If you still have a specific question, you can ask a question in our community: https://community.advisera.com/

    • Additional requirement to ISO13485 that has to be addressed for MDSAP

      The Medical Device Single Audit Program (MDSAP) is a program that allows the conduct of a single regulatory audit of a medical device manufacturer’s quality management system that satisfies the requirements of multiple regulatory jurisdictions.

      MDSAP is based on ISO 9001:2015 so the following aspects are not covered in the ISO 13485:2016:

      • Context of the manufacturer
      • Interested parties
      • Business risk assessment

      What are more differences between ISO 9001:2015 and ISO 13485:2016 you can see on the following link:

      • Similarities and differences between ISO 9001:2015 and ISO 13485:2016 https://advisera.com/9001academy/blog/2015/01/21/iso-9001-vs-iso-13485/

      • ISMS Controls

        1 - I would like to know more about the Controls, are there any categories for controls ??

        The 114 controls from ISO 27001 Annex A are organized into 14 sections (domains):

        • A.5 Information security policies – controls on how the policies are written and reviewed
        • A.6 Organization of information security – controls on how the responsibilities are assigned; also includes the controls for mobile devices and teleworking
        • A.7 Human resources security – controls prior to employment, during, and after the employment
        • A.8 Asset management – controls related to inventory of assets and acceptable use; also for information classification and media handling
        • A.9 Access control – controls for the management of access rights of users, systems, and applications, and for the management of user responsibilities
        • A.10 Cryptography – controls related to encryption and key management
        • A.11 Physical and environmental security – controls defining secure areas, entry controls, protection against threats, equipment security, secure disposal, Clear Desk, and Clear Screen Policy, etc.
        • A.12 Operational security – lots of controls related to the management of IT production: change management, capacity management, malware, backup, logging, monitoring, installation, vulnerabilities, etc.
        • A.13 Communications security – controls related to network security, segregation, network services, transfer of information, messaging, etc.
        • A.14 System acquisition, development, and maintenance – controls defining security requirements, and security in development and support processes
        • A.15 Supplier relationships – controls on what to include in agreements, and how to monitor the suppliers
        • A.16 Information security incident management – controls for reporting events and weaknesses, defining responsibilities, response procedures, and collection of evidence
        • A.17 Information security aspects of business continuity management – control requiring the planning of business continuity, procedures, verification and reviewing, and IT redundancy
        • A.18 Compliance – controls requiring the identification of applicable laws and regulations, intellectual property protection, personal data protection, and reviews of information security

        For further information, see:

        This material also can help you:

        2 - Important controls / not so important controls ??

        Please note that controls' importance will depend on the results of risk assessment and applicable legal requirements, so before getting this information you should avoid trying to give some importance degree to controls, because you risk super estimating or underestimating controls, and this can negatively impact your risk management process.

        This article will provide you a further explanation about selecting controls:

        This material will also help you regarding risk management:

      • Business abiding by ISO 27001 when using BYOD policy

        First of all, you have to perform a risk assessment to identify which risks related to BYOD practice you have to treat, and which legal requirements (e.g., clauses of contracts, laws, or regulations) you have to fulfill. After that, you have to identify proper controls to be implemented. In general, to secure BYOD practices you have to consider the following controls:

        • A.6.2.1 Mobile device policy
        • A.6.2.2 Teleworking
        • A.13.2.1 Information transfer policies and procedures
        • A.13.2.3 Electronic messaging

        Normally, these are implemented through a BYOD policy, which you can see how it looks like at this link: https://advisera.com/27001academy/documentation/bring-your-own-device-byod-policy/

        This article will provide you a further explanation about BYOD policy:

        These materials will also help you regarding BYOD policy and for training and awareness:

      • Fulfilling documentation requirements of ISO 13485 and MDR in Quality Management System and demonstrating it in matrix

        MDR requires manufacturers to have implemented a quality management system. Requirements regarding the quality management system are stated in Article 10, clause 9. All requirements from the ISO 13485 are in that clause. However, there are some additional requirements like the requirement to document strategy for regulatory compliance, to document the process of issuing UDI number, and fulfillment of the General safety and performance requirements.

        Therefore, if you have prepared the QMS according to the ISO 13485, all you have to do is:

        • to prepare those additional requirements and put them on the list of documents
        • to define who is responsible for performing those processes.

        For more information, see:

        On the following link you can see how our documentation toolkit looks like:

        Following link regarding the documentation requirements for both ISO 13485 and MDR can be helpful:
Page 183-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +