Search results

Is ISO 22301 mandatory for audits?

Please note that an ISO management standard is mandatory for an audit only if you are certified on that standard, or in case you have to comply with a law, regulation, or contract that demands the application of the standard during an audit.  

In case these situations do not apply to you, the standard is not mandatory in an audit.

These articles will provide you a further explanation about the identification of legal requirements (the same concept applies for both ISO 22301 and ISO 13485):

• How to identify ISMS requirements of interested parties in ISO 27001 https://advisera.com/27001academy/blog/2017/02/06/how-to-identify-isms-requirements-of-interested-parties-in-iso-27001/
• How to make an Internal Audit checklist for ISO 27001 / ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/

Multiple titles

Yes, you can have two business cards. 

Enforcing the quality management system requirements

Mark hit it on the head. While QA really has no power to enforce requirements for leadership, you can always remind them that corrective action requirements, including obviously internal audit findings and/or 2nd and 3rd party audit findings that drive CARS/SCARS/RCA and follow up audits to ensure the corrective actions that were initiated are effective, are the ONLY requirments of AS9100 that a CB 3rd party auditor can pull your cert immediately. I've witnessed this in action. The CB auditor physically pulled the framed cert off the wall on his way out and after reporting to the CB, the cert was revoked within 3 days. This means this info is available on the IAQG website and your basically out of business. So, if they like the fat paychecks executives tend to receive, it's in their best interest to support the QMS to their fullest extent, it's a requirement of the standard. So, the 3rd party auditor would write up Majors on leadership as well as lack of continuous improvement through the methods I mentioned. Hope this helps!

Applicable exclusion from standard

In our documentation toolkit, in 03_Quality_Manual_Premium_EN, in section 2.1 you can state all requirements that are not applicable for your company, with proper justification.

Need of explicit consent

Tecnically, your client is the data controller who should acquire consent before sharing its clients' data with third parties. You could send a cold email under legitimate interest and acquire consent acting as a data controller.

Quality manual & Procedure under the ISO 13485:2016

That's a really great post describes all the important points which are very useful to get ISO 13485 Manual. Get more information about ISO 13485 Manual on 

ISO2 7001 / 2 website changes

ISO 27001:2013 was confirmed by its responsible committee on 2019 review, and it will not undergo a new review for some years. No changes were required in our material.

Regarding ISO 27002:2013, it is under review at this moment (current DIS is available at https://www.iso.org/obp/ui/#iso:std:iso-iec:27002:dis:ed-3:v1:en) and the new ISO 27002 will be published in 2022, and by then we will of course make all necessary changes.

Admin verification checks and physical verification checks

No, we do not have such a checklist. But, maybe you can explain to us what do you need from that kind of list, what will be the purpose of that checklist, so maybe we have it in our toolkit under a different form.

EU GDPR breach

Google is committed to complying with GDPR requirements in offering services to its Clients, so along you set up correctly your privacy and cookies notice in your website and ask consent to visitors for targeting/marketing purposes you should be ok with GDPR requirements offering to the services offered by Google Analytics.

Here you can find more information about how to comply with GDPR in online marketing

• Everything you need to know about the GDPR Privacy Notice: https://advisera.com/articles/gdpr-privacy-notice-6-key-elements-to-include/
• How does GDPR affect digital marketing? https://advisera.com/eugdpracademy/blog/2019/02/20/how-does-gdpr-affect-digital-marketing/

If you want to learn how to comply with EU GDPR requirements you may consider enrolling in our free training EU GDPR Foundations course: https://advisera.com/training/eu-gdpr-foundations-course//

Environmental aspects/impact criteria

You determine a set of environmental aspects. Then, you evaluate and segregate the significant from the nonsignificant environmental aspects:

Organizations do not have enough resources to act upon every environmental aspect. Each organization has the authority to determine its own method to evaluate significant from nonsignificant aspects. Many organizations use, as criteria, the frequency or probability of the environmental aspect, the severity of its impact and the time needed to recover from impact.

Please check this information below with more detailed answers:

• Environmental aspect identification and classification - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/environmental-aspect-identification-and-classification/
• Free webinar - Free webinar - ISO 14001: Identification and evaluation of environmental aspects - https://advisera.com/14001academy/webinar/iso-14001-identification-and-evaluation-of-environmental-aspects-free-webinar-on-demand/
• Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/    
• Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/