Search results

Admin verification checks and physical verification checks

No, we do not have such a checklist. But, maybe you can explain to us what do you need from that kind of list, what will be the purpose of that checklist, so maybe we have it in our toolkit under a different form.

EU GDPR breach

Google is committed to complying with GDPR requirements in offering services to its Clients, so along you set up correctly your privacy and cookies notice in your website and ask consent to visitors for targeting/marketing purposes you should be ok with GDPR requirements offering to the services offered by Google Analytics.

Here you can find more information about how to comply with GDPR in online marketing

• Everything you need to know about the GDPR Privacy Notice: https://advisera.com/articles/gdpr-privacy-notice-6-key-elements-to-include/
• How does GDPR affect digital marketing? https://advisera.com/eugdpracademy/blog/2019/02/20/how-does-gdpr-affect-digital-marketing/

If you want to learn how to comply with EU GDPR requirements you may consider enrolling in our free training EU GDPR Foundations course: https://advisera.com/training/eu-gdpr-foundations-course//

Environmental aspects/impact criteria

You determine a set of environmental aspects. Then, you evaluate and segregate the significant from the nonsignificant environmental aspects:

Organizations do not have enough resources to act upon every environmental aspect. Each organization has the authority to determine its own method to evaluate significant from nonsignificant aspects. Many organizations use, as criteria, the frequency or probability of the environmental aspect, the severity of its impact and the time needed to recover from impact.

Please check this information below with more detailed answers:

• Environmental aspect identification and classification - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/environmental-aspect-identification-and-classification/
• Free webinar - Free webinar - ISO 14001: Identification and evaluation of environmental aspects - https://advisera.com/14001academy/webinar/iso-14001-identification-and-evaluation-of-environmental-aspects-free-webinar-on-demand/
• Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/    
• Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/

Nature of impact

While implementing an environmental management system an organization determine its environmental aspects:

Environmental aspects are the ways an organization interacts with the environment.

For example, consider from the example above the environmental aspect related with wastewater discharge.

Organization A discharges wastewater in a river, after treatment in a wastewater treatment facility, and the wastewater quality is according to legislation and permit.

Organization B discharges wastewater in a river, without treatment in a wastewater treatment facility, and the wastewater quality is not according to legislation and permit.

Same environmental aspect, different consequences for the environment. An environmental impact considers the consequences of a particular aspect for the environment.

You can find more information below:

• How does product life cycle influence environmental aspects according to ISO 14001:2015? - https://advisera.com/14001academy/blog/2016/03/21/how-does-product-life-cycle-influence-environmental-aspects-according-to-iso-140012015/
• Enroll for free in this course – ISO 14001:2015 Lead Auditor Course - https://advisera.com/training/iso-14001-lead-auditor-course/
• Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/

Security of information that pertains to computers only

ISO 27001 aims to protect information wherever it is, and in any format, so it covers all media where information can be.

These articles will provide you a further explanation about ISO 27001:

• What is ISO 27001 https://advisera.com/27001academy/what-is-iso-27001/
• Where to start from with ISO 27001 https://advisera.com/27001academy/knowledgebase/iso-27001-where-to-start-most-important-materials/
• Why is ISO 27001 applicable also for paper-based information? https://advisera.com/27001academy/blog/2019/01/21/why-is-iso-27001-applicable-also-for-paper-based-information/

These materials will also help you regarding ISO 27001:

• Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
• Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

Control mapping document

Even though ISO 22301 lists no controls, upon results of the BIA and business continuity risk assessment, practically all controls described in ISO 27001 Annex A may be applicable to ISO 22301 business continuity plans (the exact mapping will depend upon results of the BIA and business continuity risk assessment).

ISO 27001 Annex A has a specific section to ensure the continuity of information security management during adverse situations, as well as the availability of information systems (controls from section A.17).

For more details on this subject, please take a look at these articles:

• Overview of ISO 27001:2013 Annex A https://advisera.com/27001academy/iso-27001-controls/
• How to structure the documents for ISO 27001 Annex A controls https://advisera.com/27001academy/blog/2014/11/03/how-to-structure-the-documents-for-iso-27001-annex-a-controls/
• How to use ISO 22301 for the implementation of business continuity in ISO 27001 https://advisera.com/27001academy/blog/2015/06/15/how-to-use-iso-22301-for-the-implementation-of-business-continuity-in-iso-27001/

These materials will also help you regarding ISO 27001 and ISO 22301:

• ISO 27001 vs. ISO 22301 matrix Download a free matrix (PDF) https://info.advisera.com/27001academy/free-download/iso-27001-vs-iso-22301-matrix
• Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/
• Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
• Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

Should we go for ISO 17025 compliance?

If you are referring to pharmaceutical product testing, or equipment calibration, then ISO 17025 is applicable. There are two important considerations. Firstly the regulatory authority in the country / region may have supplementary, mandatory requirements in addition to ISO 17025. Secondly, the companies in the retail sector have been expanding their services, so it will depend on what services you plan to offer them.

Besides usual main-stream medicines (e.g. scheduled drugs) and complementary health products (e.g. vitamin supplements); many retail pharmaceutical stores have clinics that administer vaccines. There is a need for calibration testing for vaccine storage as well as temperature monitoring equipment by ISO 17025 accredited calibration laboratories.  If you are referring to onsite diagnostic testing point-of-care testing (POCT), where rapid tests are used (ranging in complexity form dipsticks to more complex benchtop analyzers), accreditation to ISO 22870:2016 Point-of-care testing (POCT) - Requirements for quality and competence will be required. The associated standard that is used in conjunction with ISO 22870 is ISO 15189:2012 for Medical laboratories. There are many harmonized (aligned) requirements between these standards and ISO 17025.

I suggest you contact your national accreditation body for more information. For example, in the UK, see https://www.ukas.com/accreditation/standards/poct/. Note that typically, there are additional regulatory requirements for SARS-CoV-2 Point-of-Care and Rapid Testing.

ISO 22301/20000/27001 integration

ISO 27001, ISO 22301, and ISO 20000 have the same general structure, and this makes integrating them a lot easier. In the integration process you should consider two phases:

1 – Integration of the common parts of ISO management systems, e.g., control of documents, internal audit, management review, etc. These have basically all the same requirements, requiring only minor adjustments to refer to all systems covered.

2 – Implementation of elements that cannot be integrated (basically clauses 6 and 8 of each standard). Regarding ISO 27001, this means including in the organizational process the activities related to information security risk assessment and treatment processes, for ISO 22301 this means including in the organizational process the activities related to business continuity, and for ISO 20000 this means including in the organizational process the activities related to IT services management.

These articles will provide you a further explanation about integrating ISO management systems:
- How to implement integrated management systems https://advisera.com/articles/how-to-implement-integrated-management-systems/
- ISO 27001 vs. ITIL: Similarities and differences https://advisera.com/27001academy/blog/2016/03/07/iso-27001-vs-itil-similarities-and-differences/
- What to implement first: ISO 22301 or ISO 27001? https://advisera.com/27001academy/blog/2017/04/03/what-to-implement-first-iso-22301-or-iso-27001/

These materials will also help you regarding integrating ISO management systems:
- How to integrate ISO 27001 and IS O 20000 [free webinar on demand] https://advisera.com/27001academy/webinar/how-to-integrate-iso-27001-and-iso-20000-free-webinar-on-demand/
- ISO 27001 & ISO 22301: Why is it better to implement them together? [free webinar on demand] https://advisera.com/27001academy/webinar/iso-27001iso-22301-certification-process-free-webinar-demand/

ISO 27001 and NIST 800

First, let's understand both NIST and ISO 27001:
- NIST SP-800 series of documents provide detailed information about processes to select and implement controls for computer security
- ISO 27001 provides general requirements for the implementation, operation, control, and improvement of a management system to protect the information, regardless of the environment where it is (e.g., physical reports or digital databases). ISO 27001 provides protection through the selection of security controls described in Annex A, as well other controls that can be added by the organization.  

Considering that, you can use the ISO 27001 to implement the overall approach to protect the information, and after the identification of controls, you can use the NIST documents to implement the details for each control. For example, you can use information from SP 800-53 control for contingency plan testing to implement the Disaster Recovery Plan template.

These articles will provide you a further explanation about ISO 27001 and NIST:
- What is ISO 27001 https://advisera.com/27001academy/what-is-iso-27001/
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
- How to use NIST SP 800-53 for the implementation of ISO 27001 controls https://advisera.com/27001academy/blog/2016/05/10/how-to-use-nist-sp-800-53-for-the-implementation-of-iso-27001-controls/

Budgeting the EU MDR implementation

Let me see if I understand your question properly. You are asking what is the budget for the implementation of the ISO 13485 and Medical device regulation 2017/745 in your department. Considering the ISO 134b5, we can only state the approximate costs of the documentation toolkit. We do not know the prices of the notified bodies, especially now when the prices with MDR are much higher.

So, on the following link you can see what Documentation toolkit packages we are offering and what each package contains (how much time with the consultant in 1 & 1 meeting, how many e-mails, and how many documents we can review):

• ISO 13485:2016 documentation toolkit https://advisera.com/13485academy/iso-13485-documentation-toolkit/
• ISO 13485:2016 & MDR Integrated Documentation toolkit - https://advisera.com/13485academy/iso-13485-eu-mdr-documentation-toolkit/

At the end of each page, under the title NEED MORE SUPPORT? you will see the packages.