Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11275 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Need of explicit consent
Tecnically, your client is the data controller who should acquire consent before sharing its clients' data with third parties. You could send a cold email under legitimate interest and acquire consent acting as a data controller.
-
Quality manual & Procedure under the ISO 13485:2016
That's a really great post describes all the important points which are very useful to get ISO 13485 Manual. Get more information about ISO 13485 Manual on
-
ISO2 7001 / 2 website changes
ISO 27001:2013 was confirmed by its responsible committee on 2019 review, and it will not undergo a new review for some years. No changes were required in our material.
Regarding ISO 27002:2013, it is under review at this moment (current DIS is available at https://www.iso.org/obp/ui/#iso:std:iso-iec:27002:dis:ed-3:v1:en) and the new ISO 27002 will be published in 2022, and by then we will of course make all necessary changes.
-
Admin verification checks and physical verification checks
No, we do not have such a checklist. But, maybe you can explain to us what do you need from that kind of list, what will be the purpose of that checklist, so maybe we have it in our toolkit under a different form.
-
EU GDPR breach
Google is committed to complying with GDPR requirements in offering services to its Clients, so along you set up correctly your privacy and cookies notice in your website and ask consent to visitors for targeting/marketing purposes you should be ok with GDPR requirements offering to the services offered by Google Analytics.
Here you can find more information about how to comply with GDPR in online marketing
- Everything you need to know about the GDPR Privacy Notice: https://advisera.com/articles/gdpr-privacy-notice-6-key-elements-to-include/
- How does GDPR affect digital marketing? https://advisera.com/eugdpracademy/blog/2019/02/20/how-does-gdpr-affect-digital-marketing/
If you want to learn how to comply with EU GDPR requirements you may consider enrolling in our free training EU GDPR Foundations course: https://advisera.com/training/eu-gdpr-foundations-course//
-
Environmental aspects/impact criteria
You determine a set of environmental aspects. Then, you evaluate and segregate the significant from the nonsignificant environmental aspects:
Organizations do not have enough resources to act upon every environmental aspect. Each organization has the authority to determine its own method to evaluate significant from nonsignificant aspects. Many organizations use, as criteria, the frequency or probability of the environmental aspect, the severity of its impact and the time needed to recover from impact.
Please check this information below with more detailed answers:
- Environmental aspect identification and classification - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/environmental-aspect-identification-and-classification/
- Free webinar - Free webinar - ISO 14001: Identification and evaluation of environmental aspects - https://advisera.com/14001academy/webinar/iso-14001-identification-and-evaluation-of-environmental-aspects-free-webinar-on-demand/
- Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
- Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/
-
Nature of impact
While implementing an environmental management system an organization determine its environmental aspects:
Environmental aspects are the ways an organization interacts with the environment.
For example, consider from the example above the environmental aspect related with wastewater discharge.
Organization A discharges wastewater in a river, after treatment in a wastewater treatment facility, and the wastewater quality is according to legislation and permit.
Organization B discharges wastewater in a river, without treatment in a wastewater treatment facility, and the wastewater quality is not according to legislation and permit.
Same environmental aspect, different consequences for the environment. An environmental impact considers the consequences of a particular aspect for the environment.
You can find more information below:
- How does product life cycle influence environmental aspects according to ISO 14001:2015? - https://advisera.com/14001academy/blog/2016/03/21/how-does-product-life-cycle-influence-environmental-aspects-according-to-iso-140012015/
- Enroll for free in this course – ISO 14001:2015 Lead Auditor Course - https://advisera.com/training/iso-14001-lead-auditor-course/
- Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/
-
Security of information that pertains to computers only
ISO 27001 aims to protect information wherever it is, and in any format, so it covers all media where information can be.
These articles will provide you a further explanation about ISO 27001:
- What is ISO 27001 https://advisera.com/27001academy/what-is-iso-27001/
- Where to start from with ISO 27001 https://advisera.com/27001academy/knowledgebase/iso-27001-where-to-start-most-important-materials/
- Why is ISO 27001 applicable also for paper-based information? https://advisera.com/27001academy/blog/2019/01/21/why-is-iso-27001-applicable-also-for-paper-based-information/
These materials will also help you regarding ISO 27001:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
-
Control mapping document
Even though ISO 22301 lists no controls, upon results of the BIA and business continuity risk assessment, practically all controls described in ISO 27001 Annex A may be applicable to ISO 22301 business continuity plans (the exact mapping will depend upon results of the BIA and business continuity risk assessment).
ISO 27001 Annex A has a specific section to ensure the continuity of information security management during adverse situations, as well as the availability of information systems (controls from section A.17).
For more details on this subject, please take a look at these articles:
- Overview of ISO 27001:2013 Annex A https://advisera.com/27001academy/iso-27001-controls/
- How to structure the documents for ISO 27001 Annex A controls https://advisera.com/27001academy/blog/2014/11/03/how-to-structure-the-documents-for-iso-27001-annex-a-controls/
- How to use ISO 22301 for the implementation of business continuity in ISO 27001 https://advisera.com/27001academy/blog/2015/06/15/how-to-use-iso-22301-for-the-implementation-of-business-continuity-in-iso-27001/
These materials will also help you regarding ISO 27001 and ISO 22301:
- ISO 27001 vs. ISO 22301 matrix Download a free matrix (PDF) https://info.advisera.com/27001academy/free-download/iso-27001-vs-iso-22301-matrix
- Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
-
Should we go for ISO 17025 compliance?
If you are referring to pharmaceutical product testing, or equipment calibration, then ISO 17025 is applicable. There are two important considerations. Firstly the regulatory authority in the country / region may have supplementary, mandatory requirements in addition to ISO 17025. Secondly, the companies in the retail sector have been expanding their services, so it will depend on what services you plan to offer them.
Besides usual main-stream medicines (e.g. scheduled drugs) and complementary health products (e.g. vitamin supplements); many retail pharmaceutical stores have clinics that administer vaccines. There is a need for calibration testing for vaccine storage as well as temperature monitoring equipment by ISO 17025 accredited calibration laboratories. If you are referring to onsite diagnostic testing point-of-care testing (POCT), where rapid tests are used (ranging in complexity form dipsticks to more complex benchtop analyzers), accreditation to ISO 22870:2016 Point-of-care testing (POCT) - Requirements for quality and competence will be required. The associated standard that is used in conjunction with ISO 22870 is ISO 15189:2012 for Medical laboratories. There are many harmonized (aligned) requirements between these standards and ISO 17025.
I suggest you contact your national accreditation body for more information. For example, in the UK, see https://www.ukas.com/accreditation/standards/poct/. Note that typically, there are additional regulatory requirements for SARS-CoV-2 Point-of-Care and Rapid Testing.