Search results

Implementing and verifying items

I’m assuming you are referring to ISO 27001.

Considering that, to implement ISO 27001, broadly speaking, after getting support for your project (through approval of the ISMS project plan) and approval of the Procedure for Document and Record Control, you should consider these steps:

• defining ISMS basic framework (e.g., scope, objectives, organizational structure), by understanding the organizational context and requirements of interested parties;
• development of risk assessment and treatment methodology;
• perform a risk assessment and define the risk treatment plan;
• controls implementation (e.g., policies and procedures documentation, acquisitions, etc.);
• people training and awareness;
• controls operation;
• performance monitoring and measurement;
• perform an internal audit;
• perform management critical review; and
• address nonconformities, corrective actions, and opportunities for improvement.

To see how documents compliant with ISO 27001 look like, I suggest you take a look at the free demo of our ISO 27001 Documentation Toolkit at this link: https://advisera.com/27001academy/iso-27001-documentation-toolkit/

This article will provide you a further explanation of ISMS implementation:

• ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/

These materials will also help you regarding ISO 27001 implementation:

• How to use a Documentation Toolkit for the implementation of ISO 27001 / ISO 22301 [free webinar on demand] https://advisera.com/27001academy/webinar/how-to-use-a-documentation-toolkit-for-the-implementation-of-iso-27001-free-webinar-on-demand/
• Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
• ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

How is the compliance of each ITEM verified?

Compliance verification is performed by means of an internal audit. For the preparation for an internal audit you should consider these general steps:

• identification of the audit scope (is it the whole scope or only part of it?)
• review of the ISMS documents related to the audit scope (e.g., policies, procedures, and records), considering the main clauses from the standard (from sections 4 to 10), and controls from Annex A stated as applicable in your Statement of Applicability (SoA). 
• review the status of the actions related to the decisions made in the last management review.
• review the status of the raised nonconformities and opportunities for improvement.

These articles will provide you a further explanation about internal audit:

• How to prepare for an ISO 27001 internal audit https://advisera.com/27001academy/blog/2016/07/11/how-to-prepare-for-an-iso-27001-internal-audit/
• Qualifications for an ISO 27001 Internal Auditor https://advisera.com/27001academy/blog/2015/03/30/qualifications-for-an-iso-27001-internal-auditor/

These materials will also help you regarding internal audit:

• ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
• Free online training ISO 27001:2013 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/

ISO 14001 PESTLE analysis

Factors from a PESTLE analysis are external issues. Considering your organization’s strategic orientation and relevant interested parties you can classify those factors as positive or negative (opportunities or threats). If you do the same exercise for internal factors you can classify them as positive or negative (strengths or weaknesses).

Now, you can match opportunities with strengths or weaknesses, and you can match threats with strengths or weaknesses, and what you get is a set of risks and opportunities.

Although about ISO 9001, perhaps the technique that I use and present in this free webinar on-demand - Context of the organization, interested parties, and scope - - may be useful for you to work with context and interested parties to determine risks.

Please check this information below with more detailed answers:

• ISO 14001 risks and opportunities vs. environmental aspects - https://advisera.com/14001academy/blog/2016/03/21/how-does-product-life-cycle-influence-environmental-aspects-according-to-iso-140012015/
• ISO 14001 document template: Procedure for Identification and Evaluation of Environmental Aspects and Risks - https://advisera.com/14001academy/documentation/procedure-for-identification-and-evaluation-of-environmental-aspects/
• Enroll for free in this course – ISO 14001:2015 Lead Auditor Course - https://advisera.com/training/iso-14001-lead-auditor-course/
• Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/

ISO 14001 benefits

Start by reading these articles - 6 Key Benefits of ISO 14001 - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/6-key-benefits-of-iso-14001/ and - ISO 14001: The benefits for customers - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/ - can you use one or more topics from the articles to support your proposal. Can your organization win new clients that demand ISO 14001 certification? Can your organization reduce costs due to a systematic improvement of environmental issues? For example, while implementing an environmental management system I was able to reduce costs and improve productivity by changing to water-based adhesives instead of solvent-based ones.

You can find more information below with more detailed answers:

• Project checklist for ISO 14001 implementation - https://info.advisera.com/14001academy/free-download/project-checklist-for-iso-14001-implementation
• ISO 14001:2015 Implementation diagram - https://info.advisera.com/14001academy/free-download/iso-14001-2015-implementation-diagram
• Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
• Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/

SCC

It is the adopted version (the old one) because the draft of new Standard Contractual Clauses (SCC) is not officially adopted. 

If you need to understand how to use SCC, you can consider enrolling in our free online training EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

Is explicit consent request necessary?

According to Article 8 GDPR, the processing of children’s data requires consent from their parents or from the person holding parental responsibility over them. Even if the legal ground is a contract, the child cannot enter into a contract without parental consent.Recently, some social networks had been fined by Surveillance Authorities because it was not implemented a system to verify the age of the user and require parental consent. 

LIMS validation

The Toolkit includes a Laboratory Information Management System (LIMS) Validation Register and generic template for a LIMS record. These are associated with the Quality Assurance Procedure. The record guides the user to record the purpose and type of test planned. Then the Test case and Procedure , Acceptance criteria and Comments / Action required can be recorded. All the other felds are provided, for example for additional comments / monitoring of risk, record of person performing the validation and approving the validation.

It is the laboratory’s role to identify the criteria and list them in the record. This reinforces the awareness and consideration of the needs. The latest Part 11, Electronic Records; Electronic Signatures - Scope and Application is available at https://www.fda.gov/regulatory-information/search-fda-guidance-documents/part-11-electronic-records-electronic-signatures-scope-and-application 
To view a preview of the Advisera 17025 toolkit and the LIMS register and record, you can go to https://advisera.com/17025academy/iso-17025-documentation-toolkit/

Retaining documented information

AS9100 Clause 8.2.3 is about the review of requirements for products and services, and clause 8.2.3.2 is a subclause to this. So in clause 8.2.3.1 you review if you are able to meet all of the requirements for your products and services (customer, legal, other), and clause 8.2.3.2 is telling you that you need to keep records on what you found in your review (the results of the review). For example, could you meet everything, did you change requirements due to customer agreement, etc.

As this is common to ISO 9001, you can read mor in this related 9001Academt article: How Product Requirements work in ISO 9001, https://advisera.com/9001academy/blog/2014/04/08/product-requirements-work-iso-9001/

What is perceived as a risk from production control?

Following questions can be asked when analyzing risks from production control:

• Are all checkpoints correctly identified and set?
• If you use any measuring equipment for the control, is that equipment properly maintained and calibrated (if applicable)?
• What is the sample size for control, whether the sample quantity is correctly defined with respect to the batch size?

It is not important what your prediction is that something will happen, but how much such a risk can have negative consequences for the user of the medical device (harm). Usually, if the prediction is very small, it just means that you keep that risk under very good control. The point is that the risk is there, that you have to recognize it and that you have to take all possible measures to reduce it to a minimum.

For more information regarding the risk in medical devices please see the following article:

• How to use ISO 14971 to manage risks for medical devices https://advisera.com/13485academy/blog/2017/09/21/how-to-use-iso-14971-to-manage-risks-for-medical-devices/

• LIMS validation record

  The validation record is generic and can typically be used as is for any sector. The record can be revised if necessary, or customised by the laboratory for a specific purpose. The record is a tool to “house” specific requirements that an individual laboratory has.

  What is important is that the laboratory has knowledge of the guideliens and requirements for its sector. For Pharmaeutical, for example, The Pharmaceutical Inspection Convention and Pharmaceutical Inspection Co-operation Scheme (PIC/S) document PI 011-3 PIC/S Guidance Good Practices for Computerised Systems in Regulated “GXP” Environments, available at https://picscheme.org/docview/3444

  To view a preview of the toolkit and the LIMS register and record, you can go to https://advisera.com/17025academy/iso-17025-documentation-toolkit/

• Environmental science

  To be ISO 14001:2015 certified an organization has to comply with all the requirements of the standard. So, your company must have a master-project dedicated to accomplishing conformity with ISO 14001:2015.

  While implementing the environmental management system your company will determine and evaluate:

  • Risks and opportunities
  • Environmental aspects and impacts
  • Conformity obligations and status of compliance

  From these sources, other projects can emerge, in order to improve, in a continual improvement effort, or to eliminate lack of compliance with conformity obligations. For example, currently, in one of my ISO 14001 implementation projects we have these improvement projects:

  • Improving compliance with air emissions legislation
  • Improving compliance with fluorinated greenhouse gases legislation
  • Reducing unitary solvent consumption
  • Improving the rate of solid wastes not sent for final disposal

  You can find more information below:

  • How to achieve continual improvement of your EMS according to ISO 14001:2015 - https://advisera.com/14001academy/blog/2016/02/22/how-to-achieve-continual-improvement-of-your-ems-according-to-iso-140012015/
  • Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
  • Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/