Search results

Home / Search

Category:
Select
Select

11275 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Is explicit consent request necessary?

    According to Article 8 GDPR, the processing of children’s data requires consent from their parents or from the person holding parental responsibility over them. Even if the legal ground is a contract, the child cannot enter into a contract without parental consent.Recently, some social networks had been fined by Surveillance Authorities because it was not implemented a system to verify the age of the user and require parental consent. 

  • LIMS validation

    The Toolkit includes a Laboratory Information Management System (LIMS) Validation Register and generic template for a LIMS record. These are associated with the Quality Assurance Procedure. The record guides the user to record the purpose and type of test planned. Then the Test case and Procedure , Acceptance criteria and Comments / Action required can be recorded. All the other felds are provided, for example for additional comments / monitoring of risk, record of person performing the validation and approving the validation.

    It is the laboratory’s role to identify the criteria and list them in the record. This reinforces the awareness and consideration of the needs. The latest Part 11, Electronic Records; Electronic Signatures - Scope and Application is available at https://www.fda.gov/regulatory-information/search-fda-guidance-documents/part-11-electronic-records-electronic-signatures-scope-and-application 
    To view a preview of the Advisera 17025 toolkit and the LIMS register and record, you can go to https://advisera.com/17025academy/iso-17025-documentation-toolkit/

  • Retaining documented information

    AS9100 Clause 8.2.3 is about the review of requirements for products and services, and clause 8.2.3.2 is a subclause to this. So in clause 8.2.3.1 you review if you are able to meet all of the requirements for your products and services (customer, legal, other), and clause 8.2.3.2 is telling you that you need to keep records on what you found in your review (the results of the review). For example, could you meet everything, did you change requirements due to customer agreement, etc.

    As this is common to ISO 9001, you can read mor in this related 9001Academt article: How Product Requirements work in ISO 9001, https://advisera.com/9001academy/blog/2014/04/08/product-requirements-work-iso-9001/

  • What is perceived as a risk from production control?

    Following questions can be asked when analyzing risks from production control:

    • Are all checkpoints correctly identified and set?
    • If you use any measuring equipment for the control, is that equipment properly maintained and calibrated (if applicable)?
    • What is the sample size for control, whether the sample quantity is correctly defined with respect to the batch size?

    It is not important what your prediction is that something will happen, but how much such a risk can have negative consequences for the user of the medical device (harm). Usually, if the prediction is very small, it just means that you keep that risk under very good control. The point is that the risk is there, that you have to recognize it and that you have to take all possible measures to reduce it to a minimum.

    For more information regarding the risk in medical devices please see the following article:

    • How to use ISO 14971 to manage risks for medical devices https://advisera.com/13485academy/blog/2017/09/21/how-to-use-iso-14971-to-manage-risks-for-medical-devices/

    • LIMS validation record

      The validation record is generic and can typically be used as is for any sector. The record can be revised if necessary, or customised by the laboratory for a specific purpose. The record is a tool to “house” specific requirements that an individual laboratory has.

      What is important is that the laboratory has knowledge of the guideliens and requirements for its sector. For Pharmaeutical, for example, The Pharmaceutical Inspection Convention and Pharmaceutical Inspection Co-operation Scheme (PIC/S) document PI 011-3 PIC/S Guidance Good Practices for Computerised Systems in Regulated “GXP” Environments, available at https://picscheme.org/docview/3444

      To view a preview of the toolkit and the LIMS register and record, you can go to https://advisera.com/17025academy/iso-17025-documentation-toolkit/

    • Environmental science

      To be ISO 14001:2015 certified an organization has to comply with all the requirements of the standard. So, your company must have a master-project dedicated to accomplishing conformity with ISO 14001:2015.

      While implementing the environmental management system your company will determine and evaluate:

      • Risks and opportunities
      • Environmental aspects and impacts
      • Conformity obligations and status of compliance

      From these sources, other projects can emerge, in order to improve, in a continual improvement effort, or to eliminate lack of compliance with conformity obligations. For example, currently, in one of my ISO 14001 implementation projects we have these improvement projects:

      • Improving compliance with air emissions legislation
      • Improving compliance with fluorinated greenhouse gases legislation
      • Reducing unitary solvent consumption
      • Improving the rate of solid wastes not sent for final disposal

      You can find more information below:

    • ISO 9001 and ISO 14001 integration

      It is not easy to answer theoretically without knowing the real situation. I would start to determine positive and negative issues from each system to frame what we want to keep, and what we want to avoid in the future integrated system.

      Then, I would start integrating those clauses very similar in both standards like 9.3, 9.2, 7.5, 7.4, 7.3, 7.2, 5.2, …

      In operations I would use the process approach from ISO 9001 and would try to include as much as possible the environmental operational procedures, instructions and records embedded in the daily life of the operation. Consider the central flow in this picture:

      https://www.screencast.com/users/ccruz5284/folders/Default/media/b098e50a-df24-41b2-ae71-70db2aa73af9

      Organizations exist to serve clients. So, I recommend starting with modeling how the organizations serve clients based on the process approach and ISO 9001. Then, I consider other interested parties. Based on ISO 14001 and interested parties requirements I recommend organizations to determine environmental aspects and impacts, compliance obligations and risks.

      From here, it is possible to determine what needs to be done to improve the interaction with the environment while serving clients. And what needs to be done can be translated to things like:

      • Add work instructions specifically about environmental practices
      • Update work instructions from quality with tips and requirements to be followed because of improvement needs relevant to the environment
      • Make changes in layouts and visual management in order to help people comply with environmental requirements while doing their work
      • Develop action plans to meet quality and environmental objectives

      You can find more information below:

    • Key to manageable EMS documentation

      I like to keep the documentation as much as possible in a digital format. That helps to keep documents and records updated, and easily available for those that need them. I consider it crucial to invest in explaining to users the why for the documentation, and how and when to use it.

      You can find more information below:

    • Relationship between clauses 4 and 6.1

      many thanks for your support

      Best Regards

      Ramin

    • 27001 ISMS Scope Question

      Question 1 Scope - Processes and Services

      We are an IT company that has 2 cloud-based applications which we own, build and license to our customers. We are responsible for the data in these two systems and they are the reason we are undertaking the 27001 certification. So these two applications are obviously included in the Processes and Services part of our scope.

      We also use multiple other cloud based services that contain our customer data including ***, ***, ***, ***, etc.

      Am I right in saying that these third party systems can be excluded from our scope because it is the responsibility of the third parties (like ***) to secure the data we store in these systems?

      Therefore, is it valid to say that the full extent of our Processes and Services scope should be our 2 applications?

      Answer: First is important to note that an ISMS scope compliant with ISO 27001 cannot be defined in terms of systems and technologies. It must be defined in terms of information, processes, or locations to be protected.

      Since you want to focus on the applications, you should consider for the scope the development, operation and maintenance processes related to these applications.

      Considering that, you can include in the scope only the elements you control.

      About third parties, you can exclude third party systems from your scope (e.g., when using cloud servers, you exclude the physical server of the cloud provider). 

      These materials will help you regarding scope definition:
      - Defining the ISMS scope if the servers are in the cloud https://advisera.com/27001academy/blog/2017/05/22/defining-the-isms-scope-if-the-servers-are-in-the-cloud/
      - How to set the ISMS scope according to ISO 27001 [free webinar on demand] https://advisera.com/27001academy/webinar/how-to-set-the-isms-scope-according-to-iso-27001-free-webinar-on-demand/ 
      - Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
      - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

      Question 2 - IT Networks and Infrastructure

      Our applications live in an ***. I've read your article on defining the scope with cloud servers. I think we're number 4 in that list. That is: The organization uses a third-party platform (public PaaS). 

      2.1 - So in scope would be our two applications and the data within them but all Networks and Infrastructure are out of scope?

      Answer: Your assumption is correct (Networks and Infrastructure are out of scope), but please note that the scope definition must be made in terms of the data or processes to be protected, so statement about your scope should be something like:

      “The scope are the development, operation and maintenance processes of applications XXX in our PaaS environment”.

      “The scope is the data stored and processed by applications XXXX in our PaaS environment”.

      2.2. - Have I overlooked something here? Is it valid to limit the scope to the applications we own/build/license to our customers?

      Answer: First is important to note that you cannot define the ISMS scope in terms of applications. In this case, you need to define the scope in terms of the process to maintain and operate the applications.

      Considering that, you can limit the ISMS scope to only part of your organization, but you need to verify first if the effort to implement this separation is worthy (for small organizations up to 50 employees, defining the ISMS scope as the whole organization is more practical).

      This article will provide you a further explanation about scope definition:
      - Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/

      2. 3 - Thanks for your help. Please also confirm which email address we should address our questions to.

      Answer: In the future, if you want to contact us you can use this e-mail: support@advisera.com
Page 193-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +