Search results

Gaps in complying with GDPR

From January 2021 the UK is no more part of the EU so you should comply with the UK GDPR instead of the EU GDPR if you are planning to offer services in the UK. Luckily, the UK GDPR is mirror legislation of the EU GDPR so regulation is pretty identical.One gap is encryption which is considered a common technical security measure, then you should inform the data subject and keep a register of processing activities, just to mention essential activities.

Here you can find more information on how to start implementing GDPR in your business:

• 9 steps for implementing GDPR https://advisera.com/articles/9-steps-for-implementing-gdpr/

If you want to learn how personal data are processed under the EU GDPR you may consider enrolling in our free training EU GDPR Foundations course: https://advisera.com/training/eu-gdpr-foundations-course//

Is the Technical File still a requirement?

In MDR there is a requirement for Technical documentation. It is covered in Annex 2 - Technical documentation and Annex 3 - Technical documentation on post-market surveillance.

For more details, please see:

• EU MDR Annex 2 – Technical documentation - https://advisera.com/13485academy/mdr/technical-documentation/
• EU MDR Annex 3 – Technical  documentation on post-market surveillance - https://advisera.com/13485academy/mdr/technical-documentation-on-post-market-surveillance/

• Technical file procedure https://advisera.com/13485academy/documentation/technical-file-procedure/
• Technical documentation checklist https://advisera.com/13485academy/documentation/technical-documentation-checklist/

Additionally, we have prepared the following procedures and associated templates, required by MDR:

• Procedure for clinical evaluation - https://advisera.com/13485academy/documentation/procedure-for-clinical-evaluation/
• Procedure for Post-Market Surveillance System - https://advisera.com/13485academy/documentation/procedure-for-post-market-surveilance/

• ISO 9001 requirements for laboratories

  Yes, ISO 9001 requirements are similar. Of course, each laboratory has different interested parties and clients (clauses 4.2 and 5.1.2) and have to comply with different standards and regulation (clause 7.5 about external documents). So, although the requirements are the same, the specific way of complying with them may vary from laboratory to laboratory.

  You can find more information below:

  • Six Key Benefits of ISO 9001 Implementation - https://advisera.com/9001academy/knowledgebase/six-key-benefits-of-iso-9001-implementation/
  • What are the benefits of ISO 9001 for your employees? - https://advisera.com/9001academy/blog/2016/06/14/what-are-the-benefits-of-iso-9001-for-your-employees/
  • Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
  • Book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
     

   

• Starting with SOA

  Please note that before you start SoA you have some work to do (e.g., definition of the ISMS scope, Information security policy, risk assessment, and treatment methodology, etc.).

  Considering that, we suggest you follow the order of folders and templates provided in the toolkit, so you minimize the complexity of your implementation and risks of rework.

  Once you have completed the templates needed to support the SoA, you will have a better understanding of how to be filing it. In short, to start documenting the Statement of Applicability you need to perform a risk assessment and risk treatment, to identify the relevant risks and controls (from ISO 27001 Annex A or other sources) you will implement to treat them. Additionally, you need to identify legal requirements (e.g., laws, regulations, and contracts) which require the implementation of specific controls.

  For further information, see:

  • ISO 27001/ISO 27005 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
  • The basics of risk assessment and treatment according to ISO 27001 [free webinar on demand] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/
  • Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/

  Additionally, included in the toolkit you will buy you will have access to a video tutorial that will help you to fill in the Statement of Applicability.

• Modification planning

  Thank's for your response.

• Naming audits after upgrading to ISO 45001

  If you are transitioning from OHSAS 18001 to ISO 45001 during this year’s audit, then this is an ISO 45001 certification audit even if you were partially through your 3-year cycle on OHSAS 18001. This audit will confirm all of ISO 45001 implementation, and is therefore not the reduced audit you will see in a surveillance audit.

  You can read a bit more on the certification process in the whitepaper: What to expect at the ISO certification audit: What the auditor can and cannot do, https://info.advisera.com/free-download/what-to-expect-at-the-iso-certification-audit

• ISO 9001 and financial problems during the pandemic

  No, implementing a QMS according to ISO 9001:2015 is no bullet-proof vest against financial problems during pandemic Covid 19. However, I believe that having a QMS according to ISO 9001:2015 can help organizations in answer to the situation. In extreme situations, if your organization cannot operate due to mandatory shutdown from authorities, it is irrelevant being or not being ISO 9001 certified.

  You can find more information below:

  • Article - How to use ISO standards to address a pandemic - https://advisera.com/articles/how-to-use-iso-standards-to-address-a-pandemic/
  • Free webinar on-demand - How to use ISO 9001 to control operations during the pandemic - https://advisera.com/9001academy/webinar/how-to-use-iso-9001-to-control-operations-during-the-pandemic-free-webinar-on-demand/
  • Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
  • Book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
     

• Monitoring risk management

  

  To monitor risk management, you want to evaluate how each of the four steps are performed:

  • Determine risks
  • Assess risks
  • Mitigate risks
  • Monitor results 

  You can list all the relevant situations where your organization failed with risk management by considering performance results, for example:

  • Complaints
  • Defects
  • Delays
  • Higher costs
    … 

  Each time any of these situations arrive, it is a signal that somewhere in our risk management methodology we failed. Then comes the need to determine the causes of those failures. For example, last week I worked with an organization that realized that its practice to determine risks during construction had to be improved. The person determining risks had no first-hand construction experience. So, instead of one person, they decided to use a small team.

  You can find more information below:

  • Free webinar on-demand – How to implement risk management in ISO 9001:2015 - https://advisera.com/9001academy/webinar/how-to-implement-risk-management-in-iso-90012015-free-webinar-on-demand//
  • How to address risks and opportunities in ISO 9001: https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
  • How to identify risk significance in ISO 9001:2015 - https://advisera.com/9001academy/blog/2019/01/14/how-to-identify-risk-significance-in-iso-90012015/
  • For a free preview of an example of the Registry of Key Risks and Opportunities - https://advisera.com/9001academy/documentation/registry-of-key-risks-and-opportunities/
  • Enroll for the free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
  • Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ (I use a lot of examples based on the risk-based approach)

• Imparting ISO 9001 implementation benefits

  Show them the pain.

  Normally, people don’t change because of rational explanations; people change through their heart. Can you show them compelling examples of things that go wrong and damage organizational reputation or financial situation? Then, can you show them how a QMS could make a difference in mitigating each of those examples?

  You can find more information below:

  • Six Key Benefits of ISO 9001 Implementation - https://advisera.com/9001academy/knowledgebase/six-key-benefits-of-iso-9001-implementation/
  • What are the benefits of ISO 9001 for your employees? - https://advisera.com/9001academy/blog/2016/06/14/what-are-the-benefits-of-iso-9001-for-your-employees/
  • Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
     

• Auditing methodology differences

  There is no difference in terms of methodology between 1st, 2nd, and 3rd party audits. They all have to be prepared, executed, and reported according to ISO 19011 requirements.

  You can find more information below:

  • Please check this article - First-, Second- & Third-Party Audits, what are the differences? - https://advisera.com/9001academy/blog/2015/02/24/first-second-third-party-audits-differences/
  • Free webinar on-demand - How to perform an ISO 14001:2015 internal audit - https://advisera.com/14001academy/webinar/how-to-perform-an-iso-14001-2015-internal-audit-free-webinar-on-demand/
  • You can also attend this free course – ISO 14001:2015 Internal Auditor Course - https://advisera.com/training/iso-14001-internal-auditor-course/
  • Book - ISO internal audit: A plain English guide: https://advisera.com/books/iso-internal-audit-plain-english-guide/