Search results

Home / Search

Category:
Select
Select

11270 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • 17025 accreditation: cost benefit

    You asked

    What about higher income for 17025 accredited Cal's compared to non-accredited?  Do you happen to have a rough % of additional price that a lab can charge for an accredited calibration, compared to just a straight commercial cal with NIST traceability?

    Pricing all depends on your sector, market (competition) and regulations. I cannot provide an idea of a price increase. What I can offer is some advise on how to proceed towards a decision to implement ISO 17025 and seek accreditation. Typically, to secure more business and a higher price, it will involve “selling” the added benefit to customers - the assurance of consistent, reliable results. If accredited, it is not just the word of the laboratory, but that of the accreditation body that provides the client with additional confidence. Providing a calibration with NIST traceability alone does not provide assurance that only competent personnel perform the calibration, and that all the other technical requirements are met.

    Accreditation is often mandatory for calibration laboratories; however, if it is not; to help make the decision,  I suggest that the laboratory obtain a quote from their accreditation body and estimate the total cost of obtaining and maintaining accreditation each year. Then do a risk /opportunities analysis. Look at the financial risks and benefits. Consider first, the current income and number of calibrations, and what you would need to increase the price by, to just recover your additional costs. Then consider the reputational opportunity (benefit) - whether you may gain (or retain) customers. Another benefit to consider is reduced costs due to improved efficiency and fewer repeats. This may lead, for example, to an opportunity to increase the number of calibrations performed monthly. Then look at the rates charged by competitors.

    Financial management for the organisation should be able to assist with a model to decide whether the additional cost of accreditation could be recovered, from a financial perspective. Then by effectively implementing and maintaining the system, cost savings and further income should be realized.

  • ISO 9001 and ISO 13485 PMS

    No, when performing PMS/PSUR, you need to cover only medical devices.

  • ISO 9001 for Law firms

    Requirements for ISO 9001:2015 certification of a law firm is similar to any other organization. Having a quality management system designed and implemented according to the standard.

    First, I would decide the scope of the quality management system. Is it applicable to all areas and services or just for some?

    If you are starting a project to implement ISO 9001:2015:

    Setup a project sponsor, a project manager, and a project team. Ensure top management support, get training about the standard. Designing and implementing a quality management system implies being knowledgeable about ISO 9001:2015.
    As a first step perform a Gap analysis, to determine the amount of work to be done - comparing what your organization already has in place versus ISO 9001:2015 requirements. From that GAP Analysis, you can develop your Project Plan, listing what needs to be done, by whom, until when.

    From there it is implementation in order to close the gaps found. Then, perform an internal audit and the management review. There you can decide if your organization is ready for a certification audit.

    To speed up the process you can use our Documentation Toolkit for the implementation of ISO 9001:2015 here - https://advisera.com/9001academy/iso-9001-documentation-toolkit/ and check the free previews. You can also watch this free webinar on-demand - How to use a Documentation Toolkit for the implementation of ISO 9001 - https://advisera.com/9001academy/webinar/how-to-use-a-documentation-toolkit-for-the-implementation-of-iso-9001-free-webinar-on-demand/

     

    Time to implement from scratch and be certified, with our Toolkit Documentation, can take:

    Companies of up to 10 employees - up to 3 months
    Up to 50 employees – up to 3 to 6 months
    Up to 200 employees – up to 6 to 10 months
    More than 200 employees – up to 10 to 20 months
     

    This is a very short description of the journey but below you can find more detailed information:

     

    You can find more information below:

  • ISO 13485 and cleaning process

    Cleaning is covered in the ISO 13485 in the following requirements: 6.4.1 Work environment and 6.4.2 Contamination control. There is no instruction how cleaning should be performed, there is even criteria which would be the required level of cleanliness for a particular product.  It is manufacturer responsibility  to define the requirements for health, cleanliness, clothing of personnel, contamination control.

    For more information on this topic, please see following article:

    You can see in our ISO 13485:2016 Documentation toolkit how this procedure looks like:

    • Procedure for Infrastructure and Work Environment https://advisera.com/13485academy/documentation/procedure-for-infrastructure-and-work-environment-iso-13485-2016/

    • GDPR restrictions for Hotel e-check in

      I am a software engineer and I am building a software product referring to hotels. The main goal is to allow hotel customers to checkin prior to their physical presence on the hotel from their mobile device.

      From a bussiness point of view this is a three-step process:
      1. The user takes a photograph of their personal ID or their passport.
      2. The user fills out a form with all the details of the hotel's terms of service.
      3. This user digitally signs for all the above.

      There is no technical issue on performing these operations. However questions arise concerning GDPR restrictions on how to forward the files to the hotel stuff.

      Should I store these files on the server then send them with an email to the hotel stuff and then delete them?

      Is there any other recommended way of doing this proceess?

    • Control of records ISO 9001

      I hope I understood your question. ISO 9001:2015 speaks about “documented information”, and documented information should be maintained or retained.

      ISO 9001 versions, before 2015, used the words “documents” and “records”. When ISO 9001:2015 mentions “maintain documented information” it is mentioning document control according to previous versions.

      When ISO 9001:2015 mentions “retain documented information” it is mentioning record control according to previous versions.

      You can find more information about documentation below:

    • Can we be GDPR and ISO 27001 compliant with 1 employee?

      ISO 27001 was designed to be applicable to organizations of any size and industry, so it is possible to be compliant with this standard with only one employee, as well as when working with freelancers/consultants.
       
      GDPR refers to the process of personal data by organizations/professionals so it is not referred to dimensions, since it is applicable also to professionals, sole traders, and freelancers. The implementation depends on the kind of data processed.

      These articles will provide you a further explanation about ISO 27001 and GDPR:

      These materials will also help you regarding ISO 27001 and GDPR:

    • Including SOC 2 controls in SoA

      1. Are we required to include the SOC2 controls in the ISO 27001 Statement of Applicability?

      In case the SOC2 controls are applied to elements included in the ISMS scope, then you need to include them in the Statement of Applicability, but please note that some of ISO 27001 Annex A controls can be used to fulfill the Trusted Service Criteria used by SOC2, so in these cases, you can refer directly to the related Annex A controls.

      Also is important to note that, to include the SOC2 controls in the Statement of Applicability, you first need to review your risk assessment and risk treatment, and the applicable legal requirements, to ensure that you have the proper basis to include these controls in the SoA.

      This article will provide you a further explanation about ISO 27001 and SOC 2:

      2. If we were to add all of the SOC2 controls this year, would all these controls be tested during this year's external surveillance audit? I'm planning out the scope of the internal audit and which controls to test, but we have limited resources and time. It seems duplicative to me to include the SOC2 controls since those are tested independently as part of the SOC2 audit. I understand an internal audit is not required for the SOC2 certification, but I see the benefit of performing an internal review to identify issues that could be mitigated before the SOC2 cert audit.

      Please note that added controls need to be audited in the next surveillance audit because their impact on the information security levels needs to be verified.

      Considering your limited resources and time, an alternative could be to include first the controls that have the biggest impact on information security (i.e., they are the single or main controls applied to treat related risks) and leave other less impacting controls to be included in the next year. Additionally note that since some controls of Annex can be used for SOC2, this can reduce your need for resources and time.

    • ISO 27001 confidentiality

      Confidentiality is mentioned in the following sections and clauses:

      • 0 Introduction – 0.1 General
      • Clause 6.1.2 c) 1) – Information security risk assessment
      • Clause 7.5.3 b) – Control of documented information
      • Control section A.10.1 – Cryptographic controls
      • Control A.13.2.4 – Confidentiality or nondisclosure agreements

      This article will provide you a further explanation about ISO 27001:

      These materials will also help you regarding ISO 27001:

    • Documenting Statement of Applicability

      1. How to start documenting Statement of Applicability.

      To start documenting the Statement of Applicability you need to perform a risk assessment and risk treatment, to identify the relevant risks and controls (from ISO 27001 Annex A or other sources) you will implement to treat them. Additionally, you need to identify legal requirements (e.g., laws, regulations, and contracts) which require the implementation of specific controls.

      For further information, see:

      2. What approach to follow?

      According to ISO 27001, the following information must be included in the SOA:

      • All applied controls
      • Justification for inclusions
      • Implementation status
      • justification for exclusions of controls from Annex A

      You can also add information you consider relevant to help manage the ISMS (e.g., a brief description of how the control is implemented).

      Regarding the format, you can adapt the information to any format your organization considers proper (a document, a spreadsheet, etc.)

      To see how a Statement of Applicability of compliant with ISO 27001 looks like, please see the free demo on this link: https://advisera.com/27001academy/documentation/statement-of-applicability/

      3. Who all should one interact with?

      In the development of the Statement of Applicability you need to interact with those who participated in the risk assessment and treatment, and in the identification of legal requirements, and they should be the managers and key personnel of the related areas or processes (e.g., for IT, you need to interact with IT manager and systems’ administrator, for Finance, you need to interact with the Finance Manager and a finance specialist, etc.).

      This information may help you to start, but please note that this material depends on the contribution of our readers and some of them may be outdated. is strongly recommend hiring legal expert advice to support this activity:

      For further information, see:
Page 195-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +