Search results

Home / Search

Category:
Select
Select

11272 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Protecting and keeping data safe

    First is important to note that only because you are transferring the risk to a cloud provider, it does not mean the risk will be automatically lower. It only means that it will be handled by other entities, which in most cases will have a better cost-benefit relation when comparing to treating the risk yourself.

    Considering that, to get by extension the benefits of a certified cloud provider, and ensure the provider will handle your data properly, you need to have a contract or service agreement with it covering your security needs. So, instead of implementing controls related directly to the identified risks, you will need to consider for them controls to handle supplier relationships.

    These articles will provide you a further explanation about supplier security:

    These materials will also help you regarding supplier security:

  • Career in compliance

    I’m assuming that by compliance you mean activities related to ISO 27001 audit.

    Considering that, you have two options:

    • ISO 27001 Internal Auditor – this career involves audit an ISMS against ISO 27001 requirements in your own organization.
    • ISO 27001 Lead Auditor – this career involves auditing an ISMS against ISO 27001 requirements as certification auditors (i.e., work for a certification body).

    These articles will provide you a further explanation about ISO 27001 personnel certifications:

    For courses related to these certifications, please see:

  • Scope definition

    The scope of the Information Security Management System (ISMS) can be defined in terms of information, locations or processes to be protected. The definition by processes is generally used when the scope of the ISMS involves only part of the organization.

    These articles will provide you a further explanation about scope definition:

    These materials will also help you regarding scope definition:

  • Definição de escopo

    O escopo do Sistema de Gestão de Segurança da Informação (SGSI) pode ser definido em termos de informações, locais ou processos a serem protegidos. A definição por processos em geral é utilizada quando o escopo do SGSI envolve apenas parte da organização.

    Para maiores informações, vseja:

  • MDR Accessories

    1. If a part of a medical device is attached to the device, it becomes a component, but if the same part is provided separately to the user in order to fulfil the medical device`s intended purpose, it becomes an accessory. Is that correct?

    Yes, you are correct.   

    2. Considering the scope and requirements of the MDR, the components are a part of the medical device itself which goes through the certification process. If the components are manufactured in bulk, kept in stock, and attached to the final product to fulfil the orders requirements, is it required for them to have the date of manufacture on them, or would the date of manufacture provided on the medical device itself would suffice?

    The date of the manufacturer is optional and is put on the product only if there is no data for the expiry date. The expiry date of the medical device has to be the one that is shorter. So, if you have components that have an expiry date for example the 02/2022, and the medical device has the expiry date 10/2021, then the final expiry date will be 10/21. To ensure even more traceability, be sure that a lot of the component is visible.

    3. How about the accessories? Do they need to go through the same process as the medical device itself (e.g. have clinical evaluation, technical documentation, DoC, UDI, labelling in compliance with the MDR, PMS, etc.)? If in order to fulfil an order they are supplied separately and additionally to the medical device itself - in a separate bag, would the accessories need to have their CE mark, date of manufacture, and/or serial number on their label in order to be compliant, or is this not a requirement?

    If your product meets the definition of “accessory for a medical device” given in Article 2(2), then they are subject to all MDR regulatory requirements according to Article 1(1).

    For more information, see:

    • EU MDR Article 1 – Subject matter and scope https://advisera.com/13485academy/mdr/subject-matter-and-scope/
    • EU MDR Article 2 Definitions https://advisera.com/13485academy/mdr/definitions/

    • Appointing LSA

      If you are based in the UK and deliver digital services online without dealing with a specific EU country, you are free to select the country where to appoint the Lead Supervisory Authority (LSA). Verify if you need an EU representative so that you can select the Surveillance Authority based in the same country as your EU representative.

      Here you can find more information on the Lead Supervisory Authority:

      You can also consider enrolling in this free online training EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

    • ISO Waste collection service

      This kind of question should be asked to certification bodies while determining the scope of the quality management system. According to my experience, different certification bodies have different interpretations. My answer is based on the specificity of the scope of the management system. If the scope is very clear and with "closed" borders, for example, collection of hospital waste, or collection of solid urban waste, clause 8.3 is not applicable. The service is already defined in advance.

      However, if the scope is more general and with "open" borders, for example, waste collection. Therefore, clause 8.3 is applicable. The company today may be doing the collection of solid urban waste and, later, decide that there is an interesting business opportunity and grow for the collection of a certain type of industrial waste. That service expansion must be designed with the help of clause 8.3.

      The following material will provide you more information about exclusions:

    • Validation and verification process

      It is true that the process of implementation whilst running a laboratory can be overwhelming. The toolkit along with the diagram of ISO 17025:2017 implementation process and the Project plan are great tools to assist you. The basic techniques for method validation as well as the required records are included in the toolkit. It is however the responsibility of the laboratory to choose the suitable technique, plan experiments, reference sector specific guidelines and meet specific regulatory and accreditation body requirements.  I agree it can be a challenge for those not yet experienced in these activities, when it comes to the technical skills or knowhow for activities such as method validation and assuring results through external proficiency testing.

      Let’s make this a smoother implementation for you - so I suggest we set up a remote consultation meeting, which is included in the toolkit package, to discuss the implementation challenges. Once I have a better understanding the specific tests you perform  I can provide some guidance within the scope of the consultation and point you to some further resources or support thereafter as needed.

    • Is Quality manual a mandatory requirement for ISO 17025?

      A Quality Manual is no longer a mandatory requirement for ISO 17025:2017. There are a number of reasons. One is that there is less requirement for stating policies on almost each activity, which was typically done in the manual. Another reason is that laboratories had different views on what the Quality Manual was and often it was found to not suite the purpose. Some laboratories considered it a collection of separate documents making up the QMS manual, whilst most a separate document, supported by separate procedures. In this last case, often it was too long and there was too much repeated between the manual and the specific procedures. Even worse, often contradictory policies and processes were documented. That said, if structured and written well, a Quality Manual is very useful and provides an efficient way to reference and interlink policies, systems, processes, documents and records of your management system. This interlinking is a requirement of ISO 17025 – see clause 8.2.4. The Advisera Quality Manual is structured to achieve that and guide personnel in awareness of how these processes interlink.

      For more information, read the whitepaper Clause-by-clause explanation of ISO 17025:2017, available for download from https://advisera.com/17025academy/free-downloads/ and preview the Quality Manual as part of the toolkit at https://advisera.com/17025academy/iso-17025-documentation-toolkit/

      You may also benefit from reading these two articles in the ISO 9001 academy, which is also applicable to the concept of a Quality Manual in ISO 17025:

    • ISO 27001 and Job description

      I’m assuming that by Job Description you mean a document stating the essential job requirements, job duties, job responsibilities, and skills required to perform a specific role.

      Considering that, ISO 27001 does not prescribe the development of job descriptions, only that roles, responsibilities, and authorities related to information security are defined and communicated, and that required competencies (i.e., knowledge, skills, and experiences) are identified and gaps treated.

      These requirements are usually met by defining roles, responsibilities and authorities in various security policies and procedures; required competences are usually defined in a training & awareness plan.

      Such documents need to be approved by the top management, but not necessarily signed; on the employee side, there needs to be a proof that those were delivered - either through a document management system, or by signing a document where an employee confirms the documents are read.

      To see how a Statement of Acceptance of ISMS Documents looks like, please access the free demo of our template at this link: https://advisera.com/27001academy/documentation/statement-of-acceptance-of-isms-documents/

      This article will provide you a further explanation about roles and responsibilities:
      - How to document roles and responsibilities according to ISO 27001 https://advisera.com/27001academy/blog/2016/06/20/how-to-document-roles-and-responsibilities-according-to-iso-27001/

      These materials will also help you regarding roles and responsibilities:
      - Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
      - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Page 201-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +