Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Clause 7.4 Communication Register

    First is important to note that we do not recommend creating such a register.

    Please note that ISO 27001 requires you to define a communication process, although there is no requirement that such a process must be documented.

    Considering that, communication is an activity that is performed by many processes in information security according to ISO 27001, with different purposes. So, to have a centralized communication procedure would create an overhead for people responsible for communication with activities that may not be a part of their regular tasks.

    That’s the reason there isn’t a specific template for clause 7.4.

    The main documents in Conformio that define how communication needs to be done are:

    • the Information Security Policy
    • the Training Module
    • the Incident Management Procedure
    • the Disaster Recovery Plan

    Additionally, most of the communication an organization performs is already registered through emails, Slack messages, etc. - so those can act as “registers”.

    If you do want to create a separate Communication plan, then this article will provide you with further explanation about communication plan:

    • How to create a Communication Plan according to ISO 27001 https://advisera.com/27001academy/blog/2014/10/27/how-to-create-a-communication-plan-according-to-iso-27001/

    • How to efficiently plan the audit

      Thank you so much for your response. It is very helpful.

    • ISO 17025 Audit requirements

      You asked

      "1. We are QC testing laboratory for lubricant oil & samples are inhouse only as we have our manufacturing plant now we are planning to get 17025 certification. I want to know what all documents are needed

      The mandatory processes and procedures apply to all laboratories implementing ISO 1705. Then depending on your scope (for example is the laboratory responsible for sampling or not), you reduce and modify what is put into place and stated in your documents. For information, see the article Checklist List of mandatory documents required by ISO 17025:2017 at https://advisera.com/17025academy/blog/2019/08/30/list-of-mandatory-documents-required-by-iso-170252017/ and download the complimentary checklist at https://info.advisera.com/17025academy/free-download/checklist-of-mandatory-documents-required-by-iso-17025?

      You also asked

      2. Also I need guidance to make the format of scope

      The laboratory will typically add this directly or as a linked record to the quality manual. Have a look at the Q&A post Scope of accreditation at https://community.advisera.com/topic/scope-of-accreditation/

      You also asked

      3. We already have quality manual & policy as per ISO 9001 45001 & 14001. Do we need to make new for ISO 17025

      You can integrate your manuals and ISO 17025 clause 8 requirements, however, if different people are responsible for the ISO 9001, 45001, and 14001 certifications, it would be beneficial to keep a separate manual for ISO 17025. Either way, for efficiency, ensure your approach to management system requirements, such as handling complaints and Noncorformances is common.

      For more information on integrating ISO 17025 with a certified management system, see the Q&A post and links from the Q&A post Merging ISO 9001 & ISO 17025 at https://community.advisera.com/topic/merging-iso-9001-iso-17025

      You also asked

      4. Also if you can guide regarding which documents should be in hard copy format or all documents in soft format is okay

      ISO 17025 requires the laboratory to document processes to the extent necessary. The operational need will determine whether hard or soft copy documents, forms, and records are most appropriate. ISO 17025 does not specify.

    • How long and how much for emdr 2a certification of software ai as medical device?

      If I understand your question properly, the certification process from the moment you submit the technical documentation to the notify body lasts 9 or 12 months.

    • Supporting documentation for training

      As training material about ISO 27001, we suggest you the following material:

      These materials will also help you:

    • Lab exchanging anonymized samples for studies

      What you are referring to relates to the requirement of ISO 17025 clause 7.7 to ensure the validity of results. Internal quality control can include, for example, the laboratory or quality manager submitting control samples as unknown test samples. This is listed as clause 7.7.1 g, retesting of retained items. Simply ensure the samples are processed as routine samples and monitor the results against expected results. When it comes to exchanging samples externally for quality control purposes, ensure best practices are followed and the approach to statistical evaluation and performance criteria are agreed to in advance. This is listed as clause 7.7.2b,  participation in interlaboratory comparisons other than proficiency testing. In both cases, clause 7.7.3 states the requirement to analyze data and if the results are not within the pre-defined criteria, the laboratory must take corrective action.

      For more information see the response to another question at https://community.advisera.com/topic/clause-7-7-7-7-1/ and the Advisera Toolkit  Quality Assurance Procedure at https://advisera.com/17025academy/documentation/quality-assurance-procedure/

    • ISO 9001 and Gap Analysis and Internal Audit

      A) Stage 1 audit is mostly about the design of the management system. Is the system well designed? Does the system considers all the requirements in the management standard? Is the management system ready for a stage 2 audit? Nonconformities may be raised.

      Stage 2 audit is mostly about implementation. This stage usually follows a few weeks after the Stage 1 audit. The auditor will check whether your management system has really materialized in your company, or if it is only there on paper. He will check this through observation and interviewing your employees, but mainly by checking your records. So, you need to make sure you are really complying with everything you have written in your policy and procedures. If there are no major nonconformities, the certification body will issue the certificate to your company.

      You already know, from stage 1, that the system is designed according to the standard; however, now you want to know if the system is implemented, if documents are followed and mandatory records kept.

      Checklist for stage 1 is different from checklist for stage 2 because the audit purpose is different.

      B) Gap analysis and internal audit both activities play crucial roles in driving organizational improvement and ensuring the successful implementation of a management system. A gap analysis is primarily concerned with identifying gaps between an organization's current practices and the requirements of a management system, whereas an internal audit evaluates the adequacy and effectiveness of the implemented system (main difference), including compliance with standards and regulations. The checklist used in a gap analysis can be generic and have a column to report what exists already and the gaps. The checklist used with internal audits has a column to report what is actually being found and observed.

      C) When you’re planning an audit you should try to minimize the disruption brought by the audit team while carrying out the audit. You don’t want to audit a role in the morning and after lunch of the first day and in the morning of the second day. So, consider this constraint while scheduling your audit plan. I prefer identifying departments in the audit plan because is something that everybody in the organization is aware about. Not everybody knows about processes and even less about the clauses of the standard. Remember, the audit plan is a communication tool. About the matrices, I like to write them while I prepare the checklist to be aware of the kind of questions I should ask.

      You can find more information in the following documents:

Page 22-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +