Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Legal basis

    The data processor processes data on behalf of the data controller, under Article 28 GDPR, with a written binding legal document.Therefore, the legal basis of data processing is to perform a contract obligation (toward the data controller).The data subject shall contact the controller to handle their consent and the controller shall inform the processor on how to proceed (in case of Data Subject Access Right procedure or consent withdrawal).

    Here you can find more information on the processor obligations and data subject management:

    If you need to know more about data subjects rights and processor obligation under the EU GDPR you may consider enrolling in our free online training EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

  • Change management process

    Change management process according to the automotive management system, IATF 16949: 2016 standard; required for issues related to production or product change. The web page change or IT-based, etc.,  you can use your normal processes for topics.

  • ISO 14001 environment objectives

    Everything starts with your environmental assessment:

    https://www.screencast.com/users/ccruz5284/folders/Default/media/a3ddf943-6497-4f50-b72d-552172d5f6ed

    You determine a set of environmental aspects. Then, you evaluate and segregate the significant from the nonsignificant environmental aspects:

    https://www.screencast.com/users/ccruz5284/folders/Default/media/945f7731-f09e-4718-9d47-cec7449bdfdb

    Some of the significant environmental aspects due to the scale of your organization operations are mentioned in the environmental policy, they are very important to improve your organization’s interaction with the environment:

    https://www.screencast.com/users/ccruz5284/folders/Default/media/3fb5568b-3542-4e2f-b649-01b25bd8c07e

    A practical example can be:

    https://www.screencast.com/users/ccruz5284/folders/Default/media/9f293b18-30a1-4134-9664-33d9f84cae97

    So, the organization decides to develop environmental objectives around:

    • Reducing the number of wastes sent to landfill
    • Reducing the unitary energy consumption
    • Reducing the unitary solvent consumption

    Before setting objectives, organizations have to define an environmental policy. A good environmental policy considers the scale and environmental impacts of its activities, products, and services. So, the relevant environmental objectives of an organization must be based on significant environmental aspects and impacts.

    You can find more information below:

  • ISO 9001 awareness of hospital QMA

    Unfortunately, I cannot give you a specific answer concerning hospitals, I will give you a general answer applicable to any organization in any sector. Please check clause 7.3 of ISO 9001:2015.

    People working for the QMS need to be aware of the quality policy, need to be aware of the quality objectives that they can influence with their work, need to be aware how they can contribute to meet those objectives, and need to be aware of the consequences of nonconformities.

    To meet these requirements, I normally set workshops where the representation of the organization, based on the process approach as a set of interrelated processes, is the starting point. From there I invite people to find in which processes they work in, which processes act as their internal suppliers and which processes act as their internal clients. Then I invite people to make the relationship between processes and quality objectives, from there they see how they influence the quality objectives and the QMS effectiveness.

    The following material will provide you more information about organizational knowledge:

  • Query regarding the career with ISO 27001 Certificate

    As a telecom security engineer, I’m assuming your main tasks will be of technical nature.

    Considering that, ISO 27001 can help you understand the main concepts of information security and information security controls that can be applied to telecom, however, it will not provide you technical details on how to implement controls. For such knowledge, you should look for other certifications, like CISSP and CompTIA.

    Regarding ISO 27001 certifications, if you want to consider an ISO 27001 career you can follow:

    • ISO 27001 Lead Implementer – this certification recognizes people who have competency in the ISO 27001 implementation process.
    • ISO 27001 Lead Auditor – this certification recognizes people who have competency in auditing an ISMS against ISO 27001 requirements and want to become certification auditors (and with this provides more confidence to an organization for being certified).

    These articles will provide you a further explanation about ISO 27001 personnel certifications:

    For courses related to these certifications, please see:

  • ISO 27001 Foundations Course comment

    Please note that the question refers to the Statement of Applicability document (“The Statement of Applicability document should include:”)

    Considering that, ISO 27001 clauses 6.1.3 d), and 6.1.3.c requires that all 114 controls from Annex A are included in the SoA, not only those deemed applicable, as well as additional controls from other sources. For those controls from Annex A deemed not applicable, you need to provide justification for their exclusion.

    This article will provide you a further explanation about the Statement of Applicability:

  • ISO 9001 Audit objectives

    Let us consider two cases:

    https://www.screencast.com/users/ccruz5284/folders/Default/media/c7ab10fb-e7c5-495b-8282-f0e6cc60a79f

    Case A

    If the audit Program only includes one audit (the scope is the whole quality management system) we may say that both audit program and audit plan have the same purpose, have the same objective.

     

    Case B

    If the audit program includes a set of audits, then we have different objectives. For example, the audit program objective is about the whole set of audits, but each audit will have a different objective and a different audit plan because they may have different scopes and different audit objectives.

     

    For each audit, whatever the case, the audit process objective is the same: being able to arrive at sound conclusions based on the audit plan objectives and on the findings based on solid evidence.

     

    You can find more information below:

  • Do I need ISO 17025 certification in order to audit laboratories?

    You asked

    as a lab expert, do I also need ISO17025 certification in order to audit laboratories? Or is 9001 is sufficient?

     
    There are very few options to obtain ISO 17025 auditing certification. As ISO 9001 is incorporated into the ISO 17025:2017 Management requirements and ISO 17025 Lead Auditor certification courses may not be as readily available, the ISO 9001:2015 Lead Auditor Training Course is a good option. (see https://advisera.com/training/iso-9001-lead-auditor-course/)
    There are two components to auditing to consider:

    • Auditing skills - Training should include exposure /introduction to ISO 19011: Guidelines for Auditing Management Systems as it is provides guidelines for auditing all management systems.
    • Knowledge of the standard against which you are auditing. 

    Auditing basics, roles and the principles of auditing covered in the ISO 9001 auditing course will be applicable to auditing ISO 17025 as well. In ISO 17025 auditing the lead auditor should have appropriate auditing skills to assess the management clauses, meaning all those that do not have a technical component. The technical auditor also needs to also have appropriate auditing skills but must also have the ability to audit the technical aspects, including method validation and measurement uncertainty, quality control. In other words the depth of knowledge and skill to delve deep enough into the risks and assess technical validity and competency. This experience comes from hands on working in a laboratory and attending additional training on technical matters. Based on your comments, this is experience you have.

    If you choose to obtain ISO 17025:2017 Lead Auditor certification; select a suitable course offered by an approved Training Partners of an international certification body such as Exemplar Global (formally RABQSA) or IRCA (The International Register of Certificated Auditors). 

    Have a look at Advisera’s Certification FAQs at https://advisera.com/training/eu-gdpr-courses/ for further information regarding certification

  • Checklist for pre-/post site inspections

    We do not have a checklist, but here are some questions that you can ask:

    • How they maintain the refrigerators/cold rooms
    • How do they monitor the temperature of the refrigerators / cold rooms
    • Are equipment for monitoring temperature calibrated – ask for the certificate of the calibration
    • What is the principle of the storage – First in first out (FIFO) or First expire first-out (FEFO)?
    • Is there other special conditions for the refrigerators/cold rooms that need to be monitored (for example: is humidity important to be monitored; if refrigerators are used, is it necessary to ensure the conditions of the room in which the refrigerators are located in order to prevent overheating)

    For more information regarding storage, please see the following articles:

    • Managing medical device infrastructure requirements according to ISO 13485:2016 https://advisera.com/13485academy/blog/2017/06/28/managing-medical-device-infrastructure-requirements-according-to-iso-13485/
    • Calibration requirements in ISO 13485 https://advisera.com/13485academy/blog/2019/03/08/calibration-requirements-in-iso-13485/

    • Can one person be lab director and quality manager at the same time?

      Glad you found the webinar interesting.

      In terms of ISO 17025, the Quality Manager needs to be impartial, but need not, if the risk is accepted, be independent. There may however, for certain sectors be regulatory requirements or other standards; that require independence of the QM. What is important is the functional role in ISO 17025, for example the appointed laboratory manager my function as the QM as well, as long as risk is managed, and impartiality is evident.

       

      There are some activities, where you should appoint an independent person; even a person reporting to you, or a colleague; to review for example, documents you author. Furthermore internal auditing requires independence so you will need to contract an independent third party consultant or an independent competent person from another department or sister company to assist with audits.
Page 226-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +