Search results

ISO 17025 accreditation

Note that the correct term is accreditation, not certification; as it involves formal recognition of technical competence.

The period of implementation will depend on the size of the labororatory, the number of tests to be added to the Scope of work; as well as naturally, the available reources. Typically from start of project to application for accredition could be anything from 12 months onwards. Once you have applied, it may be up to 3 months before the accredition body perfom the assessment. You then would usually have 3 months to implement any corrective actions before being awarded accreditation.  This means that for a small laborory, it may be a short as 12 months, but typically longer. 

The costs will depend on the accreditation body. I suggest you contact them and request a quotation. In awarding accreditation, the accreditation body attests to your laboratory’s competence to provide consistently valid results through meet the requirements of 17025. An accreditation certificate, which details your scope of accreditation is then issued.

Have a look at how the ISO/IEC 17025:2017 Documentation Toolkit may assist you, available at https://advisera.com/17025academy/iso-17025-documentation-toolkit/ and download some free tools to help with project planning, at https://advisera.com/17025academy/free-downloads/

• Project Plan for ISO/IEC 17025 implementation
• Diagram of ISO 17025 Implementation Process

For some more information here are some useful resources, Download the complimentary white papers:

• Clause-by-clause explanation of ISO 17025:2017 at https://info.advisera.com/17025academy/free-download/clause-by-clause-explanation-of-iso-17025/
• Checklist of mandatory documents required by ISO 17025:2017 at https://info.advisera.com/17025academy/free-download/checklist-of-mandatory-documents-required-by-iso-17025

and watch the Free webinar – https://info.advisera.com/17025academy/free-download/checklist-of-mandatory-documents-required-by-iso-17025 at https://advisera.com/17025academy/webinar/what-are-the-steps-in-the-iso-17025-accreditation-process-free-webinar-on-demand/

Environmental criteria/groups that hydroelectric power projects can face

Unfortunately, that is a very specific question and I do not have particular information on that area. What I can list is a set of topics that may be considered risk factors:

• Earthquake can deteriorate construction
• Excess rain may determine the need to discharge water from the dam and promote floods downstream
• Lack of rain may determine failure to supply water downstream at ecological levels
• High temperature and stagnant waters may develop hazardous bacteria or promote eutrophication
• Blocking the flow of water when it is contaminated, for example, by discharges from a chemical company, preventing contamination downstream (opportunity)
• Destroying or badly affecting traditional river fishing activities due to high variations in water level downstream within a 12 hour period

Do you get the pattern?

Events that may happen, but you cannot say when will it happen

Perhaps the last one is not a risk, there is no uncertainty, it is forecastable and the probability is far from zero.

Please check this information below with more detailed answers:

• ISO 14001 risks and opportunities vs. environmental aspects - https://advisera.com/14001academy/blog/2016/03/21/how-does-product-life-cycle-influence-environmental-aspects-according-to-iso-140012015/
• ISO 14001 document template: Procedure for Identification and Evaluation of Environmental Aspects and Risks - https://advisera.com/14001academy/documentation/procedure-for-identification-and-evaluation-of-environmental-aspects/
• Enroll for free in this course – ISO 14001:2015 Lead Auditor Course - https://advisera.com/training/iso-14001-lead-auditor-course/
• Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/

Differences between medical device certifications and ISO 13485

Medical device certification is a process where you will get the CE mark and you can sell your product on the EU market. This means that you need to prepare technical documentation that is requested in the Medical device directive 93/42/EEC (unitl May 2021) or in Medical device regulation 2017/745 – Annex 2 (from May 2021). 

ISO 13485:2016 is a standard for quality management systems. It means that you need to prepare your processes and documentation to prove that it is under control and fulfill all applicable requirements from the standard. On the EU market, all medical devices must be in compliance with harmonized standards. In MDR, in Article 10 General obligations of manufacturers, it is stated that the manufacturer must have implemented a quality management system. The list of harmonized standards is published by the Official Jurnal of the European Union. On this list, ISO 13485:2016 is the only standard covering quality management system, therefore it is expected for manufacturers to have implemented ISO 13485:2016. 

For more data, please see the following links:

• EU MDR Article 8 – Use of harmonized standards https://advisera.com/13485academy/mdr/use-of-harmonised-standards/
• EU MDR Article 10 – General obligations of manufacturers https://advisera.com/13485academy/mdr/general-obligations-of-manufacturers/
• EU MDR Annex 2 - https://advisera.com/13485academy/mdr/technical-documentation/
• What are EU harmonized standards? - https://advisera.com/13485academy/blog/2020/06/12/what-are-eu-harmonized-standards/
• Link to the harmonized standards published by EU https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:L:2020:090I:TOC
• What is ISO 13485? https://advisera.com/13485academy/what-is-iso-13485/
• How to get ISO 13485 certified? https://advisera.com/13485academy/iso-13485-certification/
• How to determine regulatory requirements according to ISO 13485:2016 https://advisera.com/13485academy/knowledgebase/how-to-determine-regulatory-requirements-according-to-iso-13485/
• Checklist of ISO 13485 implementation and certification steps https://advisera.com/13485academy/knowledgebase/checklist-of-iso-13485-implementation-and-certification-steps/

• How to prepare an audit?

  Thanks for answering the question. I really appreciate...

• ISO 27001 Lead Auditor certification paths

  First is important to note that ISO 27001 does not require a Lead Auditor course for performing internal audits. An internal auditor course is enough for such a purpose.

  Considering that, there are no significant differences between LA certificates issued by PECB or issued by Advisera/accredited by Exemplar Global. Such certificates are needed only for professional who wants to work as a certification auditor in a certification body, and in this case a particular certification body might have a preference for one or the other accreditation body.

• ISO 27001 audit and implementation

  Generally speaking, you need to understand the objectives the client wants to achieve, its line of business, and how the business is organized. Based on this information you can develop additional questions and identify additional persons to talk to.

  Please note that there are no set of definitive questions to be asked, only general topics to be covered.

  To become an ISO 27001 auditor or ISO 27001 implementer, you should first acquire experience in these fields, and the most common ways are to work inside your current company auditing/implementing information security or working for an established consultant.

  For more information about auditing/implementing ISO 27001 and how to become a consultant, please read:

  • What does ISO 27001 Lead Auditor training look like? https://advisera.com/27001academy/blog/2016/08/29/what-does-iso-27001-lead-auditor-training-look-like/
  • What does ISO 27001 Lead Implementer training look like? https://advisera.com/27001academy/blog/2016/11/28/what-does-iso-27001-lead-implementer-training-look-like/
  • How to become an ISO 27001 / ISO 22301 consultant https://advisera.com/27001academy/blog/2014/07/21/how-to-become-an-iso-27001-iso-22301-consultant/

  These materials will also help you regarding ISO 27001 auditing/implementation:

  • Free online training ISO 27001 Lead Auditor Course https://advisera.com/training/iso-27001-lead-auditor-course/
  • Free online training ISO 27001:2013 Lead Implementer Course https://advisera.com/training/iso-27001-lead-implementer-course/

• Is ISO 17025 designed and intended to be implemented on individual, test-by-test basis?

  ISO 17025 implementation applies to the overall activities of the laboratory, including for example personnel training or procurement. The “test-by-test” basis you refer to is applicable to the laboratory’s Scope of Work, for which accreditation is applied for. So you state what is being calibrated (including method and range); or what is being tested (analyte or group of analytes), in what matrix and using what method or instrument. An example is Heavy Metals in Soil by ICP-MS. For each method, yes you need to show technical competence to produce reliable, valid results. If your laboratory may is not involved with sampling, then you state in your documentation that sampling not the responsibility of the laboratory.

  For more detail on what is required for ISO 17025, read the whitepaper Clause-by-clause explanation of ISO 17025:2017 available for download from https://advisera.com/17025academy/free-downloads/ and preview the ISO 17025 Academy toolkit at https://advisera.com/17025academy/iso-17025-documentation-toolkit/

• Addressing management, staff and practical issues within ISO 14001

  Each organization is a different case. Each organization has different motivations, different amounts of staff, different starting points in its survey of the initial environmental situation. The implementation phase requires a project manager almost full time, often this does not happen. Some companies may start from a base where they have to make major investments to meet compliance obligations. Some companies may find it difficult to provide time for training in good environmental practices.

  Please check this information below about implementation:

  • Free webinar on-demand - How to use a Documentation Toolkit for the implementation of ISO 14001 - https://advisera.com/14001academy/webinar/how-to-use-a-documentation-toolkit-for-the-implementation-of-iso-14001-free-webinar-on-demand/
  • List of ISO 14001 implementation steps - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/list-of-iso-14001-implementation-steps/
  • ISO 14001:2015 Implementation diagram - https://info.advisera.com/14001academy/free-download/iso-14001-2015-implementation-diagram
  • Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
  • Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/

• Information Classification Policy - “labeling” of information

  ISO 27001 does not prescribe how to define information labeling, so your proposed scheme is acceptable by the standard (i.e., keep “Internal use” information unlabeled, and label public information as public).  

  These articles will provide you a further explanation about information classification:

  • Information classification according to ISO 27001 https://advisera.com/27001academy/blog/2014/05/12/information-classification-according-to-iso-27001/
  • Document management in ISO 27001 & BS 25999-2 https://advisera.com/27001academy/blog/2010/03/30/document-management-within-iso-27001-bs-25999-2/

  These materials will also help you regarding information classification:

  • ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
  • Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/
  • ISO 27001 Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

• Asset inventory and risk analysis

  I’m assuming you are asking for tools and approaches for asset inventory and risk analysis.

  Considering that, it is our policy not making recommendations about tools or technologies.

  Regarding the approach for risk analysis, the most common approach used for information security based on ISO 27001 is the asset-threat-vulnerability approach. 

  For more information, see:

  • ISO 27001/ISO 27005 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
  • ISO 27001 risk assessment: How to match assets, threats, and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
  • How to assess consequences and likelihood in ISO 27001 risk analysis https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#assessment

  To see a template of risk assessment compliant with ISO 27001, see this link:

  • Risk Assessment Table https://advisera.com/27001academy/documentation/risk-assessment-table/

  As for asset inventory, ISO 27001 does not prescribe an approach for asset inventory. Actually, the inventory of assets is not needed, especially when companies are implementing the standard for the first time - it is enough to develop a list of assets for the Risk assessment, and once this is done this list is simply copied to Inventory of assets.

  To see a template of inventory of assets compliant with ISO 27001, see this link:

  • Inventory of Assets https://advisera.com/27001academy/documentation/inventory-of-assets/

  This article will provide you a further explanation about the inventory of assets:

  • How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/

  These materials will also help you with these activities:

  • Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
  • ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
  • The basics of risk assessment and treatment according to ISO 27001 [free webinar] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/
  • ISO 27001:2013 Foundations Course https://advisera.com/training/iso-27001-foundations-course/