Search results

Use of non accredited calibration service providers

This will depend on your sector and the use of the equipment. Check first if there are regulations relevant to your clients, or perhaps requirements from your accreditation body for the type of testing and program specific accreditation.

The ISO 17025 standard does not state as a general requirement you must use an ISO 17025 accredited calibration laboratory and an in each case obtain an accredited calibration certificate. The main requirement is metrological traceability of measurement results, which includes the use of competent laboratories for your calibrations. These can be either ISO 17015 accredited or non-accredited laboratories that provide, for example, traceability to international SI units.  A reason to obtain an ISSO 17025 accredited calibration is to get the measurement uncertainty on the calibration certificate, which may be necessary for your application.  If however, the equipment has a minor impact (low risk) on the validity and uncertainty of the measurement,  then a non-accredited calibration should be suitable. For example, there are large tolerance/specifications on a pass/fail outcome. 
On the other hand, you should obtain an accredited calibration where equipment is used for critical applications, or used to calibrate or test other equipment.

For further information have a look at The article What does ISO 17025:2017 require for laboratory measurement equipment and related procedures? at https://advisera.com/17025academy/blog/2019/07/25/iso-17025-measurement-requirements-of-the-standard/ and The ISO 17025 document template: Equipment and Calibration Procedure at https://advisera.com/17025academy/documentation/equipment-and-calibration-procedure/

Privacy Policy Template

Since your customer did not accept your proposed versions based on 2013 ISO 27001 and the GDPR, and ISO 27001:2022 does not have significant updates on this topic, I suggest you take a look at this template:

• Policy for Data Privacy in the Cloud https://advisera.com/27001academy/documentation/policy-for-data-privacy-in-the-cloud/

This document is based on guidelines from ISO 27018, a supporting standard to ISO 27001 which covers the protection of privacy in cloud environments.

For further information, see:

• ISO 27018 – Standard for protecting privacy in the cloud https://advisera.com/27001academy/blog/2015/11/16/iso-27001-vs-iso-27018-standard-for-protecting-privacy-in-the-cloud/

Register of Requirements

By checking that you are compliant with the Computer Misuse Act, you state that you have implemented all the controls defined as necessary to fulfill the Act’s requirements (secure computer material against unauthorized access or modification, and for connected purposes).

Considering that, you need to identify in the Statement of Applicability which controls are related to the Computer Misuse Act, and ensure they are implemented (these controls may refer to documents, facilities, and/or technologies).

For example, if controls related to this Act are controls A.5.15 - Access control, and A.7.1 – Physical security perimeters, then you need to ensure that they are implemented (e.g., by implementing an Access Control Policy, and by defining areas with different security levels, related to the sensitivity of the information kept on them).

Help in ISO 17025 implementation

You asked

Will a reference standard be accepted that will expire in June 2023, knowing that the laboratory seeks effective application of ISO 17025?

As long as the certified reference material (CRM)  has been stored according to requirements, and it is used before expiry, you can show acceptability to use it and traceability of your results through the material's certified value.

It is however always best practice to test one lot number of a reference material against an existing material for which you have quality control data. This will provide reassurance in the certified value, particularly if you are close to the expiry date.

You also asked

if it is mentioned in the certificate of the reference material that the re-test of the material in 2024, what is the method used to re-test and verify the effectiveness and stability of the material? The test result"

The specific test depends on the material and method technique. You need to show that the certified property value/s are not significantly changed. The depth of the assessment depends on the expected influence of the CRM on the validity of the measurement and the criticality of the measurement. Use statically tools to determine if there is any significant difference in the measured property of the CRM compared to the quality control data or validation data of the same CRM when first introduced I,e before expiry.

As stability is being evaluated, and there is a possibility of breakdown components, the test must be specific and selective. Typically you will run a number of replicates of the CRM as a test sample using your normal process and quality control checks.

How do I gain 4 days of AS 9100 2nd party audits experience to be certified by Probitas for AEA?

Mark, thank you, that was helpful! I am located in CA

Internal Audit

This free webinar on-demand - How to perform an ISO 9001:2015 internal audit - https://advisera.com/9001academy/webinar/how-to-perform-an-iso-9001-2015-internal-audit-free-webinar-on-demand/ can be useful to answer your question with examples.

In this webinar you will see this flowchart with the main steps regarding an internal audit process: https://i.imgur.com/KWkCg1H.png

Consider also this book - ISO internal audit: A plain English guide: https://advisera.com/books/iso-internal-audit-plain-english-guide/

Validation of equipment

According to requirement 7.5.6 manufacturers must validate any processes for production and service provision where the resulting output cannot be or is not verified by subsequent monitoring or measurement. Furthermore, according to requirement 6.3 Infrastructuremanufacturer must document the requirements for the infrastructure needed to achieve conformity to product requirements. This definitively is considering using validated equipment during manufacturing.  

09.04 BYOD Policy and 09.01 IT Security Policy

The BYOD Policy and the IT Security Policy were developed as separate documents to avoid making the IT Security Policy a bigger and more complex document to read and manage, but you can merge the two documents if you want to (ISO 27001 does not require policies to be written as separate documents).

For further information, see:

• One Information Security Policy, or several policies? https://advisera.com/27001academy/blog/2013/06/18/one-information-security-policy-or-several-policies/

Distributors role in UK MDR changes

To my knowledge, this MHRA extending the deadline does not impact the distributors since they are not responsible for placing the device on the market. So they will behave accordingly to the manufacturer's obligations.  

Questions on Training Procedure and Procedure for Infrastructure and Work Environment

1. The reason of my mail is to ask you on which document of the toolkit can I find the one that describes the trainings product?

2. On the Procedure for Infrastructure and Work Enviroment document, on section 3.5 (Monitoring and measuring environmental conditios) I wonder if this section is necessary environmental conditions nor a cleanroom to do the device, the device is not invasive and it's mostly a software with sensors to check basic vital signs using IoT.