Search results

External audit

Sem mais informações sobre as não conformidades identificadas (ex.: cláusula(s) impactadas e o que foi observado), o que podemos informar é que os templates disponíveis no kit de documentos da ISO 27001 estão em conformidade com os requisitos da ISO 27001, tendo sido aceitos por auditores de certificação em todo o mundo.

Para ver uma demonstração deste kit, por favor acesse este link: https://advisera.com/27001academy/pt-br/kit-de-ferramentas-da-documentacao-da-iso-27001/

Este material pode prover mais informações sobre o uso do kit de documentos:

• How to use a Documentation Toolkit for the implementation of ISO 27001 / ISO 22301 [free webinar on demand] https://advisera.com/27001academy/webinar/how-to-use-a-documentation-toolkit-for-the-implementation-of-iso-27001-free-webinar-on-demand/

• ISO 9001:2015 clause 4 internal and external issues vs interested parties

  Please check this free webinar on demand - ISO 9001:2015 clause 4 - Context of the organization, interested parties, and scope - - where I present examples of internal and external issues and how to determine them, and examples of interested parties and their requirements and expectations. Further, I show how both can be used to determine risks and opportunities.

  You can find more information below

  • How to identify the context of the organization in ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/how-to-identify-the-context-of-the-organization-in-iso-90012015/
  • How to determine interested parties and their requirements according to ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/11/10/how-to-determine-interested-parties-and-their-requirements-according-to-iso-90012015/
  • Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
  • Book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
     

• ISO 14001:2015 program bringing dissimilar global programs together in the least disruptive manner

  Focus your attention on the CAPD cycle:

  

  Check your current situation and determine priorities for improvement.

  Select a set of projects for action based on your available resources and priorities.

  Plan each project in order to enhance performance.

  Do, implement each project.

  I like to see a management system as a portfolio of projects. Please check ISO 9000:2015 definition for management system. Something like:

  System to establish a policy, an orientation, a set of priorities. Then, translate these priorities into objectives, into concrete challenges. Then work, transform the organization to meet those objectives.

  You can find more information below:

  • How to Use Good Environmental Objectives - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/how-to-use-good-environmental-objectives/
  • Examples of ISO 14001 objectives based on the different company sizes - https://advisera.com/14001academy/blog/2019/10/22/iso-14001-objectives-examples-for-different-company-sizes/
  • Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
  • Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/

• GDPR recognition in Jordan

  No, the countries considered as providing adequate protection are listed by the EU Commission and currently are Andorra, Argentina, Canada (commercial organizations), Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland, and Uruguay.Adequacy talks are ongoing with South Korea.

  You can verify the list at the following link: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en

  Of course, data transfers to or from Jordan can be based on Standard Contractual Clauses (SCC). You will need a data protection agreement between the controller and the processor with the SCC included.

  Here you can find a free template of Standard Contractual Clauses as required from the EU Commission:

  • Standard Contractual Clauses Annexes Download free template (MS Word) https://info.advisera.com/eugdpracademy/free-download/standard-contractual-clauses-annexes

  Here you can find more information:

  • 3 steps for data transfers according to GDPR https://advisera.com/articles/3-steps-for-data-transfers-according-to-gdpr/
  • Free webinar – How to make personal data transfers to other countries compliant with GDPR https://advisera.com/webinars/how-to-make-personal-data-transfers-compliant-with-gdpr-free-webinar-on-demand/

  To have a deeper idea of the list of requirements of GDPR you can consider enrolling in our free online training EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

• ISO 17025 latest version

  If your question relates to laboratories that are currently accredited to ISO 17025:2005, currently the certificates of accreditation to the 2005 version are valid; however accredited laboratories must transition before their certificate expires or by the latest, 1 June 2021. Accreditation bodies will arrange assessments against ISO17025:2017 before the deadline. That means that they need to be in the process of meeting ISO 17025:2017 requirements; thus making the old version of the Standard obsolete.

  If you are busy implementing ISO 17025 and have not yet applied for accreditation, then no, ISO 17025:2005 is not applicable. The laboratory must implement to meet ISO 17025:2017 requirements.

  For further information see

  • The whitepapers
    Clause-by-clause explanation of ISO 17025:2017 at https://info.advisera.com/17025academy/free-download/clause-by-clause-explanation-of-iso-17025/
    Checklist of mandatory documents required by ISO 17025:2017 at https://info.advisera.com/17025academy/free-download/checklist-of-mandatory-documents-required-by-iso-17025
  • The ISO 17025 Toolkit at https://advisera.com/17025academy/iso-17025-documentation-toolkit/
  • The ILAC News (11 June 2020) at https://ilac.org/latest_ilac_news/transition-period-for-iso-iec-17025-extended/

• Implemantation of 17025

  If you are referring to the Complaints procedure being separate from the Nonconformance and corrective action procedure, yes of course it can be separate. Laboratories generally combine documented procedures where possible to reduce the number of documents, however it is your choice; as long as it is effective and efficient to do it that way.

  ISO 17025 has a requirement that you have a description of the complaint handling process that can be given to a complainant or other interested party. This could be a basic process flow diagram or a simple, clear step by step explanation. Because there is a need for this, you could as an option include any other information; which you want to keep for inhouse knowledge only; either in the quality manual section on complaints, or in a combined Complaints, Noncorformance and corrective action procedure.

  The following may be of interest:

  • The whitepapers
    Clause-by-clause explanation of ISO 17025:2017 at https://info.advisera.com/17025academy/free-download/clause-by-clause-explanation-of-iso-17025/
    Checklist of mandatory documents required by ISO 17025:2017 at https://info.advisera.com/17025academy/free-download/checklist-of-mandatory-documents-required-by-iso-17025
  • The toolkit Complaint, Nonconformity and Corrective Action Procedure at https://advisera.com/17025academy/documentation/complaint-nonconformity-and-corrective-action-procedure/

• Planning a gage R&r Studies for all instruments

  It would not be correct to carry out the classical Gauge R&R study for measurement systems where human influences and errors do not occur due to the measurer.

  Instead, it may be more accurate to perform bias, linearity, and/or stability studies with master samples. 

• List of certifying bodies for ISO 13485

  Here on this link are notify bodies that are so far accredited for MDR: https://ec.europa.eu/growth/tools-databases/nando/index.cfm?fuseaction=directive.notifiedbody&dir_id=34

  This means that they also have accreditation for ISO 13485. On this list, you have 6 notify bodies from Germany.

  For more information on choosing a certification body, please see following:

  • How to choose a certification body https://advisera.com/blog/2021/01/11/how-to-choose-an-iso-certification-body/

  • Certification of QMS

    Yes, you are right, in the MDR there is no request that the quality management system must be certified. But, as I told yesterday on the webinar, the quality management system will be audited together with the MDR audit. So, once you will receive the MDR certificate it will mean that you have implemented and maintained the quality management system. For more information, see:

    • EU MDR Article 5 – Placing on the market and putting into service https://advisera.com/13485academy/mdr/placing-on-the-market-and-putting-into-service/
    • EU MDR Article 10 – General obligations of manufacturers https://advisera.com/13485academy/mdr/general-obligations-of-manufacturers/

    • Need for ISO 13485 certification for PRRC

      ISO 13485 is a standard for manufacturing medical devices. So, this is not applicable to you. Your company can be certified according to ISO 9001. However, you need to have proof that you are familiar with ISO 13485. This you can obtain by attending a course for ISO 13485 or become a Lead auditor or internal auditor for ISO 13485.

      In MDR, in Article 15 – Person responsible for regulatory compliance is stated which competencies this person need to have a diploma, certificate or other evidence of formal qualification, awarded on completion of a university degree or of a course of study recognized as equivalent by the Member State concerned, in law, medicine, pharmacy, engineering or another relevant scientific discipline, and at least one year of professional experience in regulatory affairs or in quality management systems relating to medical devices.

      For a detailed explanation, see:

      • EU MDR Article 15 https://advisera.com/13485academy/mdr/person-responsible-for-regulatory-compliance/