Search results

Writing quality SOP for work infrastructure

In SOP for infrastructure you need to consider the following:

• Description of the buildings, workspace, and associated utilities
• What kind of the process equipment you have (both hardware and software)
• What kind of supporting service you have

More information on this topic you can find in the following article:

• Managing medical device infrastructure requirements according to ISO 13485:2016 https://advisera.com/13485academy/blog/2017/06/28/managing-medical-device-infrastructure-requirements-according-to-iso-13485/

You can also see how the procedures for infrastructure and records of the infrastructure maintenance in our ISO 13485:2016 documentation toolkit look like:

• Procedure for Infrastructure and Work Environment https://advisera.com/13485academy/documentation/procedure-for-infrastructure-and-work-environment-iso-13485-2016/
• Record of Infrastructure Maintenance https://advisera.com/13485academy/documentation/record-of-infrastructure-maintenance-iso-13485-2016/

• EU GDPR membership and countries outside of the membership

  Concerning the EU GDPR membership and countries outside of the membership;The EU GDPR will be mirrored by the UK-GDPR version - would this be subject to regular reviews?

  The UK chose to mirror the EU GDPR in order to have an adequate decision by the EU Commission and not lose the free flow of data among EU and UK. It is difficult to forecast regular reviews, either on the EU GDPR or the UK GDPR side.We can imagine a coherent evolution for both regulations in order to provide a standard to controllers and processors, but most will depend on how the relationship between the UK and the EU will continue.

  Hypothetically, if the EU were to break up - would the GDPR be able to continue under a unified, but individual country membership?I live in the UK (Scotland) and hope this does not become a reality.

  The EU GDPR is a regulation of the EU and it produces effects in Member State on the basis of the EU Treaties. In the unlikely event of EU break up, the Treaties will not produce their effects anymore and the GDPR will have no effects in the former EU States unless the country mirrors it with internal legislation. The negotiation on the dissolving EU may also end with an international agreement adopting the GDPR as a separate treaty in order to benefit each State of the same regulation. 

  Here you can find more information on the territorial scope of the GDPR

  • What is the EU GDPR and why is it applicable to the whole world? https://advisera.com/eugdpracademy/knowledgebase/what-is-the-eu-gdpr-and-why-is-it-applicable-to-the-whole-world/

  To have a deeper idea of the list of requirements of GDPR you can consider enrolling in our free online training EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

• GDPR Certification

  There is no certification process of compliance with GDPR. However, some ISO standards like ISO 27001 and 27701 may end up in conformity to GDPR requirements.

  Here you can find more information about ISO 27001 and GDPR:

  • Does ISO 27001 implementation satisfy EU GDPR requirements? https://advisera.com/27001academy/blog/2016/10/17/does-iso-27001-implementation-satisfy-eu-gdpr-requirements/
  • Privacy, cybersecurity, and ISO 27001 – How are they related?: https://info.advisera.com/27001academy/free-download/privacy-cyber-security-and-iso-27001

  There is also our Free webinar:

  • How to integrate GDPR with ISO 27001 https://advisera.com/eugdpracademy/webinar/how-to-integrate-gdpr-with-iso-27001-free-webinar-on-demand/

  To have a deeper idea of the list of requirements of GDPR you can consider enrolling in our free online training EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

• Discussion regarding CSR

  If the organization's OEM automotive customer is Ford, Customer-specific requirements (CSR) are already available on the IATF web page and the FORD portal. Therefore, FORD does not give its specific requirements separately.

  Your customer portal usage is opened by the customer and you enter it with your password. Portal usage is available for all automotive IATF OEM customers and CSR’s are also uploaded on the IATF website.

  If your customer is not Ford, you should use your main customers' customer-specifics requirements (CSR). You should request CSR from your main customer. 

  The major finding is that CSRs are not reviewed, included in the quality management system, and not implemented

  For more information, please see the following article:

  • How to satisfy customer-specific requirements when implementing IATF 16949  https://advisera.com/16949academy/blog/2019/07/02/iatf-16949-customer-specific-requirements-how-to-meet-them/

  • Medical Device File

    Yes, it is the same. In the ISO 13485:2016 requirement, 4.2.3 Medical device file is stated that an organization must establish the medical device file with the content not limited to the one that is described there. Also, requirement 4.1 states that the organization must be in compliance with all necessary regulatory requirements. 

    On the EU market, it is not possible to put a medical device without having a technical file under the MDD 93/42/Eec or, from May 2021. according to the MDR 2017/745. 

    For more information please see the following articles:

    • How to determine regulatory requirements according to ISO 13485:2016 https://advisera.com/13485academy/knowledgebase/how-to-determine-regulatory-requirements-according-to-iso-13485/
    • How can ISO 13485 help with MDR compliance? https://advisera.com/13485academy/blog/2020/03/09/how-can-iso-13485-help-with-mdr-compliance/
    • How to use ISO 13485 to fulfill FDA regulatory classes for medical devices https://advisera.com/13485academy/blog/2017/09/14/how-to-use-iso-13485-to-fulfill-fda-regulatory-classes-for-medical-devices/

    • ISO Accreditation 17025

      I assume you are asking how ISO 17025 accreditation would assist you improve the quality of testing ? Your laboratory would benefit from implementing ISO 17025 as the purpose is to guide laboratories to achieve competency and consistently valid results. What you mentioned would be the laboratory’s scope of testing. Method development, validation and measurement uncertainty will be an important focus to achieve your scope.

      For further information see the following:

      • The whitepaper Clause-by-clause explanation of ISO 17025:2017 at https://info.advisera.com/17025academy/free-download/clause-by-clause-explanation-of-iso-17025/
      • The article What does ISO 17025:2017 require for laboratory measurement equipment and related procedures? at https://advisera.com/17025academy/blog/2019/07/25/iso-17025-measurement-requirements-of-the-standard/
      • The ISO 17025 toolkit at https://advisera.com/17025academy/iso-17025-documentation-toolkit/ and the document template: Equipment and Calibration Procedure at https://advisera.com/17025academy/documentation/equipment-and-calibration-procedure//

    • Calibration

      That would not be appropriate to calibrate an auto titrator. Note firstly that ”a grade glassware” is not a Certified Reference material.  The glassware does not come with an individual calibration certificates. 

      Your equipment supplier or equipment manual should provide you with suitable information, Simply stated, you would need to use a suitable balance and determine the volume dispensed gravimetrically; or use a primary standard for titration to determine the linearity and correlation coefficient of the auto titrator.  Depending on the methods you use, you would select a suitable primary standard and titrate a range of five quantities as per your method to provide data for the calculations.

      The following toolkit document, with associated records may be of interest Equipment and Calibration Procedure at https://advisera.com/17025academy/documentation/equipment-and-calibration-procedure//

    • Risk analysis

      It's our policy not to make recommendations about technologies or products, but from our experience with small and midsized businesses, the excel base tool is still the best solution balancing cost and effectiveness.

      To make a usability benchmark, I suggest you see the free demo of our Risk Assessment table (it has been widely used by small and midsized businesses all around the world in their certified ISO 27001 ISMSs). This template used the approach asset-threat, vulnerability.

      You can see a demo of this template at this link: https://advisera.com/27001academy/documentation/risk-assessment-table/

      These articles will provide you a further explanation about risk assessment according to ISO 27001:

      • ISO 27001/ISO 27005 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
      • How to organize initial risk assessment according to ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/04/29/how-to-organize-initial-risk-assessment-according-to-iso-27001-and-iso-22301/
      • ISO 27001 risk assessment: How to match assets, threats, and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
      • How to assess consequences and likelihood in ISO 27001 risk analysis https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#assessment
      • The basics of risk assessment and treatment according to ISO 27001 [free webinar on demand] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/

    • CIA, Privacy and risk management

      Please note that ISO 27001 specifies that the CIA is directly related to risks (6.1.2 c 1), and to consequences (i.e., impacts) (6.1.2 d 1), and asset value (in your case privacy severity) is defined in terms of legal requirements (e.g., laws, regulations, and contracts), and their criticality and sensitivity to compromise due to realized risks.

      There is no direct relation between the CIA triad and Asset value to probability.

      For further information, see:

      - ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/

      - How to assess consequences and likelihood in ISO 27001 risk analysis https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#assessment

      This material can also help you:
      - Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/

      - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

    • OH&S Objectives

      The new requirements for OH&S objectives are for you to create your objectives, and then to create a plan to achieve them including steps that state who needs to do what, with what resources, by what time and how you are going to know that each step is done. Your OH&S objective should have a target and timeline for full completion (that lines up with your plan), such as “We will reduce workplace injuries and near misses from 5 per month to 1 per month by June 2021”. So, your OH&S objective is a chosen improvement that you are trying to make, and each step of your plan is working towards this improvement. You track the realization of your plan towards your objective through the closure of your plan steps.

      As for Key Performance Indicators (KPI), these are the important measurables you have chosen to track for your OHSMS, such as number of injuries per month, or number of near misses per month. AS per the example above, if your OH&S objective aligns with a KPI then as you track your KPI over the next several months you should see the reduction in injuries and near misses each month as you plan progresses, with the goal of reaching the target in your objective. It is important to note that not every OH&S objective will be linked to a KPI, and you do not need to create an objective for every KPI you track, but when they do line up this is helpful.

      You can read more on OH&S objectives in the article: How to define ISO 45001 objectives and plans, https://advisera.com/45001academy/blog/2018/12/04/how-to-define-iso-45001-objectives-and-plans/