Search results

Home / Search

Category:
Select
Select

11270 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Certificate Maintenance

    1 - The certification body has set 2 days for surveillance audit. what is cost for the second and third year and what is the cost of recertification (Roughly)?

    There is no standard value for surveillance and recertification cost, so this information you need to ask directly to your certification body. Normally contracts with certification bodies are set considering a full certification cycle (i.e., certification audit and surveillance audits), so this information about costs may be included in the contract clauses (the recertification cost is similar to the certification cost). For comparison, you may use quotations from other certification bodies.

    For further information, see this material:

    2 - What happens if for some reason the organization didn't pay for the annual subscription for two years for example and then wanted to re-certify after that.

    First is important to note that there is no such thing as an annual subscription for certification bodies. To keep your certification, you need to undergo surveillance audits at scheduled times, or your certification will be suspended, and in case of prolonged delay (that will be less than two years), the certification will be canceled, and you will need to undergo all the certification process again.

    3 - Is there any hidden cost in the process of yearly audit and recertification audit?

    Some hidden costs you need to pay attention are related to the auditor’s travel costs (if he or she is out of your town), as the client will be responsible for his or her lodging, and the auditors’ fee related to his or her experience in the client's industry because their feedback is considered more valuable.

    For further information, see:

  • Significant Aspect

    No, it is not in the standard that any aspect/impact that has a legal requirement is automatically significant.

    Please check this picture:

    https://www.screencast.com/users/ccruz5284/folders/Default/media/fba24edb-e03b-49e1-8888-4c601d9ded9f

    If an environmental aspect has compliance obligations and they do not comply the aspect is significant, but if they are satisfied then it is up to your evaluation criteria to determine if they are or not significant.
     
    Please check this information below with more detailed answers:

  • 11.2.8 and 11.2.9

    Please note that while control A.11.2.8 aims at equipment (e.g., computers and mobile devices), control A.11.2.9 has a wider coverage, including papers, removable storage media, and other equipment normally found on workstations (e.g., photocopiers).

    In a sense, you can think that control A.11.2.8 can be used to implement a part of control A.11.2.9.

    This article will provide you a further explanation about clear desk policy and clear screen policy:

    This material will also help you regarding clear desk policy and clear screen policy:

  • Mandatory procedures

    No mundo ISO, os requisitos / documentos obrigatórios estão relacionados às palavras “deve” ou “deverá”, enquanto os requisitos / documentos não obrigatórios estão relacionados às palavras “pode” ou “deveria”. Os documentos e registros obrigatórios para cumprir as cláusulas das seções principais da norma (seções 4 a 10) são:

    • Escopo do SGSI (cláusula 4.3)
    • Política e objetivos de segurança da informação (cláusulas 5.2 e 6.2)
    • Avaliação de risco e metodologia de tratamento de risco (cláusula 6.1.2)
    • Declaração de aplicabilidade (cláusula 6.1.3 d)
    • Plano de tratamento de risco (cláusulas 6.1.3 e e 6.2)
    • Relatório de avaliação de risco (cláusula 8.2)
    • Registros de treinamento, habilidades, experiência e qualificações (cláusula 7.2)
    • Resultados de monitoramento e medição (cláusula 9.1)
    • Programa de auditoria interna (cláusula 9.2)
    • Resultados das auditorias internas (cláusula 9.2)
    • Resultados da análise crítica da gestão (cláusula 9.3)
    • Resultados das ações corretivas (cláusula 10.1)

    Outra situação é que alguns documentos são necessários para cumprir controles que são obrigatórios se pelo menos uma dessas situações acontecer:

    • Existem riscos inaceitáveis que justificam a aplicação do controle
    • Existem requisitos legais (por exemplo, leis ou cláusulas contratuais) aos quais a organização deve cumprir que demandam a aplicação do controle
    • Existe uma decisão da alta administração para implementar o controle, considerando-o como uma boa prática.

    Se nenhuma das condições acima acontecer, não há necessidade de implementar um documento relacionado a esse controle.

    Além dos documentos para cumprimento das cláusulas das seções principais, sem uma avaliação detalhada de uma organização, não é possível definir quantos documentos uma organização teria e quais seriam um exagero.

    Estes artigos fornecerão mais explicações sobre os documentos ISO 27001 e seleção de controles:

  • ISO 14001 and engaging an external consultant

    No, it is not a requirement to engage an external consultant to help develop and implement a management system.
    That is precisely one of the reasons for the existence of Advisera, to help organizations to work without the need of a consultant. Please check this article - Do you really need a consultant for implementation of ISO 14001? -  https://advisera.com/14001academy/blog/2019/02/28/do-you-really-need-a-consultant-for-implementation-of-iso-14001/

    Please consider our courses to help practitioners, you can enroll for free:

     

  • ISO 14001 number of electronic copies

    It is up to your organization to decide how many copies are needed. If your organization decides that way you do not even need a Master in paper as original or paper copies. You may have all the documentation only in digital support.

    You may find more information below:

  • ISO 9001 Clause 8.4 implementation

    About 8.4.1
    What processes (subcontracting), what products and services are relevant to the operation of your organization? Relevant in the sense: They help to make a difference; or avoid flaws that the customer recognizes and negatively values In other words, you do not need to apply the requirements of the standard to everything you buy.

    https://www.screencast.com/users/ccruz5284/folders/Default/media/1849f111-5a9d-43b4-8c21-c3536d389d85

    And:

    https://www.screencast.com/users/ccruz5284/folders/Default/media/0739a4bb-2ae0-474c-893e-2c2b8cb1d882

    About 8.4.2, this clause better specifies the part of the control mentioned above.

    8.4.3 is about the information that goes on orders or contracts: The description of the product, service or process (1) Methods, processes or equipment to be used or to be followed in the provision of services (2) Relevant quality control criteria (3) In cases where there is a requirement of competence, mention it (c) It can sometimes make sense to describe means of contact, contact persons, authorities (d) It may make sense to define quality control rules during the provision of the service (e). It is to clarify that the company can go to the supplier's premises to carry out an audit or quality control (f)

    The following material will provide you more information:

     

  • Data sharing

    It depends on the policy of the company. If your colleague has the right to access data to fulfill his/her tasks you can share data, even via the company email. A data breach is an unauthorized access or disclosure, but if your colleague is authorized to access data, GDPR is not a problem. 

    There may be a problem if your email is not protected with encryption or safe transfers protocols (to be sure you may ask your IT department) Usually business email account are safe enough, it would be different if the email address is a personal one (like Gmail or Yahoo or Hotmail with individual plans because these emails have different safeguards.

    Here an article on how increasing cybersecurity can help with GDPR compliance

    To have a deeper idea of the list of requirements of GDPR you can consider enrolling in our free online training EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

  • Working as an assessor for ISO/IEC 17025

    To become an assessor for an accreditation body would involve firstly having the appropriate knowledge of ISO 17025 and secondly the experience and skills to audit ISO 170025 aboratories.  As a lead assessor you would focus on the management requirements, however as a technical assessor you would audit in your area of technical expertise. I suggest you contact your accreditation body as they will have a recruitment and training requirement.  


    For more general information regarding ISO 17025 auditing see the article ISO 17025 technical internal audit: The basics at https://advisera.com/17025academy/blog/2020/11/10/iso-17025-technical-internal-audit-the-basics/ and the white paper How to perform an internal audit using ISO 19011 at https://info.advisera.com/free-download/how-to-perform-an-internal-audit-using-iso-19011
    Also see some further information at the expert questions, which may be of value,
    ·        

  • FDA

    From your question, I assume that you are outside of the US and that your customer wants to register the product on the US market. FDA registration is the basic requirement for all domestic and foreign establishments that manufacture medical devices in the USA. 

    All foreign Establishments must identify a US FDA Agent while in the registration process. This is a mandatory requirement and without US FDA Agent; the registration cannot be completed.

    Owners or operators of places of business that are involved in the production and distribution of medical devices intended for use in the United States (U.S.) are required to register annually with the FDA. This process is known as establishment registration.
Page 247-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +