Search results

Home / Search

Category:

Sort by:

Select

Types of user:

Select

11275 results

Guest

Create New Topic As guest or Sign in

Business department* About business* Organization size*

Title *

Body *

HTML tags are not allowed

Category *

Select

Assign topic to the user

Select user

ISO 14001 number of electronic copies

It is up to your organization to decide how many copies are needed. If your organization decides that way you do not even need a Master in paper as original or paper copies. You may have all the documentation only in digital support.

You may find more information below:
- How to structure ISO 14001 documentation - https://advisera.com/14001academy/blog/2016/11/28/how-to-structure-iso-14001-documentation/
- Free online training ISO 14001:2015 Foundations Course -https://advisera.com/training/iso-14001-internal-auditor-course/
- Book - Managing ISO Documentation: A Plain English Guide - https://advisera.com/books/managing-iso-documentation-plain-english-guide/
ISO 9001 Clause 8.4 implementation

About 8.4.1
What processes (subcontracting), what products and services are relevant to the operation of your organization? Relevant in the sense: They help to make a difference; or avoid flaws that the customer recognizes and negatively values In other words, you do not need to apply the requirements of the standard to everything you buy.

And:

About 8.4.2, this clause better specifies the part of the control mentioned above.

8.4.3 is about the information that goes on orders or contracts: The description of the product, service or process (1) Methods, processes or equipment to be used or to be followed in the provision of services (2) Relevant quality control criteria (3) In cases where there is a requirement of competence, mention it (c) It can sometimes make sense to describe means of contact, contact persons, authorities (d) It may make sense to define quality control rules during the provision of the service (e). It is to clarify that the company can go to the supplier's premises to carry out an audit or quality control (f)

The following material will provide you more information:
- Purchasing in QMS – The Process & the Information Needed to Make it Work - https://advisera.com/9001academy/blog/2014/03/18/purchasing-qms-process-information-needed-make-work/
- Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ where I use the risk-based thinking in several examples.
Data sharing

It depends on the policy of the company. If your colleague has the right to access data to fulfill his/her tasks you can share data, even via the company email. A data breach is an unauthorized access or disclosure, but if your colleague is authorized to access data, GDPR is not a problem.

There may be a problem if your email is not protected with encryption or safe transfers protocols (to be sure you may ask your IT department) Usually business email account are safe enough, it would be different if the email address is a personal one (like Gmail or Yahoo or Hotmail with individual plans because these emails have different safeguards.

Here an article on how increasing cybersecurity can help with GDPR compliance
- How cybersecurity solutions can help with GDPR compliance https://advisera.com/eugdpracademy/blog/2017/11/27/how-cybersecurity-solutions-can-help-with-gdpr-compliance/
To have a deeper idea of the list of requirements of GDPR you can consider enrolling in our free online training EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//
Working as an assessor for ISO/IEC 17025

To become an assessor for an accreditation body would involve firstly having the appropriate knowledge of ISO 17025 and secondly the experience and skills to audit ISO 170025 aboratories. As a lead assessor you would focus on the management requirements, however as a technical assessor you would audit in your area of technical expertise. I suggest you contact your accreditation body as they will have a recruitment and training requirement.

For more general information regarding ISO 17025 auditing see the article ISO 17025 technical internal audit: The basics at https://advisera.com/17025academy/blog/2020/11/10/iso-17025-technical-internal-audit-the-basics/ and the white paper How to perform an internal audit using ISO 19011 at https://info.advisera.com/free-download/how-to-perform-an-internal-audit-using-iso-19011
Also see some further information at the expert questions, which may be of value,
·
- ISO 17025 Lead Auditor Certification at https://community.advisera.com/topic/iso-17025-lead-auditor-certification/
- ISO 17025 Auditing at https://community.advisera.com/topic/iso-17025-auditing/ that mentions our ISO 9001 Internal Auditor Course (https://advisera.com/training/iso-9001-internal-auditor-course/ modules 5 to 8 that provide the details, also applicable to ISO 17025.
FDA

From your question, I assume that you are outside of the US and that your customer wants to register the product on the US market. FDA registration is the basic requirement for all domestic and foreign establishments that manufacture medical devices in the USA.

All foreign Establishments must identify a US FDA Agent while in the registration process. This is a mandatory requirement and without US FDA Agent; the registration cannot be completed.

Owners or operators of places of business that are involved in the production and distribution of medical devices intended for use in the United States (U.S.) are required to register annually with the FDA. This process is known as establishment registration.
ISO 14001 Clause 6.1.4.2b

Your organization has a list of compliance obligations. If you mention clause 6.1.4 it is because previously there was some problem(s) with compliance obligations and your organization developed a project with a set of actions to be done.

Was that set of actions effective?

If they were effective there is no problem(s) with compliance obligations today. Something like:

What is important is that the problem(s) disappeared!

Now, if you want to follow the standard by the book you need to introduce clause 9.1.2 – Compliance evaluation.

In this case, the conclusions of 9.1.2 (compliance evaluation) are used to evaluate effectiveness as in 6.1.4 b)2 (check there the note to see clause 9.1)

Please consider the following information:
- Environmental performance evaluation - https://advisera.com/14001academy/blog/2015/07/06/environmental-performance-evaluation/
- How to perform communication related to the EMS - https://advisera.com/14001academy/blog/2015/08/31/how-to-perform-communication-related-to-the-ems/
- Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
- Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/
Incident Management Procedure

1 - I really liked the document, I just have a question, is this document based on ISO/IEC 27000:2009? Is there any updated document according to ISO/IEC 27000:2013?

Please note that the main ISO standard for information security is ISO 27001 (which defines the requirements for the management system and potentially applicable controls), not ISO 27000 (which only defines vocabulary).

Considering that, our ISO 27001 templates, including the Incident Management Procedure, are based on the ISO 27001:2013, which is the current version of the standard.

For resources about incident management, please see:
- How to handle incidents according to ISO 27001 A.16 https://advisera.com/27001academy/blog/2015/10/26/how-to-handle-incidents-according-to-iso-27001-a-16/
- Using ITIL to implement ISO 27001 incident management https://advisera.com/27001academy/blog/2015/11/10/using-itil-to-implement-iso-27001-incident-management/t/
This material will also help you regarding incident management:
- ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
2 - And also do you have a document which contains the list of incidents, event which can be considered as security incident?

An incident is a risk that has occurred. Considering that, you can use the following resources to built your own list of potential incidents:
- ISO 27001 risk assessment: How to match assets, threats, and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
- Catalogue of threats & vulnerabilities https://advisera.com/27001academy/knowledgebase/threats-vulnerabilities/
This material also can help you:
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
List of points needed for making infrastructure GDPR compliment

It is not clear from your question if you refer to the company infrastructure concerning assets and organization or to the IT infrastructure. In general, there are different levels to consider from an infrastructure point of view.

The first of all is the privacy by design principle: you need that your infrastructure project considers GDPR requirements from the very beginning (what kind of data are going to be processed, for what purposes, how long data will be processed, who can access, how data will be secured). The Data Processing Impact Assessment process can help you to focus on specific GDPR requirements and design the infrastructure accordingly.

Then the privacy by default principle: your infrastructure should be settled considering GDPR requirement at its strictest. (i.e., setting data retention periods, defining the process to manage data subjects rights, following the data minimization principle which requires companies to collect and process only personal data which are necessary to reach the purpose for which had been collected). Internal policies and the registry of data processing will help you.

Adopting security measures refers to all the organizational and technical processes to ensure security. (i.e. internal policies on document access, on teleworking, on bringing your own device policies, or email security protocols, VPN, antivirus, antimalware, and so on.).

The GDPR leaves up to the controller the choice of the solutions which fit better to its own organization. The balance is among the state of the art, the costs, the kind of personal data involved, and the threat to individual’s rights and freedom arising from data processing which may differ from the brick and mortar shop to the marketing agency which monitors the behavior of customers and run targeted marketing campaigns.

Here you can find more information to start implementing GDPR:
- A summary of 10 key GDPR requirements https://advisera.com/eugdpracademy/knowledgebase/a-summary-of-10-key-gdpr-requirements/
- First steps to take to reach GDPR compliance: https://advisera.com/eugdpracademy/blog/2018/10/08/first-steps-to-take-to-reach-gdpr-compliance/
- Understanding 6 key GDPR principles https://advisera.com/eugdpracademy/knowledgebase/understanding-6-key-gdpr-principles/
- How cybersecurity solutions can help with GDPR compliance https://advisera.com/eugdpracademy/blog/2017/11/27/how-cybersecurity-solutions-can-help-with-gdpr-compliance/
To have a deeper idea of the list of requirements of GDPR you can consider enrolling in our free online trainingEU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//
Compliance with multiple standards

Deciding to apply for ISO certification is not a technical decision, it is a management decision. Normally, organizations decide to implement ISO 14001 because customers require it, or because being ISO 14001 certified is good for business because of customer requirements.

Please check the information below about implementation:
- Free webinar on demand - How to use a Documentation Toolkit for the implementation of ISO 14001 - https://advisera.com/14001academy/webinar/how-to-use-a-documentation-toolkit-for-the-implementation-of-iso-14001-free-webinar-on-demand/
- List of ISO 14001 implementation steps - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/list-of-iso-14001-implementation-steps/
- ISO 14001:2015 Implementation diagram - https://info.advisera.com/14001academy/free-download/iso-14001-2015-implementation-diagram
- Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
- Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/