Search results

Question about ISO 27001 and ISO 27017

Please note that ISO 27017 is a supporting standard, providing guidance and recommendations for the implementation of cloud-related controls, and it does not have the requirements for a management system.
 
Considering that, if you are considering implementing an Information Security Management System, then you need ISO 27001 (it is enough to cover cloud security requirements, and you will only need ISO 27017 if you have specific legal requirements demanding the use of ISO 27017).
 
Now, if you are considering only adopting specific cloud-related controls, without using the support of a management system, then you can use only ISO 27017.  

These articles will provide you a further explanation about ISO 27001 and ISO 27017:

• What is ISO 27001 https://advisera.com/27001academy/what-is-iso-27001/
• ISO 27001 vs. ISO 27017 – Information security controls for cloud services https://advisera.com/27001academy/blog/2015/11/30/iso-27001-vs-iso-27017-information-security-controls-for-cloud-services/

Análisis de riesgos para el Sistema de Gestión Ambiental

Para llevar a cabo el análisis de los riesgos y oportunidades primero debemos identificar los riesgos asociados al contexto de la organización y las partes interesadas que afecten al negocio ( por ejemplo, tendencias en la tecnología, o emisiones de la industria a la atmósfera), a los aspectos ambientales de los procesos de la organización, y a las distintas fases del ciclo de vida de los productos y servicios ofrecidos por la organización.

La norma ISO 14001 no establece una gestión formal de los riesgos por lo que la organización deberá seleccionar el método, según sus características, situación, dimensiones, contexto, etc. pudiendo consistir en un simple proceso cualitativo o en una evaluación cuantitativa completa. Puede seleccionar una serie de criterios como la frecuencia, escala de impacto, etc. Una vez a cada riesgo se le asigne un valor puede establecer aquellos riesgos más significativos con los cuales tendrá que adoptar las acciones correspondientes.

Para más información sobre el análisis de riesgos en ISO 14001, vea los siguientes materiales:

- Gestión de riesgos en ISO 14001:2015: qué, por qué y cómo: https://advisera.com/14001academy/es/knowledgebase/gestion-de-riesgos-en-iso-140012015-que-por-que-y-como/

- Webinar gratuito - ISO 14001: identificación y evaluación de los aspectos ambientales: https://advisera.com/14001academy/es/webinar/iso-14001-identification-and-evaluation-of-environmental-aspects-free-webinar-on-demand/

- Curso gratuito en línea - Fundamentos de ISO 14001:2015: https://advisera.com/training/es/course/curso-fundamentos-iso-14001/

-  Libro – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/

Measurment uncentriy

The Expert Advice responses to the following will provide some suitable information.

ISO 17025 queries (question 2. I do not understand the concept of measurement uncertainty. Can you help me with it?) at https://community.advisera.com/topic/iso-17025-queries/
Measurement uncertainty at https://community.advisera.com/topic/measurement-uncertainity/
 Also have a look at the ISO 17025 toolkit document template: Evaluation of Measurement Uncertainty Procedure at https://advisera.com/17025academy/documentation/evaluation-of-measurement-uncertainty-procedure/ This  covers the basic principles and steps to plan, measure and calculate the data required for an evaluation of measurement uncertainty. The two appendices related to the document, Measurement Uncertainty Checklist and Measurement Uncertainty Record support the process. I recommend you also look to your sector and suppliers for commonly used approaches.

Contamination/requirements for sterile medical device contamination intro vitro diagnostic device (IVD) (i.e. IVD)?

1. What would you suggest on measures that could be taken to implement contamination control and work instruction/procedure with a checklist maybe?

To answer this question, I need to know what kind of medical device you have. Contamination control is definitively depending on the type of medical devices.

2. Also, Is there a Quality Manual checklist anywhere that actually provides me with the requirements that the Quality Manual must include?

Following article can help you to prepare the Quality manual for ISO 13485:2016:

• How to manage the Quality Manual according to ISO 13485:2016 requirements https://advisera.com/13485academy/knowledgebase/how-to-manage-the-quality-manual-according-to-iso-13485-requirements/

Also, you can see on this link how we have prepared the Quality Manual in our ISO 13485:2016 documentation toolkit:

• Quality Manual https://advisera.com/13485academy/documentation/quality-manual-iso-13485-2016/
• ISO 13485:2016 Documentation Toolkithttps://advisera.com/13485academy/iso-13485-documentation-toolkit/

• What in ISO 14534: 2015 should be applied to contact lens care products?

  Standard ISO 14534:2011 is a technical standard that specifies safety and performance requirements for contact lenses, contact lens care products, and other accessories for contact lenses. So, it is necessary to have this standard and see what are specific requirements regarding the contact lens care products. 

  MDD 93/42/EEC specifies what needs to be done to show that every medical device is safe for performance. MDD asks the manufacturer to prepare the technical file which has in general following elements: description of the medical device (for example characteristics, content, type of the raw material, technical drawings, manufacturing process, clean room characteristics), clinical evaluation, post-market surveillance system, essential requirement checklist, declaration of conformity, stability testing, biocompatibility testing. To fulfill all of these requirements for contact lens care products you need to know what are the specific requirements for those products that are described in the ISO 14534:2011.  

• Coaching

  1) Can ISO 27001 be implemented by a person who is not an expert on the subject of IT system, (I will be the only one and I am Chemist) but who has previously implemented ISO 22000.

  First is important to note that IT controls are only part of the implementation of ISO 27001 (the number of non-related IT controls are greater).
   
  Considering that, your experience in ISO 22000 will help (these standards share many common requirements, like document control, internal audit, management review, etc.), with the proper support.
   
  Our ISO 27001 Documentation toolkit is made for beginners, with little to no knowledge of ISO 27001 (many companies with no experience in ISO 27001 have successfully implemented this standard with our toolkit).
   
  To see how the toolkit looks like, please access this link: https://advisera.com/27001academy/iso-27001-documentation-toolkit/

  For more information, see:

  • What is ISO 27001 https://advisera.com/27001academy/what-is-iso-27001/
  • Where to start from with ISO 27001 https://advisera.com/27001academy/knowledgebase/iso-27001-where-to-start-most-important-materials/

  These materials will also help you regarding ISO 27001:

  • Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
  • 27001 Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

  2) According to the fact that I am not an expert in information technology, which package is recommended to buy: 797, 1200 or 2000?

  Considering your previous experience with ISO 22000, the toolkit with extended support (our second level toolkit) is a suitable solution, considering the 5 hours of one-on-one support with an ISO 27001 expert (against 1 hour from the toolkit with expert support), the expert review of 5 completed documents (against 1 document review from the toolkit with expert support), and the pre-audit check. In case you identify later that you need more support, you can ask for an upgrade in your toolkit.