Search results

Home / Search

Category:
Select
Select

11270 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Coaching

    1) Can ISO 27001 be implemented by a person who is not an expert on the subject of IT system, (I will be the only one and I am Chemist) but who has previously implemented ISO 22000.

    First is important to note that IT controls are only part of the implementation of ISO 27001 (the number of non-related IT controls are greater).
     
    Considering that, your experience in ISO 22000 will help (these standards share many common requirements, like document control, internal audit, management review, etc.), with the proper support.
     
    Our ISO 27001 Documentation toolkit is made for beginners, with little to no knowledge of ISO 27001 (many companies with no experience in ISO 27001 have successfully implemented this standard with our toolkit).
     
    To see how the toolkit looks like, please access this link: https://advisera.com/27001academy/iso-27001-documentation-toolkit/

    For more information, see:

    These materials will also help you regarding ISO 27001:

    2) According to the fact that I am not an expert in information technology, which package is recommended to buy: 797, 1200 or 2000?

    Considering your previous experience with ISO 22000, the toolkit with extended support (our second level toolkit) is a suitable solution, considering the 5 hours of one-on-one support with an ISO 27001 expert (against 1 hour from the toolkit with expert support), the expert review of 5 completed documents (against 1 document review from the toolkit with expert support), and the pre-audit check. In case you identify later that you need more support, you can ask for an upgrade in your toolkit.  

  • Risk and control self assessment

    For risk assessment you can consult these materials:

    To see how documents for risk assessment compliant with ISO 7001 looks like, see: ISO 27001/ISO 22301 Risk Assessment Toolkit https://advisera.com/27001academy/iso-27001-22301-risk-assessment-toolkit/

    For controls self-assessment, see:

  • Finding ISO 27017/18 content

    The documents you are looking for which cover the mentioned clauses can be found in the following folders:

    • Clauses on Service Agreements with cloud providers is covered by the Appendix – Security Clauses for Clients, Suppliers and Partners, located on folder 08 Annex A >> A.15 Supplier relationships
    • User Data Privacy Protection Agreement Guidelines is covered by the Appendix – Security Clauses for Clients, Suppliers and Partners, located on folder 08 Annex A >> A.15 Supplier relationships and Policy for Data Privacy in the Cloud, located on folder 04 Information Security Policy
    • Security Requirements Specification is covered by the Appendix – Security Requirements Specification, located on folder 08 Annex A >> A.14 System acquisition development and maintenance

    By the way, included in your toolkit there is a List of Documents file which points out which document covers which clauses and controls from these standards.

  • Corrective action timeline

    Attention, you are using correction and corrective action interchangeably. That is not right. First, you develop a correction to eliminate the nonconformity and its consequences. Then, if your organization decides to develop a corrective action, after determining the reason for the problem, the root cause(s), you have to implement a corrective action and, according to ISO 9001:2015 clause 10.2.1 d), you should review the effectiveness of the corrective action. So, you should state both criteria and a timeline to evaluate the effectiveness of the action.

    Please check the following information:

  • Performing validation of process/activity

    According to requirement 7.5.6 Validation of processes for production and service provision, validation must be done for processes in which the resulting output cannot be verified by subsequent monitoring or measurement. It means that, for example, validation is not necessary when the mass of the medical device is in question, because you can weigh each product and check is the mass according to the specification. However, if you have a sterile product, it is not easy to check the sterility of the product. In that case, you need to dexterous the product and make an analysis of sterility. This is not convenient because you will destroy all your products and have a lot of costs. For such processes, validation must be performed. 

    Therefore, validation is documented evidence that declares a process or system will consistently meet a predetermined specification. It is a series of documented tests and gathered information that proves a system will produce a product that meets all specifications and standards. 

    Very often, there are standards that guide you on what has to be done to validate certain processes. Some of the most used standards for validations for medical devices are the following:

    • ISO 11737-2:2019(en) - Sterilization of health care products — Microbiological methods — Part 2: Tests of sterility performed in the definition, validation, and maintenance of a sterilization process
    • ISO 11135:2014 Sterilization of health-care products — Ethylene oxide — Requirements for the development, validation, and routine control of a sterilization process for medical devices
    • ISO 11607-2:2019 Packaging for terminally sterilized medical devices — Part 2: Validation requirements for forming, sealing, and assembly processes
    • ISO 14644-2:2015(en)
    • Cleanrooms and associated controlled environments — Part 2: Monitoring to provide evidence of cleanroom performance related to air cleanliness by particle concentration

    For more information about this topic, please see the following articles:

    • Using ISO 13485 to manage process validation in the medical device manufacturing industry https://advisera.com/13485academy/blog/2017/09/07/using-iso-13485-to-manage-process-validation-in-the-medical-device-manufacturing-industry/
    • How to establish process validation in the QMS https://advisera.com/9001academy/blog/2017/01/31/how-to-establish-process-validation-in-the-qms/

    • Environmental sample handling

      In terms of ISO 17025; Sampling (clause 7.3), Handling of Samples (clause 7.4) and Facilities and environmental conditions (clause 6.3) conditions must be met. Record keeping, including chain of custody records are crucial. The actual best practices will depend on the parameter to be tested, and your sector / regulations. All will, however, cover sampling, preservation, handling, transport and storage. The requirements for microbiological, chemical, toxicological and biological assays differ widely, and cannot unfortunately be detailed in this response. There are International and National standards available, as well as guidance from organisations such as WHO, EPA and FDA; that you can look at.

      Have a look at the ISO International Classification for Standards (ICS) 13, for Environment, Health protection and Safety (https://www.iso.org/ics/13/x/) with 13.060 covering Water Quality (https://www.iso.org/ics/13.060/x/). Here, for example, you will find access to ISO 5667-3:2018 Water quality — Sampling — Part 3: Preservation and handling of water samples. For microbiology look at ISO 19458:2006 Water quality — Sampling for microbiological analysis.

      For WHO, EPA and FDA guidelines, I suggest you got their websites and search, based on your specific criteria. For example https://nepis.epa.gov/Exe/ZyPDF.cgi/P1000PUE.PDF?Dockey=P1000PUE.PDF provides the latest Supplement 1to the Fifth Edition of the Manual for the Certification of Laboratories Analyzing Drinking Water.

      For more information on ISO 17025 requirements for Sampling (clause 7.3), Handling of Samples (clause 7.4) and Facilities and environmental conditions (clause 6.3), see the ISO 17025 toolkit at https://advisera.com/17025academy/iso-17025-documentation-toolkit/

    • Customer specific requirements

      Customer-specific requirement (CSR) is very important for the IATF 16949: 2016 standard. The standard requires customer-specific requirements (CSR) to be evaluated and adapted to the quality management system.

        1. CSRs should be read, and additional expectations should be indicated in a table. The table can be in any format you want. The table should show a match with the special requirement and documents in your quality management system.
        2. Special requirements contained in CSRs should be mentioned in Quality management documentation such as the relevant process, procedure, instruction, and/or quality manual.
        3. Of course, the relevant process owners should be knowledgeable and trained about these special requests. For example, one special requirement of VW is to make a process according to VDA 6.3. In summary, this requirement should be shown in the table, it should be matched with your QMS document, this requirement should be input into the relevant document. You should use the VDA 6.3 format for internal audit reports and your internal auditors should be VDA 6.3 certified.

      After reviewing the CSRs, it is also important to document an action plan about the issues you cannot comply with. This means that the CSR has been reviewed by the organization and there is awareness. Open actions should be completed as soon as possible.

      For more information, see:

Page 255-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +