Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11272 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Verification and validation
You asked
if i done have traceability or stander to calibrate any device can i used ane method created by my lab employee???
Unless the client or regulations require you to use a standard method, the laboratory is free to use any suitable method. “Suitable” means that the method measures what it is supposed to, in the matrix of interest; accurately, and reliably and meets the parameters required by the client; for example for limit of detection and precision. An inhouse method, however, requires a more extensive validation experiments than a standard method.
You also asked
I need ti ask you about calibration based on iso 17025 if should be done by third party on we can do as internal party then records"
Certain calibrations can be performed inhouse, justified based on the assurance risk and the type of measuring equipment. You need to use an external accredited calibration laboratory if you need to meet legal requirements, those of your accrediation program, or do not have the expertise or suitable equipment / calibrators that can provide results with unbroken metrological traceability to international measurement units. Have look at the answer provided for a similar question. “Calibration of laboratory equipment” at https://community.advisera.com/topic/calibration-of-laboratory-equipment/
For further information see the following:
The article What does ISO 17025:2017 require for laboratory measurement equipment and related procedures? at https://advisera.com/17025academy/blog/2019/07/25/iso-17025-measurement-requirements-of-the-standard/
The ISO 17025 document template: Equipment and Calibration Procedure at https://advisera.com/17025academy/documentation/equipment-and-calibration-procedure// -
Implementation difficulties
Raise awareness of people involved with the Information Security Management System and get their engagement are often the most difficult to implement, due to the tendency of employees to resist change.
These articles will provide you additional information:
- The 3 key challenges of ISO 27001 implementation for SMEs https://advisera.com/27001academy/blog/2017/04/17/the-3-key-challenges-of-iso-27001-implementation-for-smes/
- How to perform training & awareness for ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/05/19/how-to-perform-training-awareness-for-iso-27001-and-iso-22301/
These materials will also help you regarding ISO 27001 implementation:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
-
IVD Smartphone glucometers
Hope you are doing safe, recently I joined an IVD startup manufacturing company, the product is Smartphone glucometers there is no predicate device in the market, now we are planning for ISO 13485, could you suggest to me what strategy should be followed for implementation & technical documentation.
Thanks. -
PIMS
Please note that ISO 27701 is based on ISO 27001, adding specific requirements related to the protection of private information, so ISO 27701 would be the best approach for a PIMS.
Regarding ISO 27018, you need to consider this supporting standard only if you have specific requirements regarding the protection of information in the cloud (ISO 27701, like ISO 27001, which has enough controls for overall protection of information in cloud environments).
These articles will provide you a further explanation about ISO 27001, ISO 27018, and ISO 27701:- Relationship between ISO 27701, ISO 27001, and ISO 27002 https://advisera.com/27001academy/blog/2019/12/10/relationship-between-iso-27701-iso-27001-and-iso-27002/
- ISO 27001 vs. ISO 27018 – Standard for protecting privacy in the cloud https://advisera.com/27001academy/blog/2015/11/16/iso-27001-vs-iso-27018-standard-for-protecting-privacy-in-the-cloud/
-
Risk owner
Regardless of the type of risk, the risk owner should be someone with interest and authority to treat the risk.
Considering that, for strategic risks, the owner should be someone from top management.
By aggregated risks, I'm assuming you are referring to a set of related risks. In this case, the risk owner should be a role that can have the authority to treat all risks.
Regarding dynamic risks, the general rule about interest and authority applies.
This article will provide you a further explanation about risk owner:- Risk owners vs. asset owners in ISO 27001:2013 https://advisera.com/27001academy/knowledgebase/risk-owners-vs-asset-owners-in-iso-270012013/
This material will also help you regarding Risk management:
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/