Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Perform an audit using ISO 17025 guidelines

    To succeed with effective internal audits, the purpose and ISO 17025 requirements of clause 8.8 (internal auditing) must be clearly understood and met. A good understanding of the ISO 17025:2017 standard is needed as the audit criteria will be ISO 17025 and the laboratory’s own requirements. Refer to the white paper Clause-by-clause explanation of ISO 17025:2017. Internal auditing in an ISO 17025 laboratory involves auditing both management and technical activities. Plan the technical and management audits separately.  Select Technical auditors who have a good technical working knowledge of the particular technical activity they are auditing. Base your approach on the general guidelines of the ISO 19011 standard, Guidelines For Auditing Management Systems. Techniques / tools that will assist include checklists, document reviews, questioning and listening during interviews, and witnessing of activities. Follow these steps as a guideline:

    1. Seek objective evidence against the audit criteria.
    2. Document observations, recording audit findings, documents and records supplied during the audit, including version.
    3. Justify confirmation of findings as compliant or noncompliant against the audit criteria.
    4. Discuss the noncompliant findings with the auditees and raise nonconformances (NC) using the process agreed to, either within the audit report or on a NC form.

    The following will provide more information:

  • Mandatory roles in ISO 9001

    ISO 9001 does not prescribe any particular role. ISO 9001 gives total freedom to organizations about the way they distribute responsibilities and authorities among their people.

    You can find more information below:

  • Record Retention

    AS9100 does not dictate where to identify the record retention for each of your records, so you can do so in either procedure that you choose. We often recommend that each procedure that has a record includes a listing of records that gives the detail of how long the record will be kept, but exactly how you do this is up to you. You should also not that not all processes in the QMS require a documented procedure to be written in order to meet the requirements.

    You can read more on the new requirements for procedures and records in AS9100 in the article: A new approach to document and record control in AS9100, https://advisera.com/9100academy/knowledgebase/new-approach-to-document-and-record-control-in-as9100/

  • Changes to consider in regulating data transfer between EU and US

    The Schrems II decision revoked the adequacy decision that the EU Commission made over Privacy Shield. Before this decision data transfer between the EU and the US was allowed, because Privacy Shield was considered to provide an adequate safeguard for data and rights of EU individuals. Now the US is not considered to provide adequate safe space for privacy and rights of individuals, so the GDPR requires that controller and processor adopt Standard Contractual Clauses (SCC) in order to implement rights and safeguards on behalf of data subjects.

    You need to consider that your US recipient of data transfer can offer you a standard of data protection which is compliant with GDPR and use in your legal undertaking the Standard Contractual Clauses.

    Here you can find our free template with Standard Contractual clauses: https://info.advisera.com/eugdpracademy/free-download/standard-contractual-clauses-annexes

    You can find some information about data transfer under GDPR here:

    You can also consider enrolling in this free online training EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

  • Is acceptance of COOKIES part of GDPR?

    Cookies are mainly regulated by e-privacy EU Directive 2002/58/EC (actually there is a discussion to approve the e-privacy Regulation but there is no prevision about its final adoption and entering into effects). However, cookies can be considered as part of GDPR compliance, because of Article 7 GDPR on consent request that the data subject needs to give consent for each data processing activity. This means that if I run a website, I need to ask consent to users to track them and maybe to monitor their behavior on the website. I need to ask consent for each data processing which is not strictly necessary to make the website working. 

    The importance of consent on cookies had been stressed in May 2020 by the European Data Protection Board with its Guidelines on consent:  https://edpb.europa.eu/sites/edpb/files/files/file1/edpb_guidelines_202005_consent_en.pdf

    Here you can find more information:

    You can also consider enrolling in this free foundation course:EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course// 

  • Numerically estimating probability of occurrence and severity in context of risk assessment in the processing of personal data

    "Vorrei capire meglio come è possibile stimare numericamente la probabilità di accadimento e la severity nell'ambito della valutazione del rischio nel trattamento dei dati personali: esistono metriche descritte nelle norme ? Es. se scala probabilità è da 1 a 5, considerare 1 se si verifica un evento ogni più di 20 anni, 2 se tra 10 e 20, ecc.. Analogamente si dovrebbe fare per la gravità di un evento: come quantificare l'entità del "danno" ? Credo che questo approccio possa trovare applicazione nel DPIA, quando previsto."

     

    Il rischio viene definito come il prodotto della gravità per la probabilità del verificarsi di un evento. Il rischio preso in considerazione dal GDPR è quello relativo all’impatto sui diritti e le libertà dell’individuo che deriverebbero dalla violazione delle norme del GDPR (mancata informazione sul trattamento, violazione dei diritti dell’interessato del trattamento, rischio di discriminazione). 

    Le linee guida sulla DPIA emanate dall’Agenzia Europea sulla cibersicurezza (ENISA) offrono proprio la guida che cerchi anche con riferimento a settori particolari come quello medico e sicuramente sono uno strumento utile per effettuare una valutazione del rischio.

    Qui puoi trovare altre informazioni:

    Puoi anche valutare di seguire il nostro corso
    EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course/

  • Statistical techniques used while analyzing the data according to ISO 13485

    It really depends on your knowledge, what kind of data do you collect and analyze. However, the most used methods are:

      1. Mean, average - allows for determining the overall trend of a data set, as well as the ability to obtain a fast and concise view of the data

      2. Standard deviation – a method of statistical analysis that measures the spread of data around the mean

      3. Regression - is the relationship between a dependent variable (the data you’re looking to measure) and an independent variable (the data used to predict the dependent variable)

      4. Statistical process control - statistical techniques to control a process or production method. This method can help you monitor process behavior, discover issues in internal systems, and find solutions for production issues. Statistical process control is often used interchangeably with statistical quality control. 

      5. Pareto analysis - simple decision-making technique for assessing competing problems and measuring the impact of fixing them. This allows you to focus on solutions that will provide the most benefit.

    • Scope of areas under ISO 27001

      1. Kindly send the scope of areas under ISO 27001. 

      I'm assuming you are referring to the areas covered by controls of ISO 27001 Annex A.

      Considering that, these are the areas covered by ISO 27001:

      • Information security policies
      • Organization of information security
      • Human resource security
      • Asset management
      • Access control
      • Cryptography
      • Physical and environmental security
      • Operations security
      • Communications security
      • System acquisition, development, and maintenance
      • Supplier relationships
      • Information security incident management
      • Information security aspects of business continuity management
      • Compliance

      For further information, see:

      2. Does it cover all areas under IS Audit

      I'm assuming that by IS Audit you mean Information System Audit.

      Considering that, ISO 27001 Annex A controls cover most of what would be expected in an Information System Audit.

      For further information, see:

    • ISO 45001 - addressing life cycle perspective

      ISO 45001, occupational health and safety management system, does not include life cycle perspective into the requirements like ISO 14001 (environmental management system) does, but it does mention life cycle in the appendix about risks and hazard identification. Here the ISO 45001 standard the appendix talks about including OH&S as early in the life cycle of faculties management as possible (not the life cycle of the product). The second mention of life cycle is regarding hazard in the workplace, and mentions that hazards should be identified during the life cycle of the product through design to delivery, but not post delivery.

      It is important to note that all of this is in the appendix, and therefore is not a requirement to meet but rather further information to help with implementation.

      For more on hazard identification, see the article: How to identify and classify OH&S hazards, https://advisera.com/45001academy/blog/2015/05/14/how-to-identify-and-classify-ohs-hazards/
Page 269-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +