Search results

21CFR-820 vs ISO13485 Quality management systems

This depends on what is required by the national or market regulation. If your requirement is to use ISO 13485, then you can use your own QMS but with added elements that are specific to ISO 13485. So, adapt your QMS with particular requirements from ISO 13485.

Re-certifying

Please note that you can recertify against ISO 27001:2013 latest by the end of October this year. After this recertification, you can choose when to transition to the 2022 revision - you can do it during your surveillance audit in 2024, but latest during the surveillance audit in 2025.

Uncertainty calculation

The requirements for laboratory will depend on the type of testing or calibrations your perform. For more information, have a look at my previous answers to the same topic questions. These are at https://community.advisera.com/topic/calculating-uncertainty/ and https://community.advisera.com/topic/meas-of-uncert-budget-pipette/

Filter Placement- EMS role on it

I think that there may be different answers as a function of the specific situation.

You determined environmental aspects and impacts. Then, you evaluated their significance and concluded that the situation needs to be improved. (Clause 6.1.2)
 
So, something needs to be done to improve current situation. Someone, or a group may study different alternatives and conclude that using a filter will be the best solution. Next steps are about what needs to be done to finance, acquire, install, and text the solution. (Clause 6.1.4)
 
Answering your question this is done at the planning stage.

Antivirus and MacBook Pro

First is important to note that ISO 27001 does not prescribe technical details for the implementation of Annex A controls.

Second, in terms of controls, compliance with ISO 27001 will depend on the results of the risk assessment (i.e., depending on the results, some controls may not be applicable).

Considering that, a suggested approach to support decision-making is to consider which platform treats more relevant risks you have identified in your risk treatment.

For further information, see:

• Risk treatment https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#treatment

• How to register to work in cyber security?

  If you are looking for ways to start working in cybersecurity, the best approach would be to look for cybersecurity opportunities on professional social networks like LinkedIn, ISO 27001 security group on Google Groups. You can also go for certificates like ISC2 or ISACA, or ISO 27001 courses https://advisera.com/training/iso-27001-courses/

• Attributes Table in 2022 version

   Please note that “attributes” are defined in ISO 27002, which application is not mandatory for implementation of ISO 27001.

  ISO 27002 is a supporting standard that provides guidance for the implementation of ISO 27001 Annex A controls, and the attributes’ purpose is to help organizations sort controls according to specific criteria:

  • Control types: Preventive, Detective, and Corrective
  • Information security properties: Confidentiality, Integrity, and Availability
  • Cybersecurity concepts: Identify, Protect, Detect, Respond, and Recover
  • Operational capabilities: Governance, Asset Management, Information protection, Human resource security, Physical security, System and network security, Application security, Secure configuration, Identity and access management, Threat and vulnerability management, Continuity, Supplier relationships security, Legal and compliance, Information security event management, and Information security assurance
  • Security domains: Governance and ecosystem, Protection, Defense, and Resilience

  For example, if an organization’s control implementation strategy is to consider a “type” approach, then the attribute can help the organization identifies which controls have a preventive approach.

  For further information, see:

  • Main changes in the new ISO 27002 2022 revision https://advisera.com/27001academy/blog/2022/01/30/main-changes-in-the-upcoming-new-version-of-iso-27002/

• Sterilization need

  No, these products do not need to be sterile, nor the packaging material. What you can take into account is to make the production space a clean room area to ensure that the area for production is completely clean and safe for the product.

  More about clean room standards you can find here: https://www.iso.org/standard/53394.html

• ISO 9001 - Rules for hiring and onboarding new staff

  When hiring and onboarding staff for a role relevant to the QMS (please check ISO 9001:2015 clause 5.3) an organization must ensure that this person is or will become competent to perform the role. For example, in this webinar, Free webinar on demand - The Process Approach - What It Is, Why It Is Important, and How to Do It - https://advisera.com/9001academy/webinar/iso-9001-process-approach-free-webinar-on-demand/, after the 29th minute, I show how the process approach helps to respond to clause 7.1.6 of ISO 9001:2015, to determine the competence requirements of each role. So, when onboarding a particular person you have to compare her actual experience, education and training, with the competence requirements for that role, you follow clause 7.2 of ISO 9001:2015. From that comparison a training plan can be developed to work on that person’s competence.

  Other sources that you can use are:

  • How to ensure competence and awareness in ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/how-to-ensure-competence-and-awareness-in-iso-90012015/
  • How to measure training effectiveness according to ISO 9001 - https://advisera.com/9001academy/blog/2016/03/29/how-to-measure-training-effectiveness-according-to-iso-9001/

• Shift handover report

  According to IATF 16949 standard, 9.2.2.3, while the production process is being audited, each shift should be audited and the shift change should be sampled and the relevant evidence should be written in the audit report.

  The main issues to be looked at and recorded during the shift change may be the following.

  • Communication with the new shift, transfer of problems
  • How the new shift commissioned the product and production process
  • How to do the checks at the beginning of the shift
  • Ongoing production plan
  • General cleanliness status, etc...

  It would be better if the above-mentioned issues were written in the audit report as evidence.