Search results

Home / Search

Category:
Select
Select

11272 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Required reference documents for EU GDPR & ISO 27001 Integrated Documentation Toolkit

    If your question was about templates for policies and procedures for Annex A controls, our EU GDPR & ISO 27001 Integrated Documentation Toolkit contains more than 30 templates for such documents - you can find them in folder "14 Security controls".

    If your question was about the text of the ISO 27001 standard and its Annex A, unfortunately we are currently not authorized to sell ISO standards - you can purchase it here: https://www.iso.org/standard/54534.html

    This book will provide you a quick explanation of the controls:

    • ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/

    • When is a good time to implement ISO 9001

      Please check these articles about the benefits of implementing a QMS - Six Key Benefits of ISO 9001 Implementation - https://advisera.com/9001academy/knowledgebase/six-key-benefits-of-iso-9001-implementation/ and What are the benefits of ISO 9001 for your employees? - https://advisera.com/9001academy/blog/2016/06/14/what-are-the-benefits-of-iso-9001-for-your-employees/ - Can your organization benefit from implementing ISO 9001? For example, would it bring more credibility?

      An organization with 4 employees can design a very light, a very practical QMS.

    • Do we need ISO 17025 certification to certify the freezer?

      You asked 

      Do we need that certification to certify the freezer?"

      I assume you are referring to your company having ISO 17025 accreditation (it is not certification)? It depends on the customers needs. 

      The requirement that could be applicable to your situation is that the client needs the performance of the device verification to be done by an ISO 17025 accredited laboratory. In that case, the accredited laboratory would have to be accredited for the specific scope (type of test) they require. There are various ISO and National standards and regulations related to fridges and freezers, depending on their purpose. For example, the National Health regulator could have requirements for storage and monitoring conditions for vaccines. There is difference between certifying the performance of a device on manufacture (technical specification) to assure stability and verifying and monitoring the operational performance. For example refer to WHO requirements https://apps.who.int/immunization_standards/vaccine_quality/pqs_catalogue/categorypage.aspx?id_cat=17 The customer must clarify exactly what they need.

      Different vaccines require different storage conditions, provided by the vaccine manufacturers provide recommended storage temperatures for their products.

      Regarding the tests performed and the certificate of calibration, see the CDC requirements as an example, at https://www.cdc.gov/vaccines/hcp/admin/storage/toolkit/storage-handling-toolkit.pdf

      For ISO 17025 calibration report requirements, refer to the ISO 17025 document template: Calibration Report and Certificate Requirements Procedure at https://advisera.com/17025academy/documentation/calibration-report-and-certificate-requirements-procedure/ 

    • Annex A controls to be applied while mitigating GDPR related risks

      In general, there are no "GDPR-related risks", there are only risks related to confidentiality, integrity and availabilty of personal data.

      To answer your questions:

      1) Can you advise which of the Annex A controls are to be applied while we try to mitigate GDPR related risks?

      Answer: Article 32 (Security of processing) of GDPR requires the following safeguards to be implemented:

      • Risk management - ISO 27001 clause 6.1
      • Encryption - ISO 27001 section A.10
      • Ability to restore the availability - ISO 27001 section A.17
      • Access control - ISO 27001 section A.9
      • Regular testing, assessing and evaluating the effectiveness - ISO 27001 clause 9.2 (Internal audit)

      Further, GDPR Articles 28, 32, 33, 34, 39 and 82 require the following:

      • Relationship with suppliers / processors - ISO 27001 section A.15
      • Handling incidents / data breaches - ISO 27001 section A.16
      • Training and awareness - ISO 27001 clauses 7.3 and 7.4; control A.7.2.2
      • Ensuring confidentiality, integrity and availability - this is basically the whole ISO 27001 standard

      You can find more information in this free webinar: How to integrate GDPR with ISO 27001 https://advisera.com/eugdpracademy/webinar/how-to-integrate-gdpr-with-iso-27001-free-webinar-on-demand/

       

      2) Also, do we have any other Annex for GDPR related risks controls?

      Answer: ISO 27001 does not have some other Annex that would cover privacy nor GDPR, however ISO 27701 standard covers privacy management in more details - here's some info: Relationship between ISO 27701, ISO 27001, and ISO 27002 https://advisera.com/27001academy/blog/2019/12/10/relationship-between-iso-27701-iso-27001-and-iso-27002/

    • ISO 14001 risks and opportunities management plan

      About risks and opportunities in ISO 14001:2015 I recommend reading Annex A.6.1.1. What does your organization want from the environmental Management System (EMS)?

      https://www.screencast.com/users/ccruz5284/folders/Default/media/251ea67c-cd40-4465-908e-14cddbd60f16

      How is this done? With a set of action plans:

      https://www.screencast.com/users/ccruz5284/folders/Default/media/bf850849-e208-4f95-bb58-93fba4685729

      Risks and opportunities are:

      https://www.screencast.com/users/ccruz5284/folders/Default/media/eade82e8-3d97-44e1-93b5-6ad8100ed605

      What A6.1.1 tell us is:

      • Look into your list of environmental aspects, which can create risks and opportunities. Your significant aspects can generate significant impacts and those can be seen as risks and opportunities
      • Look into your list of compliance obligations, are there risks of failing to comply, or opportunities to be better than compliance obligations?
      • Look into your context and interested parties, which can create risks and opportunities? For example, trends in environmental legislation, trends in neighborhood or client’s sentiment about your organization’s environmental performance.

      Determining environmental aspects is determining how an organization interacts with the environment. For example:

      https://www.screencast.com/users/ccruz5284/folders/Default/media/9800c317-84db-4a4f-b6db-741f0dc6576d

      Determining risks and opportunities of an organization, according to ISO 14001:2015, is based on its environmental aspects, compliance obligations, and context and interested parties.

      For example, concerning environmental aspects we can have:

      https://www.screencast.com/users/ccruz5284/folders/Default/media/41f52d5c-bdf7-4fad-b0bd-057c24a5634a

      Since organizations have to consider the lifecycle of its products and services, do not forget to consider risks and opportunities around your products and services during use or final disposal.

      For example, concerning compliance obligations, and context and interested parties we can have for example, the above organization can realize that neighbors (an interested party) are pressuring local authorities to not allow its expansion (an external issue) due to non-compliance with wastewater discharging legislation (compliance obligations) translated into river pollution.

      Please check risk definition (3.2.10) on ISO 14001:2015 (effect of uncertainty). With environmental aspects and impacts we are considering normal, expected situations, like startup and closing down operations, but also abnormal and emergency situations. Whenever there is uncertainty there is risk or opportunities, there is a potential deviation from the expected.

      Please check this information below with more detailed answers:

    • ISO 14001 implementation benefits

      A – An EMS according to ISO 14001:2015 requires environmental objectives, requires environmental indicators, requires having a clear picture of the interaction with the environment through a register of classified aspects and impacts, requires having a clear sense of environmental compliance obligations and its status. All these issues help management take decisions based on facts.

      B – An organization with an EMS according to ISO 14001:2015 monitors, controls and communicates its environmental performance. Communication brings more transparency, and more transparency brings more trust.

      C - An EMS according to ISO 14001:2015 keeps an updated register of environmental aspects and impacts.

      D – I don’t know what precise meaning you attribute to “Social security”. So, I translate that into: An EMS according to ISO 14001:2015 can reduce environmental insurance fees, can make an organization more attractive to potential employees that value the environment issue.

      E - An EMS according to ISO 14001:2015 can help organizations win customers and clients that value the environmental issue and can help organizations in being more efficient by focusing attention on reducing environmental costs and higher yields.

       

      Please check below more information:

    • Is ISO 27001 applicable to community non-profit with regards to ensuring continuity?

      Yes, ISO 27001 is applicable to any type of organization (for profit or non-profit), any size of the organization, and any industry.

      You can find more information in this article: What is ISO 27001 https://advisera.com/27001academy/what-is-iso-27001/

      To learn more about this standard, you'll find useful this free online training: ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

    • Design master file

      There is no direct requirement that the design master file must have control numbers, revision, and similar. However, in ISO 13485:2016 in requirement 4.2.4 Control of documents is stated that all documents required by the quality management system must be controlled; and that that control includes the following: review and approve documents for adequacy prior the use; ensure that current revision status of and changes to documents are identified; prevent deterioration or loss of documents, and prevent the unintended use of obsolete documents and apply suitable identification to them. 

      Since the Desing master file is part of the quality management system, then this also applies to that file. 

      For more information what are common mistakes with ISO 13485:2016 documentation control and how to avoid them, please see the following link:

Page 278-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +