Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11269 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
ISO 27017 and ISO 27018
I'm assuming that by ITU you mean "International Telecommunication Union".
Considering that, ISO 27017 was developed in collaboration with ITU-T and there is a text-based on this standard published as ITU-T. X.1631 (07/2015), so controls from this standard are covered by ITU. Regarding ISO 27018, it only references ITU-T Y.3500, so probably some additional documents may be required (we are not experts on ITU, so we cannot provide a more precise answer).
-
Psychology within the scope of risk treatment and analysis
Psychology within risk treatment is out of our field of expertise, but in a general way, for every risk where the human factor is involved, you should consider means, motivation, and opportunity when analyzing a situation. By elimination of these elements from the situation, you can decrease the risk, and for controls, you should consider:
- definition of roles, responsibilities, and authorities, so people understand what is expected from them (this provide guidelines for the other two practices)
- awareness and training, so people understand why information security is important, the consequences of incidents, and how to perform their activities (this decreases motivation)
- segregation of duties, so a single person cannot perform all required task (this decrease means and opportunities).
These articles will provide you a further explanation:
- How to document roles and responsibilities according to ISO 27001 https://advisera.com/27001academy/blog/2016/06/20/how-to-document-roles-and-responsibilities-according-to-iso-27001/
- How to perform training & awareness for ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/05/19/how-to-perform-training-awareness-for-iso-27001-and-iso-22301/
- Segregation of duties in your ISMS according to ISO 27001 A.6.1.2 https://advisera.com/27001academy/blog/2016/11/21/segregation-of-duties-in-your-isms-according-to-iso-27001-a-6-1-2/
-
Final inspection
Before sending your finished product to customers/clients want kind of control should be done to ensure that specifications are met? What to control? How to control? With what frequency? What should be the sample size? Who will control? Where to record the results?
The following material will provide you more information about inspection:
- Making the best out of ISO 9001 Quality Plan - https://advisera.com/9001academy/blog/2015/12/08/making-the-best-out-of-iso-9001-quality-plan/ Article - How to establish QMS Statistical Process
- Free webinar on demand - Measurement, analysis, and improvement according to ISO 9001:2015 –
https://advisera.com/9001academy/webinar/measurement-analysis-and-improvement-according-to-iso-9001-2015-free-webinar/ - Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
-
ISO 9001 Audit question
I think that the two most common questions during an ISO 9001 audit are.
What is your organization’s quality policy?
What is your work? What are you doing? How do you know what to do or how to do?The following material will provide you more information:
- What questions to expect on the ISO 9001 certification audit - https://advisera.com/9001academy/blog/2016/04/19/what-questions-to-expect-on-the-iso-9001-certification-audit/
- Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
- Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
-
Soil Testing
ISO 14001:2015 in itself has no mandatory requirement about soil testing. Soil testing is mandatory if national legislation requires it, or if internal procedures require it.
You can find more information below:
- How to create an ISO 14001 list of legal and regulatory requirements - https://advisera.com/14001academy/blog/2019/11/04/iso-14001-legislation-checklist-how-to-create-it/
- Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
- Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/
-
Corrective Action Request
Clause 0.5 is to avoid the situation where you start with a quality audit and finish with a nonconformity about taxes, or you start with an environmental audit and finish with labor relations or social accoutability nonconformity
Any auditor, internal or external, should stick to the scope and criteria provided before preparing the audit.
Without knowing in detail your documentation I can think that more focus and attention from auditors and audit program manager about objective, scope and criteria can be enough.
-
Guidelines for complying with ISO 13485 regarding validation and computerized system validation
This basically depends on the type of the medical device that you have and regulations that you need/want to be in compliance with.
In general, in ISO 9001:2015 validation is defined as "confirmation, through the provision of objective evidence, that the requirements for a specific intended use or application have been fulfilled". As for medical devices, validation involves an "assessment by objective means of whether the specified users are enabled to achieve the specified goals (intended purpose) within the specified context of use".
Computer System Validation (CSV) is a documented process of assuring that a computerized system does exactly what it is designed to do. Requirements for validation of computer systems can be found in:
- FDA 21 CFR part 820.70
- FDA 21 CFR part 11.10
- FDA 21 CFR part 11
- FDA Guidance Document regarding Software Validation
- ISO 13485, in chapters 4.1.6, 7.5.2.1 and 8.2.3
- Good manufacturing practice directives
- Guidance to achieve compliant computerized systems (GAMP 5), e.g. regarding the "risk-based approach of testing GxP systems"
For more information on validation, please see following articles:
- Using ISO 13485 to manage process validation in the medical device manufacturing industry https://advisera.com/13485academy/blog/2017/09/07/using-iso-13485-to-manage-process-validation-in-the-medical-device-manufacturing-industry/
- How to establish process validation in the QMS https://advisera.com/9001academy/blog/2017/01/31/how-to-establish-process-validation-in-the-qms/
-
Environmental risk analysis
You can start by determining environmental aspects, determining how an organization interacts with the environment. For example:
Determining risks and opportunities of an organization, according to ISO 14001:2015, is based on its environmental aspects, compliance obligations, and context and interested parties.
For example, concerning environmental aspects we can have:
Since organizations have to consider the lifecycle of its products and services, do not forget to consider risks and opportunities around your products and services during use or final disposal.
For example, consumers may not follow your instructions about disposal.
Please check risk definition (3.2.10) on ISO 14001:2015 (effect of uncertainty). With environmental aspects and impacts we are considering normal, expected situations, like startup and closing down operations, but also abnormal and emergency situations. Whenever there is uncertainty there is risk or opportunities, there is a potential deviation from the expected.
About determining risks based on environmental aspects and compliance obligations I see that different organizations follow different approaches:
1. There are organizations that determine their environmental aspects and use a risk and opportunities assessment to determine its significant environmental aspects. (Please see the end of the second paragraph of Annex A.6.1.1 of ISO 14001:2015)
2. There are organizations that determine their environmental aspects evaluate them and determine the significant ones and use a risk and opportunities assessment to determine which ones need an action plan, and which ones need only to be monitored.
3. There are organizations that only apply the risk-based approach to the context part. In a certain way they are following the same approach as 1 without explicitly mentioning it.
Please check this information below with more detailed answers:
- Environmental aspect identification and classification - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/environmental-aspect-identification-and-classification/
- Catalogue of environmental aspects - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/catalogue-of-environmental-aspects/
- How does product life cycle influence environmental aspects according to ISO 14001:2015? - https://advisera.com/14001academy/blog/2016/03/21/how-does-product-life-cycle-influence-environmental-aspects-according-to-iso-140012015/
- Risks and opportunities in ISO 14001:2015 – What they are and why they are important - https://advisera.com/14001academy/blog/2016/03/07/risks-and-opportunities-in-iso-140012015-what-they-are-and-why-they-are-important/
- Free webinar - ISO 14001: Identification and evaluation of environmental aspects - https://advisera.com/14001academy/webinar/iso-14001-identification-and-evaluation-of-environmental-aspects-free-webinar-on-demand/
- ISO 14001 document template: Procedure for Identification and Evaluation of Environmental Aspects and Risks - https://advisera.com/14001academy/documentation/procedure-for-identification-and-evaluation-of-environmental-aspects/
- Enroll for free in this course – ISO 14001:2015 Lead Auditor Course - https://advisera.com/training/iso-14001-lead-auditor-course/
- Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/