Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11277 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Access Control Policy - Managing Records
Hi All,
I'm drafting the Access Control Policy in Conformio.
At chapter "4. Managing records kept on the basis of this document" it asks for the management of 2 types of Records.
one is quite clear, it demands the management of an Access Control Review register.
The second one instead is not totally clear to me, what I don't fully understand is if we need to keep a register for only tracking the privileges (access rights granted to roles or users that usually wouldn't have them) or if we need to track every single access given to all the employees on all the used applications.
Can someone suggest what should be tracked?
Thanks in advance
Best Regards
Igor
-
Access Control Policy - Map Job titles to User Profiles
I am drafting the Access Control Policy in conformio.
In the section 3.2, I initially have drafted the User profiles, Applications and access rights for each SW that we are using.
Then I need to map the User Profiles to the job Titles.
The question is: When mapping the Support Administrator profile, can I simply map to the Job title "mid management" or do I need to specify Support Mid Management?
What I mean is that it is obvious that the Support software administration will never be assigned to the HR Mid management, but do we need to be specific when drafting the mapping between a User Profile and a Job Title?
Will an auditor accept a high level definition?Thanks
Best Regards
Igor
-
Access Control Policy
Hi All,
I am drafting the Access Control Policy in Conformio.
In the document there is a section in which I need to map the job titles to the user profiles.
My issue is that for some of the applications that we are using there are a set of pre-exisintg user profiles like for example Light Agent or Standard staff for which we do not have any users assigned to them.
In this case should I simply not list them in the Definition of User Profiles or should I list them to state their existence but when doing the mapping with the job titles say something like "No currently Job Title assigned to the profile"
Thanks in advance.
Best Regards
Igor
-
Audit Question Stage 1 with FDA compliance
I recently had a client going through Stage 1 and the registration auditor commented on their procedures containing a reference to the CFR 820 as it pertains to their organization as a Distributor and a Servicer. They also were told they need to take an exclusion to Medical Device Reporting, it is not a requirement for a third party servicer, however it is required they have a documented process to record any adverse reporting. The auditor suggested this leaves them open for a more in depth "Audit". However - they distribute, install, service and repair the medical device. FDA would most likely audit this procedure if they were to come to their facility. Has anyone ever had an auditor from the registrar comment on this? -
Project Plan
Do I have to put phone numbers and email address into the project plan I have left them blank and it is not allowing me to move forward?? -
Measurement Uncertainty for 17025 Accreditation
Excellent
-
Collated Nonconformances
The responsibility for addressing internal audit non-conformances for each clause in ISO 9001:2015 will typically fall on the employees or teams directly involved in the process or area where the non-conformance occurred. This may include process owners, quality assurance personnel, or designated individuals responsible for investigating and resolving non-conformances. The specific individuals responsible for addressing non-conformances will vary depending on your organization's structure and processes.
-
Question about ITIL Documentation
Although suited for ISO 2000 implementation, our free ISO 20000 GAP analysis tool can help you start your assessment. It contains many common elements with ITIL and you can find it here
ISO 20000 Gap Analysis Tool https://advisera.com/20000academy/iso-20000-tools/iso-20000-gap-analysis-tool/
-
ISO 13485 for supplier of microelectronic components
We do supply packaged ASIC (application specific IC) to customer that manufacture medical devices. Our ASICs are not considered medical devices, and we have received ISO 13485 certification. Does this mean that we should also fulfill the requirements of ISO 14971? If yes, how can we evalaute the benefit of our components?
Yes, ISO 14971 is mandatory for anybody who implements ISO 13485 according to the requirement 7.1 Planning of production. If your risks after implementing control measures are acceptable, then calculating the benefit /risk ratio is unnecessary.Regarding ISO 13485 clause 4.2.3, is it correct to consider this not applicable since we do not manufacture medical device, and we do not have medical device files?
No, points from requirements 4 and 5 are not possible to state as non-applicable. For you, it is enough to prepare a file where you will put some kind of specification and/or code. Nothing else is necessary for your type of product. -
Are partners classed as individuals?
No, a company cannot be seen as an individual. Although the business is a partnership, it is still a business. Article 1 in GDPR states:
“1. This Regulation lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data.
2. This Regulation protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.”
Thus, the Regulation protects only natural persons