-
record about Phisical and Electronic correspondance
Hi
In the first "Procedure for document and record control" we have one paragarpahe related to phisical and electronic records
and when i choose for both Excel file the sentece become wired
Each external document that is necessary for the planning and operation of the ISMS must be recorded in the Register of external correspondence in Excel or in the Register of external correspondence in Excel, according to their form. The Register of external correspondence in Excel and the Register of external correspondence in Excel must contain the following information: sender, document name, and date of receipt.
The person who receives such external documents in paper or other physical forms (e.g., through regular mail or as courier parcels) must make a record in the Register of external correspondence in Excel. The person who receives external documents in electronic form (e.g., through email) must record them in the Register of external correspondence in Excel.
hiw can we modify that paragraphe ?
Also when we subscribe and get a quick workshop on getting started with confirmi, the person who present the tool told me that an update will be available wher we can modifiy the documents in a more flexibale way with teh possibility to ad headers and footers like in world
can you tell me when it will be available ?
thanks
Ed
-
Risk level = 4, how to bring the residual risk at zero
Hi,
In Conformio, I’m currently in the Risk Register phase, Treatment step. When both Impact and Likelihood of my risk are set to 2-High (Level set to 4 – Not acceptable), I’m not able to bring the residual risk at zero. It remains at one, even when selecting all suggested risk treatment controls (safeguards). What should I do to bring the residual risk at zero? Or should I rather accept this residual risk of one?
-
Distributor traceability
When it comes to traceability, the AS9100 standard does not give detailed requirements on how to do this, but only says that you need to control the unique identity if that is a requirement, and retain documents necessary to ensure this traceability.
So, as per the standard, your question goes back to what your customer's requirements are. If your customer allows waivers on traceability, then that is acceptable, but if not, then it is not acceptable. As the standard is used by any organization within aerospace, the requirements only describe what needs to be done but need to be supplemented with the customer and legal requirements.
For a bit more on the traceability requirements in AS9100, see the article: How to meet traceability requirements in an AS9100D-based QMS, https://advisera.com/9100academy/blog/2019/06/05/as9100-traceability-requirements-how-to-meet-them/
-
Reviewing incidents in Conformio Management Review
We have the same problem here
-
UPDATE ADDRESS
If you plan to move the department of the system to another address then have to update what records?
Note: Only use the network of the new address, the rest is managed according to the old system.
Thanks!
-
Secure Development policy
There is a paragraph in the Secure development policy which states:
In addition to the risk assessment performed according to the Risk Assessment and Risk Treatment Methodology, Head of RD must perform the annual assessment of the following:
the risks related to unauthorized access to the development environment
the risks related to unauthorized changes to the development environment
technical vulnerabilities of the IT systems used in the organization
the risks a new technology might bring if used in the organization
the risk a new development methodology and/or programming language might bring if used in the organization
the risks related to licensing requirements
The question is, is this assessment to be done in the Risk Register or is it an additional document that needs to be drafted by the Head of R&D?
Thanks
-
Question on large/small business certification
Well, in this case certification will remain with organisation which is certified and not with your contract or with you. Incase there is any process movement to the small business, it should be included as a part of certified scope or managed as a controlled external provider.
-
Confidentiality Statement
We are drafting the Confidentiality Statement through Conformio.
To do this we have downloaded a template which should be edited based on the specific clauses are required in the company.
This document should involve both employees and external parties.
The issue is that we do not have a single document for all. For example for the employees the confidentiality statements are added in the employement letter which also references the employee handbook which has additional clauses, while for third parties there is a specific NDA.
So the question is, how am I supposed to say all this since I have a single template?
Best Regards
-
Edit Risk register
Hi there
We want to edit the Impact and Likelihood fields for certain risks on the Risk Register. How do we do this?
thank you.
-
Temperature mapping of storage areas ISO13485
Yes, you are right when you say that temperature mapping is not mandatory or required in ISO 13485. However, what is required in point 7.5.11 is that the manufacturer must protect the product from alteration, contamination, or damage when exposed to expected conditions during processing, storage, handling, and distribution. If your warehouse is racked and tall or divided (to have more rooms), then temperature mapping is needed to make sure that the temperature distribution is equal, that is, that the products, regardless of where they are located within the warehouse, are stored at the same temperature.
If this is not the case, and your storage is in one room, of normal height, and you can prove that the temperature distribution is equal, then you can justify that temperature mapping is not necessary.