Search results

ISO 13485 for supplier of microelectronic components

We do supply packaged ASIC (application specific IC) to customer that manufacture medical devices. Our ASICs are not considered medical devices, and we have received ISO 13485 certification. Does this mean that we should also fulfill the requirements of ISO 14971? If yes, how can we evalaute the benefit of our components?

Regarding ISO 13485 clause 4.2.3, is it correct to consider this not applicable since we do not manufacture medical device, and we do not have medical device files?

Are partners classed as individuals?

No, a company cannot be seen as an individual. Although the business is a partnership, it is still a business. Article 1 in GDPR states:

“1. This Regulation lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data.

2. This Regulation protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.”

Thus, the Regulation protects only natural persons

Basic practices to implement in a service desk

Since the primary set of activities of the Service Desk consists of resolving incidents and fulfilling service requests, Incident Management and Service Request Management are some of the primary practices relevant to the Service Desk.

Also, Service Desk practice is important.

I would point out Configuration, Asset, and Knowledge Management from the other practices.

More details about the Service Desk can be found in the articles

“ Desk: Single point of contact“ https://advisera.com/20000academy/knowledgebase/service-desk-single-point-contact/

„Service Desk staff – a window to the IT organization“ https://advisera.com/20000academy/blog/2014/02/18/service-desk-staff-window-organization/

„ITIL Service Desk types“ https://advisera.com/20000academy/blog/2014/05/06/itil-service-desk-types/

Template for ISO27001 Audit program

Thank you for your question.

We answered it through Experta - you can find the answer here: https://experta.com/shared-post/e7443f68-d4e9-4cc1-b42a-43e51b4f99e7

The best way to calculate the carbon footprint

It should be noted that ISO 14001 does not discuss carbon footprint, but only requires that you identify issues and legal requirements that affect the EMS, and ensure you meet them. So, if carbon footprint is an external issue you need to address, or you have a legal requirements around calculating your carbon footprint, then this is not a required part of the EMS.

That being said, if you have a legal requirements on calculating your carbon footprint, and this legal requirement defines how you need to do so, then you should follow this. The same goes for any industry practices around calculating the carbon footprint, so that you can easily compare with others in your industry.

If these requirements do not exist, there is an ISO standard that gives guidelines on how to do carbon footprint; ISO 14067:2018, “Greenhouse gases — Carbon footprint of products — Requirements and guidelines for quantification” which will give some internationally recognized guidance on applying this practice.

For more information please see this article. While this article is about the previous version of this standard, it will give some good information on what the standard is about: What is ISO 14067:2013 and why is it useful for carbon footprint?, https://advisera.com/14001academy/blog/2017/05/30/what-is-iso-14067-2013-and-why-is-it-useful-for-carbon-footprint/

How comprehensive and specific should we describe the implementation methods in SoA?

Thank you for your question.

We answered it through Experta - you can find the answer here: https://experta.com/shared-post/076e2772-3efb-4557-8a6d-9558333d7e5d

Non-mandatory documents

Most of the non-mandatory documents on our website come from our experience in helping organizations comply with ISO 22301. These non-mandatory documents were identified by organizations as being helpful in implementing and operating their BCMS.

For example, ISO 22301 does not require organizations to document how they control documents and records, but having a procedure for that can facilitate communication and keep documents in a default format.   

This article can provide you with further information:

• 8 criteria to decide which ISO 27001 policies and procedures to write https://advisera.com/27001academy/blog/2014/07/28/8-criteria-to-decide-which-iso-27001-policies-and-procedures-to-write/

What do we do when our existing policies do not match Conformio's policies?

In terms of the standard, the question here would be: 
 
"What do we do if our guidelines and Conformio's do not match?"
 
In this case, the customer should choose the document that best complies with the standard. Sometimes the user's document is more strict than the one provided by Conformio, and this is not a problem as the user can upload the PDF version of their own document to Conformio and use it instead of the Conformio template. 
 
An alternative can be that the user includes the link to the page where the document is published in the Conformio template and explains to the customer that if he fulfills the requirements for document management in their Wiki platform it wouldn't be a problem. However, this means they would have to manage updating two different documents (the Wiki page, and the Conformio document), so it might be too complicated.

Teleworking Policy and IT Security Policy

Thank you for your question!

You can do that, but it is advisable that you mark the control that lists the Teleworking Policy as inapplicable in the Statement of Applicability so the step for Teleworking Policy is then hidden.

Risk treatment plan

Thank you for your question.

We answered it through Experta - you can find the answer here: https://experta.com/shared-post/356983f7-e736-474d-b864-81cb855154a8