Search results

Clause 7.2.1.3

You asked

"1. If I can not purchase the last version of the method right now, can I use the old one?

For a standard method, this will depend on what changed; as well as your laboratory’s application of the method. You have to consider any risk of staying with the old version by looking at the purpose of the test. You need to consider what you are required to test and report, meaning what decision does you client need to make, based on the result you provide? If you have to provide a statement of conformity and the test has a regulatory requirement, for example tolerances for drinking water, your client may need you to make a pass or fail statement based on the latest standard. If you can verify there was no known methodology change and the table of tolerances are published elsewhere with reference to the new standard, yes in principle you could continue using the old version, until you can purchase the new version.

You then asked

2. If not, what mean of "unless it is not appropriate or possible to do so." in this clause."

For certain methods, the latest version of a standard my include a technique that you cannot implement. In this case, you once again need to look at the significance technically, of staying with the previous version. You could choose to continue with the old version, effectively validating it as your laboratory’s latest valid modified standard method.  Another case where it may not be possible to change to the latest valid standard method, is where the test results are being used for research or academic projects, and the change will not be appropriate (will affect interpretation of project data).

ISO 9001 Question

ISO 9001:2015 structure and logic is based on the PDCA cycle. Please check this article - Plan-Do-Check-Act in the ISO 9001 Standard https://advisera.com/9001academy/knowledgebase/plan-do-check-act-in-the-iso-9001-standard/

You can find more information below:

• How to implement the Check phase (performance evaluation) in the QMS according to ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/11/17/how-to-implement-the-check-phase-performance-evaluation-in-the-qms-according-to-iso-90012015/
• Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

Key technical security safeguards

Mostly depends on the kind of data processing carried on by the controller or the processor (i.e. is it a computer or paper-based data processing?). 

Article 32 GDPR let the controller determine what technical security safeguards to ensure a level of security appropriate to the risk and able to guarantee:

• integrity
• availability
• confidentiality
• resilience of systems

Of course, in computer-based data processing some basic technical security safeguards are:

• antivirus
• antimalware
• access control (with different level of account restrictions)
• two-factor authentication
• the use of a VPN service

The GDPR suggests also to prefer cryptography and pseudonymization of data when possible. Any specific remedy is listed because the aim of the GDPR is to set principles that can resist to technology evolution.

You can find more information here:

• Article 32 GDPR: https://advisera.com/eugdpracademy/gdpr/security-of-processing/
• How cybersecurity solutions can help with GDPR compliance: https://advisera.com/eugdpracademy/blog/2017/11/27/how-cybersecurity-solutions-can-help-with-gdpr-compliance/
• Does ISO 27001 implementation satisfy EU GDPR requirements? https://advisera.com/27001academy/blog/2016/10/17/does-iso-27001-implementation-satisfy-eu-gdpr-requirements/

You can also consider enrolling in our free EU GDPR Foundations Course

• EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

• Guide for dock audit

  There is no CQI or any other manual about the dock audit.

  As you know dock audit is ‘’a quick, final inspection of finished products before they are sealed, boxed, and approved for shipping. It is a visual inspection typically performed by quality control inspectors on the shipping dock of a warehouse shortly before the product is loaded onto a freight truck for delivery.’’

  So, as long as it covers the above topics, you can use your own list of questions.

• Requirements for custom service business to be compliant for ISO 13485

  In ISO 13485:2016 in section 1 Scope is stated that this standard can be equally applicable for both medical device production and related services. This means that instead of production you will describe how you provide your service. Of course, certain documented requirements want to be applicable to you. For example, if you do not provide sterilization process, then requirements (and all applicable documentation) 7.5.5 Particular requirements for sterile medical devices and 7.5.7 Particular requirements for validation of processes for sterilization and sterile barrier systems are not applicable to you. Also, if you have no implantable requirements, then requirement 7.5.9.2 Particular requirements for implantable medical devices is also not applicable to you.

  You have to state all requirements that are not applicable and write a justification for them in the Quality manual.

  For more information structuring ISO 13485 Quality Management System, please see the following article:

  • How to structure Quality Management System documentation according to ISO 13485 https://advisera.com/13485academy/knowledgebase/how-to-structure-quality-management-system-documentation-according-to-iso-13485/

  For more information about ISO 13485 implementation, see following articles:

  • Checklist of ISO 13485 implementation and certification steps - https://advisera.com/13485academy/knowledgebase/checklist-of-iso-13485-implementation-and-certification-steps/
  • Six key benefits of ISO 13485 implementation - https://advisera.com/13485academy/knowledgebase/six-key-benefits-of-iso-13485-implementation/

  • Clarity on the certifying body and the cost for it

    Depending on the industry your organization works on, and countries it operates, some certification bodies will be more relevant than others, regardless of its "popularity" in general marketing.

    This article will provide you a further explanation about certification bodies:

    • How to choose a certification body https://advisera.com/blog/2021/01/11/how-to-choose-an-iso-certification-body/

  • Difference between BCMS and Risk Management System

    How is a BCMS different from a Risk Management System?

    The BCMS objective is to ensure the continuity of delivery of products and services during and after a disruptive event, while the Risk Management System's objective is to identify, analyze, evaluate, and treat risks according to defined organization's criteria.

    These articles will provide you a further explanation about BCMS and risk management:

    • ISO 22301 https://advisera.com/27001academy/what-is-iso-22301/
    • ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/

    These materials will also help you regarding BCMS and risk management:

    • Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/
    • Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/

  • Gantt chart as a project plan for the ISO 27001 project

    Since most of our customers are small businesses, they found the steps defined in the toolkit folders as enough for running a project, and in most cases doing these steps in sequence (without overlapping them) has proved to be satisfactory.

    Unfortunately, we do not have a template for the Gantt chart, but here are some free materials that can help you develop such a document: 

    • Diagram of EU GDPR & ISO 27001 integrated implementation  https://info.advisera.com/eugdpracademy/free-download/diagram-of-eu-gdpr-and-iso-27001-integrated-implementation  
    • Project checklist for ISO 27001 implementation https://info.advisera.com/27001academy/free-download/project-checklist-for-iso-27001-implementation
    • Project checklist for EU GDPR implementation https://info.advisera.com/eugdpracademy/free-download/project-checklist-for-eu-gdpr-implementation

  • Annex SL 27001 or annex A 27001

    Please note that there is no ISO document called "Annex SL 27001". ISO 27001 standard has only one annex, called Annex A.

    The Annex SL is a section of the ISO/IEC Directives part 1 that prescribes how the ISO Management System Standard (MSS) standards should be written.

    Considering that, for network security, you need to use annex A from ISO 27001.

    These  articles will provide you a further explanation about ISO 27001 Annex A and network security controls:

    • A quick guide to ISO 27001 controls from Annex A https://advisera.com/27001academy/iso-27001-controls/
    • How to manage network security according to ISO 27001 A.13.1 https://advisera.com/27001academy/blog/2016/06/27/how-to-manage-network-security-according-to-iso-27001-a-13-1/

    These materials will also help you regarding ISO 27001 Annex A:

    • ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
    • ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

  • ISO27001& ISO22301, GDPR and PCI-DSS

    Thank you for your rely. If I understand the best is to teach them the new rocedures and policies then later on prepare for certify the company.