Search results

Home / Search

Category:
Select
Select

11272 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Medical device Auditor

    Medical device auditor first need to know what is auditing process and practice. Usually, this kind of knowledge gets through the education for Lead auditor for ISO 9001 and/or ISO 13485. 

    Then, medical device auditors need to have a background in manufacturing and/or designing certain types of medical devices. This is proved by CV and expert knowledge. Each medical device auditor is specified for certain types of medical devices, there is no any auditor that audits all types of medical devices. 

    Medical devices are divided into codes.

    A list of codes for the EU market that are under Medical device regulation MDR 2017/745 can be found on the following link: https://ec.europa.eu/growth/sectors/medical-devices/new-regulations/guidance_en, look for the document MDCG 2019-14 Explanatory note on MDR codes.

    For USA market, codes for medical devices can be found on the following link: https://www.fda.gov/medical-devices/classify-your-medical-device/product-code-classification-database

    Information about ISO 9001:2015 Lead Auditor Training Course you can find on following link https://advisera.com/training/iso-9001-lead-auditor-course/

  • ISO/IEC 17025:2017 & ISO/IEC 17020:2012 certification

    What dictates the accreditation cycle?

    It is ISO/IEC 17011 Conformity assessment — Requirements for accreditation bodies accrediting conformity assessment bodies that specifies the restriction and criteria for an accreditation body to determine the length of the accreditation cycle. Accreditation bodies must comply with ISO/IEC 17011:2017 and establish separate accreditation schemes (containing rules and processes) within their scope. For example an ISO 17025 scheme and an ISO 17020 scheme. Each scheme has an accreditation cycle which begins at the point of achieving initial accreditation or decision after full reassessment and continues for no more than five years. The criteria is that it must be of a suitable length so that the assessment program can cover sufficient assessments of relevant locations and activities, representative of the scope of accreditation. Typically this cycle is four years or five years for ISO 17025.

    What, if any, requirements are dictated by ILAC?

    ILAC’s role is to not to dictate or regulate but to develop and harmonize the accreditation practices of member accreditation bodies. They produce policy documents and guidelines which provide criteria or interpretation of accreditation criteria, applicable during assessment. For example with reference to the requirements for an assessment of an internal audit program., in ILAC G28:07/2018 Guideline for the Formulation of Scopes of Accreditation for Inspection Bodies (ISO 17020) ILAC state “The inspection body shall ensure that all requirements of ISO 17020 are covered by the internal audit program within the accreditation re-assessment cycle”.

  • Aspects vs hazards

    "ISO 14001:2015 does not define “hazard”. It only mentions “the nature of onsite hazards (e.g. flammable liquids, storage tanks, compressed gasses)”.


    Any organization interacts with the environment. Environmental aspects are the elements of an organization’s activities or products or services that interact or can interact with the environment. Those interactions may take place under normal situations, during startup or stoppage, or during abnormal or emergency situations. Environmental aspects during abnormal or emergency situations may generate particularly significant environmental impacts, environmental consequences. The word hazards are used when significant environmental impacts, significant environmental consequences are a possible outcome.

    You can find more information about the aspects and hazards below:

     

  • Identifying scope and risks

    1.is it mandatory that i should use techniques like SWOT, PESTLE for identifying internal and external issues

    Answer:

    No, SWOT or PESTLE are not mandatory techniques for identifying internal and external issues. They can be useful, but not mandatory.

    2.In Most of the sample QMS Manual i have seen is same that is replica the doubt which i have is ,is it ok if we define the scope by our own?

    Answer:

    Yes, each organization should define its own management system scope

    3.Quality Management System (QMS) Scope of our company defines standardization of processes, QMS equips project team with documented approach that helps in maintaining the quality of work, reduction of rework and cost-effective project execution. This is what I prefer to define for my company/and is it ok?

    Answer:

    I think that it has to be improved. Organizations shall define, document and make available the scope of the QMS, referring to the Products and Services that are provided and identifying the limits of the management system. The scope should clearly describe the type of Products and Services covered by the system and provide sufficient information, preventing the transmission of erroneous or misleading information about what the organization covers in the quality management system and what it is able to provide to its customers. It must be available because it is through the scope that the organization communicates to the relevant interested parties, namely customers and potential customers, the Products and Services it makes available.    

    The following material will provide you information about the scope of a quality management system:

  • Tiempo de implementación

    Para una empresa de 200 empleados, con los recursos apropiados podría tardarse alrededor de 1 año. No obstante, la duración de la implementación de la norma va a depender de varios elementos como:

    - los recursos asignados a la implementación de la norma, tanto en términos económicos como de personal

    - la complejidad del producto o servicio a certificar, o de los procesos dentro de la organización

    - la cantidad de información documentada existente, como procedimientos, instrucciones de trabajo, etc. 

    - el número de localizaciones que tenga la empresa

    - el conocimiento sobre la norma

    Puede calcular el tiempo aproximado que le llevaría implantar la norma aquí - 9001 Implementation Duration Calculator: https://advisera.com/9001academy/iso-9001-duration-calculator/

    También le recomiendo que haga una evaluación de los requisitos con los que necesita cumplir la organización mediante un análisis GAP o de Brecha. Puede utilizar la siguiente herramienta de forma gratuita en nuestra web - Análisis de breha ISO 9001: https://advisera.com/9001academy/es/herramienta-analisis-de-brecha-iso-9001/

    Además estos materiales pueden ayudarle a calcular el tiempo que tardará en implementar la norma en su organización: 

    - Curso gratuito - Fundamentos ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/

    - Libro - Discover ISO 9001:2015 through practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

     

  • ISO 20000 vs ITIL

    ITIL and ISO 20000 complement each other. So, if you have ISO 20000, there is no problem if you start implementing ITIL. Quite contrary, during ISO 20000 implementation you already implemented a lot of processes and related activities that are recommended by ITIL.

     

    This free whitepaper can help you: „ITIL vs. ISO/IEC 20000: Similarities and Differences & Process Mapping“https://info.advisera.com/20000academy/free-download/itil-vs-iso-iec-20000-similarities-and-differences-process-mapping

  • Annex A

    1. ISO 27001 Annexe - I have a question regarding A 14 System acquisition, development, and maintenance. We are a software development company. Does this part apply to software we develop (as a business) or only for internal soft we could develop I mean for internal use?

    The application of this control for customers or internal purposes will depend on the scope of your ISMS. If the ISMS scope covers software development for clients, then you need to include these activities with applicable controls.

    For further information, see:

    2. ISO 27001 A 15 - May I apply this measure to the Critical IT supplier Only? Or should I apply to all suppliers?

    You do not need to apply controls from section A.15 to all your suppliers. You can limit the application only to those for which you have identified unacceptable risks, or to those you have a legal requirement (e.g., law, regulation or contract), demanding the application of the control.

    For further information, see:

    3. In annex A can we justify that we do not choose a measure by saying "company capacity is to light" or things like that?

    Your suggested justification most probably won't be accepted by a certification auditor. A good justification for not choosing a control would be "We do not have unacceptable risks or legal requirements, demanding the implementation of this control." because it covers the two most common reasons to implement a control.

  • Fast-track information risk assessments

    First is important to note that not all persons will give you direct answers about assets, threats, and vulnerabilities. This is because of their backgrounds (e.g., technical or non-technical), and knowledge about information security.

    Broadly speaking, you should consider at least these questions to identify assets:

    • which information you have to deliver? To whom? (this last question will help direct you to the next person you should talk to)
    •  which information you need to do your work? From whom? (this last question will help you map if all relevant persons were already covered)
    • which resources you need to work on? (depending on the role of the person this can lead to general answers, like information system abc, or to a detailed list of assets)

    For identification of threats and vulnerabilities, you should consider these questions:

    • In your opinion, what can negatively affect the information and resources you mentioned? And why?

    In short, the questions have to be focused on the context of the interviewed and form their answer you have to mine the assets, threats, and vulnerabilities.

    As a support tool, if you have experience and knowledge about the process involved, it is to build a checklist with the most common answers and try to validate them with the interviewed.

  • ISO 22301 Communication Plan

    First is important to note that ISO 22301 does not prescribe how a communication plan must be documented, so it is up to the organization to decide if it will be a separate document or not.

    For small and medium-sized organizations we understand that a separated document would increased administrative effort unnecessarily, so information related to communication plan is available in the several templates, for example:

    • Disaster recovery plan, located on folder 07 Business Continuity Plan
    • Activity recovery plan, located on folder 07 Business Continuity Plan
    • Business Continuity Policy, located on folder 03 Business Continuity Policy
    • Incident response plan, located on folder 07 Business Continuity Plan

    In each document information related to communication is defined according to the document purpose.

    For further information, see:

  • Question about PII data

    Even if you have Personally Identifiable Information (PII) in your ISMS scope, ISO 27001 does not require a specific policy for PII to be developed, but you have to verify if any of the laws you identify as legal requirements for your ISMS because of PII requires such a policy. In case any of them requires a policy for PII, you will have to develop one.
Page 413-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +