Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Question on ISO 13485 & MDR

    Dear Kristina,

    Many thanks for your reply, which confirms exactly what I already expected it to be. Unfortunately my supplier "tries" to collect my list of clients in order to get in touch with them directly. Simply because their sales are decreasing worldwide, which can be explained of course, as I have my experience with them for over 10 years. Guidelines have changed in the medical world and in our case not to the benefits of the supplier/manufacturer. And therefore they think they can contact clients better directly...... Imagine. Now they used the argument that I "must" supply them the list of clients because ISO 13485 "demands" this....

    Once more many thanks your cler answers.

     

    Best regardds,

    René van Liemt

    www.arteriograph.nl

     

  • Developing risk and opportunity matrix

    First of all, there is no mandatory requirement in ISO 9001:2015 for a risk management matrix. However, a methodology can definitely help the organization to identify risks and opportunities and plan the necessary actions to effectively address them. 

    The risk and opportunity matrix could be a spreadsheet, a document, a database, but the most common and clear format is usually a table that may include:

    - Description of the risk
    - Type of risk (business, project, stage)
    - Likelihood of occurrence
    - Severity of the risk , that is, the impact that the occurrence of this risk has;
    - Countermeasures or actions carried out to prevent, reduce, or transfer the risk. 
    - Risk status, either is a current risk or is a past risk

    This risk identification should be conducted with the relevant people of your organization and if possible, the relevant parties such as contractors, stakeholders and suppliers. A SWOT analysis can help with this identification, but then you will need to evaluate the level of significance of those risks by applying certain criteria selected by the organization. 

    The following material will provide you information about risk and opportunity matrix: 

    - How to identify risk significante in ISO 9001:2015: https://advisera.com/9001academy/blog/2019/01/14/how-to-identify-risk-significance-in-iso-90012015/

    - How to identify risk controls in ISO 9001:2015: https://advisera.com/9001academy/blog/2019/01/21/how-to-identify-risk-controls-in-iso-90012015/

    - Free online training ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/

    - Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
     

     

  • ISO 14001 clauses and corresponding documents

    I recommend you to learn the requirements of each clause so you will be able to understand what are the documents and records necessary to comply with the standard. Be aware that here are two terms used in ISO 14001 that define the mandatory documents that an organization needs to comply with, the documented information that needs to be retained, which corresponds to mandatory records, and the documented information that needs to be mainated, which corresponds to mandatory documents (e.g. environmental policy and objectives). 

    Here you can find a white paper that explains each clause of ISO 14001:2015 - Clause by clause explanation of ISO 14001:2015: https://info.advisera.com/14001academy/free-download/clause-by-clause-explanation-of-iso-140012015

    In this article you can find the list of mandatory documents and those most commonly used in ISO 14001:2015 - List of mandatory documents required by ISO 14001:2015: https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/list-of-mandatory-documents-required-by-iso-140012015/

    The following material will provide you more information about documentation:

    - How to structure ISO 14001 documentation: https://advisera.com/14001academy/blog/2016/11/28/how-to-structure-iso-14001-documentation/

    - Free online training ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/

    - Book - Managing ISO Documentation: A Plain English Guide - https://advisera.com/books/managing-iso-documentation-plain-english-guide/

  • Annex A

    1. I love your videos. I want to be clear on something. How do the clauses and the Annex A controls work together for ISO 27001?

    In the main part of the standard, clause 6.1.3 d), ISO 27001 requires to select applicable controls based on the result of the risk assessment; on the other hand, Annex A provides a catalog of 114 controls that can be selected to control the risk.

    This article will provide you further explanation about work the standard works:

    2. Please does the workshop explain and takes a person through the implementation process.

    If you are taking the ISO 27001 Lead Implementer Course, then during the workshop you will learn how to manage the project according to the standard ISO 20700. To learn about the implementation steps, see this webinar:

    To get the know-how for the implementation, see this ISO 27001 Documentation Toolkit: https://advisera.com/27001academy/iso-27001-documentation-toolkit/

  • Cryptography Controls

    1. Which areas we need to implement in an organization.

    According to ISO 27001, the application of a control (in your case, the areas where you need to implement cryptography) must be based on the results of risk assessment, applicable legal requirements (e.g., laws, regulations, or contracts), and/or in decision of top management.

    Broadly speaking, areas with identified needs to protect the confidentiality and integrity of communications channels and information, would the most probable areas to implement cryptography control.

    For example, you can use cryptography control to encryption of sensitive data sent over email or through removable media, or to digitally sign a document, ensuring you are the author of the document or that it was not changed.

     For further information see:

    2. Example of encryption and decryption policies.

    To see how an encryption policy looks like, I suggest you t take a look at this free demo: Policy on the Use of Encryption https://advisera.com/27001academy/documentation/policy-on-the-use-of-encryption/

  • IATF 16949 Cl. 4.4.1.2 - Product Safety

    Product safety officer 

  • Leadership requirements

    (I have already done the diagnostic phase, in the implementation part I have made macro improvements to cover the points that the institution does not meet, in a macro improvement I have the leadership part, what can I develop to fulfill the leadership aspects? Taking into account that the process is a printed lottery

    First is important to note that ISO 27001 requirements for leadership are the same regardless of the organization industry and size, so there are no additions or exclusions regarding a printed lottery process.

    Considering that, to cover leadership requirements you must:

    • develop an information security policy and define information security objectives, aligned with business strategies
    • engage personnel around information security initiatives
    • define and communicate responsibilities and authorities for relevant roles to information security

    To see how an Information Security Policy looks like, please see this link: https://advisera.com/27001academy/documentation/information-security-policy/

    These articles will provide you further explanation about leadership requirements:

  • ISO High-Level Structure for standards

    I'm assuming that by HLS you mean "High-Level Structure" adopted by ISO management standards since 2012.

    Considering that, please not that ISO does not have an official position regarding mapping of PDCA improvement model to its management system standards. Since 2012, ISO has excluded explicit reference to PDCA from its management systems, in favor of a more open approach, where organizations can adopt any improvement model that best fits their needs (e.g., DMAIC, 8S, A3/PSP, etc.).

    With this in mind, there is no "correct" answer when mapping clause 7 in the PDCA model. It mostly depends on how you viewing the clause, as a whole or element by element. For example, resources and documented information elements are more related to the "PLAN" step (focus on long term planning), while competence, awareness, and communication are more related to the "DO" step (short term plans and focus on implementation).

    We particularly adopt the approach of clause 7 as a whole and part of the "PLAN" step.

    This article will provide you further explanation about PDCA in ISO 27001:
Page 414-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +