Search results

Procedures for validation and verification of methods

What are the procedures for validation and verification of methods, how to apply it,

The ISO 17025 toolkit includes the procedure for validation and verification of methods, named Test and Calibration Method Procedure, along with two supporting douments Test Method Development, Verification and Validation Register and Test Method Development, Verification and Validation Record. The techniques for method validation are listed as well as the required records. It is the responsibility of the laboratory to choose the suitable technique, plan experiments, reference sector specific guidelines and meet specific regulatory and accreditation body requirements. The procedure is also available separately at https://advisera.com/17025academy/documentation/test-and-calibration-method-procedure/

what's procedure for personal competence?"

The ISO 17025 toolkit includes the necessary procedure for Competence, Training and Awareness Procedure, were the laboratory defines needs, planning and methods for training and assessment of training results in order to ensure employees are competent. There are also four appendices related to the procedure;  namely the Training Program, Training Record and Performance Monitoring, Record of Attendance and Competence Approval, and Authorization Record. The Competence, Training and Awareness Procedure is also available as a separatel document at https://advisera.com/17025academy/documentation/competence-training-and-awareness-procedure/

You can read more about the ISO 17025 toolkit, preview all the documents, as well as purchase the toolkit at https://advisera.com/17025academy/iso-17025-documentation-toolkit/

Horizontal vs Vertical audit

I cannot provide that kind of answer in this space. However, I invite you to look for book titles about auditing that include the word “process”.

For any process you chose, look into the turtle diagram:

You can audit a process and consider one or more ISO 9001:2015 clause(s) relevant from section 8. But for any process, you can use the turtle diagram and list several other clauses that you can audit:

You can find more information about auditing below:

• ISO 9001 Audit checklist: https://advisera.com/9001academy/knowledgebase/iso-9001-audit-checklist/
• How to create a checklist for an ISO 9001 internal audit for your QMS: https://advisera.com/9001academy/blog/2016/07/12/how-to-create-a-check-list-for-an-iso-9001-internal-audit-for-your-qms/
• Free webinar on demand - How to perform an ISO 9001:2015 internal audit - https://advisera.com/9001academy/webinar/how-to-perform-an-iso-9001-2015-internal-audit-free-webinar-on-demand/(includes a slide about developing checklist questions)

Accreditation for ISO 17025

The ISO 17025 academy provides well-defined instructions, as well as tips via email. Document templates contain an average of twenty comments each, and offer clear guidance for filling them out. For example, square brackets [ ] are used for all fields that must be filled in, as shown in the free Project Plan for ISO/IEC 17025 implementation, available at https://info.advisera.com/17025academy/free-download/project-plan-for-iso-17025-implementation.

For each document, the Purpose, Scope and Users are defined and references provided. Using the Addressing Risks and Opportunities Procedure as an example, all the requirements of ISO 17025 8.5 and 4.1 (Impartiality) are covered within the template, where the procedure covers what must be done. You complete the procedure by stating who is responsible for the tasks, e.g. “Laboratory Manager". As there are often many ways of achieving objectives towards implementation of specific requirements; you can in this example, list the preferred tools and methods your laboratory chooses for assessing and evaluating risks and opportunities. These records can be added in the table provided, alongside the supplied template Registry of Key Risks and Opportunities.

You can download a free ISO 17025 toolkit demo at https://advisera.com/17025academy/iso-17025-documentation-toolkit/ that could provide further understanding.

The Addressing Risks and Opportunities Procedure Is available at https://advisera.com/17025academy/documentation/addressing-risks-and-opportunities-procedure/

Consent of Conference/Online and In-Person Attendees/GDPR

Thank you! Very helpful information. So that I am clear on what you are saying, do you mean that even if we ask the data subjects for a perpetual license that they can still revoke it at any time? So would be be allowed to ask for a perpetual, irrevocable license under GDPR which to me means that they can't rescind their consent?

Classification of information

 1 - What are the types of data that need to be classified?

Answer: For ISO 27001 certification purposes, the type of information to be classified will depend on the information the organization wants to protect, which is defined in the scope of the Information Security Management System (ISMS).

For example, if the ISMS scope is a software development process, developed code is one example of information type that must be classified. If the scope includes the Sales department, customer information also must be classified. Please note that information must be classified regardless if it is in electronic, physical, or any other format.

For further information, see:
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
- Information classification according to ISO 27001 https://advisera.com/27001academy/blog/2014/05/12/information-classification-according-to-iso-27001/

2 - Does each and every physical asset, document, data need to be classified?

Answer: In your Classification Policy you can decide which assets need to be classified, but in general only information assets are classified.

 By information asset, you can understand where information is stored (e.g., a paper report in a cabinet, as an electronic data in a database, as a file in a server or pendrive, etc.), where it is processed (e.g., a payment system), or where it flows (e.g., network equipment).

For further information, see:
- How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/

GDPR & ISO 27001

I attended your webinar on the integration between GDPR and ISO 27001 yesterday, thank you very much.

Is there anywhere you can see what ISO standards it is possible to be certified against? I have been looking but not been able to find it. You said yesterday that it is not possible to be certified against ISO 27701, which is why I am asking.

I am currently doing a thesis as my final paper in Danish Law School and I am writing on GDPR and ISO and how ISO can help demonstrate compliance to GDPR.

ISO 27001 project presentation

As a way of raising awareness about ISO 27001, I suggest you to take a look at this free presentation:

• Why ISO 27001 – Awareness presentation (MS PowerPoint) https://info.advisera.com/27001academy/free-download/why-iso-27001-awareness-presentation

You can adapt the information in this presentation to the material you are thinking to present.

This article will provide you further help about increasing awareness:

• Four key benefits of ISO 27001 implementation https://advisera.com/27001academy/knowledgebase/four-key-benefits-of-iso-27001-implementation/

Implementation of ISO 13485

R&D of medical devices must be conducted under the requirements that are described in the clause 7.3 Design and development of standard ISO 13485:2016. Therefore, it makes sense for your company to implement ISO 13485. However, the scope of ISO 13485:2016 can be only providing the service. In that case, you won't have a description of the production and related documented procedures, rather a description of the Desing and development process and how you provide that service.

For more information on performing design and development validation and verification according to ISO 13485, please read the article at the following link:

For more information on managing the design and development of medical devices, please read the article at the following link: