Search results

Home / Search

Category:
Select
Select

11272 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Certificate of calibration

    I understand from your question that a calibration certificate was not received. The answer is no, a receipt cannot be used in place of a calibration certificate. ISO 17025 has specific requirements for the suitability of equipment and its calibration. The laboratory must ensure that equipment conforms to specified requirements. Evidence that equipment can perform as required may, depending on the equipment, be a specific qualification or verification process which may be provided in some part by the provider. The laboratory needs to verify this post installation, on your site. If the use of your equipment is to establish the metrological traceability of reported results or if the validity of the reported results is affected by measurement accuracy and or uncertainty, then you need calibration and a calibration certificate which meets ISO 17025 requirements of for calibration reports.

    The following articles will provide further information related to equipment and calibration

    The relevant ISO 17025 document template, Equipment and Calibration Procedure, as well as a list of related documents, is available for download at https://advisera.com/17025academy/documentation/equipment-and-calibration-procedure//

  • Legal basis and contracts

    It depends on the purposes of data processing. If the data processing is related to give execution to the contract, article 6, paragraph 1, letter b GDPR, states that the processing is lawful under GDPR when "processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract".

    Of course, this is limited only to the performance of the contract. You must inform the data subject about data processing by providing your privacy notice. You may need consent form even if you are working on the contractual legal basis if your data processing purposes go beyond the contract (i.e. marketing purposes).

    You may find some useful information here:

    You may also consider taking our free Foundation GDPR Course: https://advisera.com/training/eu-gdpr-foundations-course// 

  • ISO 9001 and remote audits

    Thanks

  • Bar codes under MDR

    In MDR, Chapter III - Requirements regarding the information supplied with the device it is stated that all labels for medical devices must be provided in a human-readable format and may be supplemented by machine-readable information, such as radio-frequency identification (‘RFID’) or bar codes.

    In ANNEX VI – Information to be submitted upon the registration of devices and economic operators, in Part C are guidelines on how to implement bar code in UDI number.

    There are also several guidelines from the Medical device coordination group (MDCG) showed in the table:

    MDCG 2018-1 v3                Guidance on basic UDI-DI and changes to UDI-DI

    MDCG 2019-1                     MDCG guiding principles for issuing entities rules on basic UDI-DI

    MDCG 2019-2                     Guidance on application of UDI rules to device-part of products referred to in article 1(8), 1(9) and                                                1(10) of Regulation 745/2017
    MDCG 2018-2                     Future EU medical device nomenclature - Description of requirements

    Link to this table and all guidelines is: https://ec.europa.eu/growth/sectors/medical-devices/new-regulations/guidance_en

     

    For more information, see the following article: 

    EU MDR – Easy-to-understand basics https://advisera.com/13485academy/what-is-eu-mdr/

  • FAI vs Design Validation?

    FAI is referenced in clause 8.5.1.3 of AS9100 Rev D as an equivalent to “production process verification”. That is because the FAI process does a lot more than just validate the design, it verifies that all the processes, documentation and tooling utilized to create the first product are working properly to meet the design requirements. The FAI gives you a “line in the sand” stating, when everything was set up in this manner the product created meets the requirements. Design validation is making one article to show that the design can work.

    In answer to your question, though, this greatly depends on how your customer has defined the FAI and design validation requirements. The FAI does show that the design works, but it also shows much more and a failure in FAI might be due to other situations in the processes and could give a false negative of your design validation. However, if your customer accepts this as a design validation then it could be acceptable.

    Find out more on FAI in the article: How does First Article Inspection fit into AS9100 Rev D?, https://advisera.com/9100academy/blog/2017/11/07/how-does-first-article-inspection-fit-into-as9100-rev-d/

  • Certification of IT Service Provider

    Thank you for the response

  • Data deletion request

    I have a question regarding a data deletion request -  once we delete all the data do we need to inform the data subject that the deletion has been done? Is there an official form that we need to send the data subject? Or anything we should do or be aware of?

    Yes, according to article 19 GDPR the data controller must inform the data subject of erasure of data, which must be carried out, according to article 17 GDPR, "without undue delay".

    The GDPR does not require a specific form for communication of erasure, however, we developed a template that you can find here.

    EU GDPR document template:Confirmation for Erasure of Data:  https://advisera.com/eugdpracademy/documentation/confirmation-for-erasure-of-data/

  • Classification policy

    ISO 27001 does not prescribe how to built the inventory of assets, so organizations are free to build them the best way to fulfill their needs. In cases like this, you can group files per type (i.e., files that share similar risks), and include only the type as an asset the inventory of assets. For example, you can have an asset called "customer contracts", and others like "project specifications".

    This article will provide you further explanation about inventory of assets:

  • Risk owner

    1. I'm trying to find out who the risk owner would be for a technical risk (one of the nine from the STEEPCOIL)

    I'm assuming that by STEEPCOIL you are referring to the acronym to Social, Technical, Economic, Environmental, Political, Commercial, Organizational, IT & Legal, used to grouping risks and opportunities.

    Considering that, please note that ISO 27001 does not prescribes who the risk owner must be, so you can define any role you see fit. The concept adopted by ISO 27001 to risk owner is the one with the accountability and authority to manage a risk, i.e. the one who is both interested in resolving a risk, and with enough authority to do something about it.

    For example, an asset owner of a server might be the IT administrator, and a risk owner for risks related to this server might be his boss, the head of the IT department.

    For further information, see:

    2. With regards to the risk categories, do you know which one a power surge or a loss of power would fall under?

    Considering common definitions used for STEEPCOIL: the most adequate category for power surge and loss of power would be organizational risks because it covers risks related to structure and ownership assets responsible for the establishment and operation of a process facility (e.g., a power plant, or electricity company).

  • ISO 9001 application in Information technology

    Currently I’m working with an Information Technology company. Let me explain the core of the quality management system:

    Main processes, main sets of activities:

    1. Develop service (development of an application from scratch, development of new modules for current applications, development of new attributes for current applications)
    2. Promote the organization
    3. Promote service (commercial activities)
    4. Implement service (implement the application at customer facilities, customize application, train users, monitor initial operation, make corrections)
    5. Support the operation (local or remote client support during use of the application by customers)
    6. Acquire resources (buying know-how, buying materials and components) 

    Comparing with ISO 9001:2015 clauses we have:

    1. 8.3
    2. 8.2
    3. 8.2
    4. 8.5; 8.6 and 8.7
    5. 8.5; 8.6 and 8.7
    6. 8.4; 8.6 and 8.7

    Please check this article about the main steps to implement a QMS according to ISO 9001:2015 requirements - Checklist of ISO 9001 implementation & certification steps - https://advisera.com/9001academy/knowledgebase/checklist-of-iso-9001-implementation-certification-steps/ - step 3 is where you define the borders of the QMS

     
Page 429-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +