Search results

Home / Search

Category:
Select
Select

11277 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Determining priority

    It's SLA that defines priority. But,it's not always the case that users (meaning end-users of the service) are aware of the SLA content. So, they should determnine priority while opening an incident and Service Desk should correct it (according to SLA), if needed.

    Here are some more details about prioritization: All about Incident Classification https://advisera.com/20000academy/knowledgebase/incident-classification/

  • Quality Manger and Head of Department

    To answer your question, let’s look at what ISO 17025 requires and the intent behind the requirement. A laboratory needs to actively identify and act on opportunities for improvement in order to increase the effectiveness of the management system, its activities, service to customers and the consistent validity of results. The drive for improvement should be integrated with existing management system activities such as trend analysis of primary quality indicators to support policies, internal and external quality control; as well as the review of processes, customer satisfaction, internal audit results, documents and records, corrective actions and risk assessments.

    To address the need for improvement effectively, a laboratory should

    1. Establish measurable quality objectives (targets)  which are aligned to the strategic direction and policies of the laboratory or organisation. Examples are a) to achieve a 90% percentage customer satisfaction based on the annual survey (minimum 60% response required) and b) to achieve a turnaround time (time from sample submission to reporting) of not more than 3 days, 90% of the time.
    2. Monitor activities that support the strategic direction, policies and quality objectives of the laboratory. Examples are Proficiency testing performance over time; changes in customer satisfaction.
    3. Create a mechanism to identify opportunities for improvement, for example by applying the PDCA (Plan-Do-Check-Act) Cycle for each activity 
    4. Use an Registry of Key Risks and Opportunities to: 
       a) list proposed opportunities for improvement
       b) perform and record a risk-to-benefit measurement (matrix) to determine the best or most suitable opportunities
           to act on
       c) choose appropriate actions to be taken, and review the progress.

    The following articles will provide more guidance:

    The relevant ISO 17025 document templates and their related documents are available stand-alone, or part of the toolkit :

  • ISO 13485 & EU MDR Integrated Documentation Toolkit

    In my opinion, our ISO 13485 & EU MDR Integrated Documentation Toolkit is beneficial when compared to CEN/TR 17223 because in it we have already prepared procedures and templates for all documented requirements from the MDR 2017/745. We have focused on the general obligations of the manufacturer (Article 10) and the conformity assessment requirements (Annexes IX and XI), the same as in CEN/TR 17223. 

    For the preview on the toolkit, please use the following link: 

    ISO 13485 & MDR Integrated Documentation Toolkit https://advisera.com/13485academy/iso-13485-eu-mdr-documentation-toolkit/

  • State of validation

    We just yesterday have published new version of our Toolkit for ISO 13485:2016 where documentation for risk assesment is in accordance with the new ISO 14971:2019. 

    On this link you can see the preview of documents in our toolkit ISO 13485 & MDR Integrated Documentation Toolkit. In this toolkit, risk assesment is prepared according to the ISO 14971:2019. You can check by yourself how does documents from risk assesment are adaot to ISO 14971:2019: https://advisera.com/13485academy/iso-13485-eu-mdr-documentation-toolkit/

     List of notified bodies that are that are in compliance with Medica device regulation (MDR 2017/745) are on the following link: https://ec.europa.eu/growth/tools-databases/nando/index.cfm?fuseaction=directive.notifiedbody&dir_id=34

    You can send us questions for anything you do not understand and we will answer. Also you can schedule a phone call with our expert.

  • Article 12 (3) general data protection

    I would like to inquire the reasons why a time extension is required so that I can have access to my information for 3 months. I requested to view my records as a matter of urgency and understood this would take a month. Now it will take until 17th May 2020. Thank you for your help

     

    You should not wait for three months unless the data controller explained the reasons for such a time frame.

    In fact, the GDPR in the preamble at paragraph 59 states that: "The controller should be obliged to respond to requests from the data subject without undue delay and at the latest within one month and to give reasons where the controller does not intend to comply with any such requests."

    The regulation requires that the rights of access and/or erasure must be guaranteed "without undue delay", which means as soon as possible and at the least within one month.

    You can find more information here:

    Article 15 GDPR: https://advisera.com/eugdpracademy/gdpr/right-of-access-by-the-data-subject/

    Everything you need to know about the GDPR Privacy Notice: https://advisera.com/articles/gdpr-privacy-notice-6-key-elements-to-include/

    This course can also be of help:

    EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

  • ISO 13485 planning related query

    Yes, you can do this records now, but please implement also PQ (performance qualification).

    For more detailes how to manage process validation in the medical device manufacturing industry, please read article in the following link: https://advisera.com/13485academy/blog/2017/09/07/using-iso-13485-to-manage-process-validation-in-the-medical-device-manufacturing-industry/

  • ISMS performance indicators

    I am looking for some references to prepare a document where it will be used as a guide for managing performance indicators, but with an information security bias. They would be indicators for:
    Availability: links, servers, services, etc ...
    Confidentiality: Theft, Fraud, etc ...
    Integrity: Bkp, viruses, etc ...

    If you have material that can support me in the creation of this standard, thank you, also if you have more practical examples of these indicators it helps a lot.

    To build information security indicators I suggest you to see these materials:

    These articles will also help you:

  • Business Continuity Plan for ISO 27001

    ISO 27001 aspects on business continuity process (section A.17 from ISO 27001 Annex A) are related to ensuring the availability of information and information systems during either crisis or disaster situations, so a full Business Continuity Plan is not mandatory for this standard, and you will only need the DRP template included in your toolkit.

    This article will provide you a further explanation about DRP and BCP:

  • Becoming an ISO 27001 auditor

    If your purpose is to perform internal audits in your company, or audits in other organizations on behalf of your company, then the ISO 27001 Lead Auditor certificate is enough. On the other hand, if your purpose is to perform certification audits, the ISO 27001 Lead Auditor certificate is only one of the mandatory elements you need to be qualified as a certification auditor.

    These articles will provide you a further explanation about lead auditor:

  • ISMS and SaaS solutions

    1. How shall I deal with SaaS solutions such as Office365 and Gitlab.com when it comes to controls related to backups and business continuity. I don't think it is feasible to build an on-premise DR site for such a solution.

    ISO 27001 controls identified as applicable to a SaaS provider must be handled by means of contractual clauses in your service agreement with the provider, where you establish that such controls must be implemented by the provider. If you are a small user of such SaaS service, then instead of service agreement you will agree with their terms and conditions which should state which kind of backup they are using.

    Normally SaaS providers have multiple sites and they implement backups and business continuity by mirroring data and operation on these sites (of course, you have to verify which solutions your provider can offer).

    A simple way of backing up smaller amounts of data is to save them on local computers - this is feasible for e.g. MS Office documents produced on individual PCs.

    For more information, see:

    2. Also, do we have to keep a backup of our emails or does it depend on the risk assessment and whether we accept such risk?

    If you had accepted the risks for which backup of your e-mails would be the treatment, then you do not need to implement the backup.

    Please note that backup is a control, and considering ISO 27001, you need first perform risk assessment, which helps you identify which risks need treatment, before deciding if you are going to implement a control or not.

    For more information, see:
Page 439-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +