Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Manufacturing of medical devices

    Monitoring temperature and humidity at warehouse (plasti granules/polymers) depends on the symbols that are on the packaging of plastic granules. If there is a symbol for temperature range specifically stated (eg. 5-30C), than you need to monitor temperature. If there is no such a symbol, you are not obliged to monitor this elements. According to the ISO 13485:2016 clause 7.5.11 Preservation of product, you must protect your material from alteration, contamination or damage when exposed to expected conditions. 

    We have a procedure for Warehouse in our toolkit. The content you can see on the following link: 

    https://advisera.com/13485academy/documentation/warehousing-procedure-iso-13485-2016/

  • ISO 17025 questions

    In responding to your comments and questions, I assume that the requirement will be accreditation to ISO 17025 as a testing laboratory, not a calibration laboratory. As an overall comment for clarity, calibration is always a requirement when checking equipment used in a Quality Managed process. Calibration laboratories require accreditation to ISO 17025, whilst not all testing laboratories require accreditation to ISO 17025. If however, the service you are offering does not involve you performing calibration, legislation or a specific standard may require your facility to be accredited as a Verification laboratory. In this case it is not to ISO 17025, but accordance with a recognised National Standard, where the accreditation demonstrates technical competency for that Standard  - a defined scope and the operation of a laboratory quality management system; not specifically ISO 17025. In trade arenas where there is no legal requirements (not legal metrology) an ISO 9001 management system and accreditation against an industry specific standard is sometimes accepted by the trade association. 

    You asked 

    1. IS this even possible with a 1 man operation? It seems like several processes require a few staff. Things like management structure, training documentation, impartiality...

    ISO 17025 is suitable for any size laboratory. It is therefore possible the implement ISO 17025 for a single person operation. This is achieved by addressing the risks of your facility and safeguarding impartiality. By addressing these, you are justified to modify and simplify processes. You simply state this upfront. When the operations are straight forward, the processes and documents can be simplified within a management system.

    2. Our scope is extremely limited, and there really are no datapoints, 99% are pass fail criteria based on interpretation. 

    How do we handle stuff like proficiency? Our 17025 scope would be ANSI/an accredited furniture testing standard furniture testing standards, a minimum of 2, maximum of 6, and they are all composed of the same procedures...

    Meeting the requirement of ISO 17025 to ensure the quality of test results is confirmed by the accreditation body which will audit your facility and grant your facility accreditation. Here practical restrictions are taken into account and other comparison means are accepted, by agreement. I suggest you contact your accreditation body and obtain their rules for Proficiency Testing and other Comparison Programme Requirements for ISO 17025 accredited facilities. Here again, the documented procedure and records can be customized accordingly. 

    In reply to your question 3 and 4, we do not offer accreditation services. I recommend you contact your chosen accreditation body for their policies and procedures.

    For more information, have a look at previously answered topics

    You can also download the free demo: ISO 17025 Documentation Toolkit https://advisera.com/17025academy/iso-17025-documentation-toolkit/

  • Data Protection Regulations

    Yes, the first bullet point refers to services provided by the Charity to its members (i.e. soup kitchen, health assistance and so on), while the second bullet point refers to people working in the Charity either as volunteers or staff.

  • Transferring data between two databases in two different companies.

    You should first assess if the Canadian company applies GDPR to its data processing (i.e. the company processes data of EU individuals). In this case, no further measure shall be taken because GDPR allows the transfer of data inside the GDPR space.If the company does not apply GDPR, then it is required a written data transfer agreement between the two companies.

    The data transfer agreement should reflect the standard contractual clauses as adopted by the EU Commission. These clauses are required to transfer data outside the EU providing sufficient safeguards but adopting it to import data from the Canadian company can help the Scottish company to demonstrate its accountability to GDPR principles.

    GDPR is technology-neutral, so you can select the safest way to transfer those data among the two companies.   You can find more information about data transfer here:3 steps for data transfer according to GDPR: https://advisera.com/articles/3-steps-for-data-transfers-according-to-gdpr/ 

  • ISO 27001 2019 review

    Please note that ISO 27001:2013 was last reviewed and confirmed in 2019, so the 2013 version remains current, without alterations, and the list of mandatory documents in this article is still valid.

    For more information, please access this link: https://www.iso.org/standard/54534.html

  • Assignment of documents

    Considering your folder structure, I'd suggest that you create an additional folder called "Annex A -Security controls", like the one you have in the toolkit and include policies and procedures there. You can create this folder either as folder 11 or as a subfolder in folder 8.

    Please note that ISO 27001 does not prescribe how to organize the documents, so you are free to organize them the best suit you.

  • ISO 9001 / Risk register

    Conducting a SWOT analysis with the relevant people of the organization is the simplest solution when identifying the risks together with a register of the risks found, which is non mandatory document but helps to keep track of the risks and if the actions taken have been successful.

    To make this analysis easier you can analyse the risks process by process with the heads of each department who are the ones that better know the activities carried out. In addition, writing a procedure can be also helpful, so everyone follows the same way of identifying and assesing those risks. The register also should be a document as easier as possible to complete, for example, you can include the source of the risk with a description of that risk and actions taken to address it. Make sure everyone understands the procedure before going to the register.

    Here you can find a free preview of an example of the Procedure for addressing risks and opportunities -https://advisera.com/9001academy/documentation/procedure-for-addressing-risks-and-opportunities/

    You can find more information about  risks and opportunities in ISO 9001:2015 in the following links:

    - Article - How to address risks and opportunities in ISO 9001: https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/

    - Article - Does ISO 9001 require a procedure for addressing risks and opportunities?: https://advisera.com/9001academy/blog/2017/10/10/does-iso-9001-require-a-procedure-for-addressing-risks-and-opportunities/

    - Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
    - Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Vendor Agreement In relation to ISO 13485:2016

    It is mandatory to have a written quality agreement with the company that provides outsourced process (as stated in requirement 4.1.5 from ISO 13485:2016).  In that quality agreement control measures of your company over the outsourced process must be described. Control measures must be proportionate to the risk involved and the ability of the external party to meet the requirements of ISO 13485:2016. 

    For more details about the Purchasing process please read the article at the following link: 

    How can ISO 13485 clause 7.4, Purchasing, enhance procurement? https://advisera.com/13485academy/blog/2018/04/18/how-can-iso-13485-clause-7-4-purchasing-enhance-procurement/

  • BCM framework and policy

    For a BCM framework, I can suggest you ISO 22301, the leading ISO standard for business continuity management. To see how the documents to implement this framework looks like, I suggest you to take a look at the free demo of our ISO 22301 Documentation Toolkit at this link: https://advisera.com/27001academy/iso22301-documentation-toolkit/

    This toolkit covers all the mandatory, and most commonly used, documents you need to implement and certificate a BCMS against ISO 22301. Also included in the toolkit you can find a template for a Business Continuity Policy (you can take a look at the free demo of this specific document at this link: https://advisera.com/27001academy/documentation/business-continuity-policy/).

    ISO 22301 is a generic approach that can be used by business of any size and industry, including those that makes use of SaaS platforms. Included in each template you will find comments that will help you to include the information about your SaaS platform whenever necessary.

    These articles will provide you further explanation about ISO 22301 and BC policy and scope (although these articles are about ISO 27001, the same concept applies to ISO 22301):

  • Level of information classification

    Considering ISO 27001 requirements and controls, to define the proper classification level for your information, you have to consider:

    • the results of risk assessment
    • legal requirements (e.g., laws, regulations, and contracts) applicable to your organization

    For example, Article 9 of EU GDPR defines special categories of personal data https://advisera.com/eugdpracademy/gdpr/processing-of-special-categories-of-personal-data/ which you should classify with a higher confidentiality level, while the rest of the personal data you can classify with lower confidentiality level.

     This article will provide you a further explanation about information classification:
Page 441-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +