Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Integrating ISO 27001 and ISO 9001

    First is important to note that ISO 27001 does not require an "information security manual", so in this specific case, you do not need a separate document.

    Considering that, ISO 9001 and ISO 27001 share many similar requirements that allow the use of a single document for both systems (e.g., document control procedure, internal audit, etc.). Other required documents defined specifically for each standard, such as security policies and quality plans, can be kept separated without risks to create inconsistencies.

    These articles will provide you further explanation about integrating management systems:

    To see how ISO 27001 documents look like, I suggest you take a look at the free demo of our ISO 27001 Documentation Toolkit at this link: https://advisera.com/27001academy/iso-27001-documentation-toolkit/

    This course can also be of help:

  • Environmental scope

    If an organization has more than one location, the scope should include the activities or processes involved, the products or services considered, and the name and addresses of each location. Each location has to comply with legal and regulatory requirements applicable to its own location.

  • Humidity Control

    There is no strict requirements from the ISO 13485:2016 standard about humidity. In requirement 7.5.11 Preservation of the product is descibed that it is organization resposnibility to protect product from alteration, contamination or damage when exposed to expected conditions. 

    Therefore, it is manufacturer resposnibility to define under which humidity level medical device must be stored. Usually, this data are obtained during stability study which is one of the main requirement from Medical Device directive. 

  • ISO 27018 versions

    Thans

    Regards

  • ISO 27001 new version

    Please note that ISO 27001:2013 was last reviewed and confirmed in 2019, so the 2013 version remains current, without alterations, and you can use the documents of the toolkit without a problem.

    The document released in 2018 was ISO 27000, which is a supporting standard, covering Information Security vocabulary.

  • Acceptance media

    The AS9100 standard does not give you the rules for acceptance stamps because the standard describes what you need to do, but not how to do it. The standard states that you need to have a process in place for acceptance stamps, if you are going to use them, but it does not dictate the rules. So, for your question of if a person can be trained in 2 different processes and have a stamp for each this will not be dictated in AS9100 since this may differ in different areas of aircraft, space and defense. If your customer requirements and legal requirements do not state that this is unacceptable, you can do so.

    You can find out more about acceptance media in the article: Acceptance authority media (AAM) in AS9100 Rev D, https://advisera.com/9100academy/blog/2019/06/20/as9100-acceptance-authority-media-aam-in-rev-d/

    If you are looking for some help to implement AS9100, check out our book: Applying AS9100 Rev D, https://advisera.com/books/applying-as9100-rev-d/

  • Defining job roles

    The AS9100 audit of the QMS will not only include the standard, but also how you have implemented the processes of the QMS in order to provide products and services that meet customer needs. This will include all customer and legal requirements that are applicable to your ability to provide products and services as they are included into the QMS. So, if you have a customer or legal requirement to define the aircraft certification roles, then this is part of your QMS and therefore part of the AS9100 audit of your QMS.

    You can read more about documenting roles in the QMS in the article: How to document roles and responsibilities according to AS9100 Rev D, https://advisera.com/9100academy/blog/2018/08/28/how-to-document-roles-and-responsibilities-according-to-as9100-rev-d/

    If you are looking for a guide to implement the standard, our book might help:  Applying AS9100 Rev D, https://advisera.com/books/applying-as9100-rev-d/

  • ISO 27001 certification process

    1. I am currently in the process of trying to get our company ISO 27001 certified. That being said, after going through your toolkit and getting all the document and policies in place, what would be our next step?

    After the implementation of documents and controls, you need to make sure that everyone in the company is complying with ISMS documents, i.e. performing all the activities prescribed there.


    These articles will provide you further explanation about the implementation process:

    2. Who is it that certifies us that we are ISO 27001 certified and provides the certification?

    Organizations that issue certification are called certification bodies (a person cannot certify an ISMS), and a proper certification body must select according to your needs.

    These articles can provide you further information:

    3. I also see that you have a course for lead auditor, what is the benefit of this certification?

    The lead auditor course is recommended for those who want to work as a certification auditor for a certification body. For those who only want to audit his/her own certification, the internal auditor course is a better option.

    This article will provide you a further explanation about the Lead Auditor course:

    This material can also help you:

  • ISO 27001 and SIEM

    I would like to address the issue of how to integrate ISO 27001 with the implementation of a SIEM, that is, I have clear some concepts and some existing relationships, but I would like to better base this integration and learn more about ISO 27001 to be able to relate it.

    A Security Information and Event Management (SIEM) is a software or service which combines security information management (SIM) and security event management (SEM), providing real-time analysis of security alerts generated by network hardware and applications.

    ISO 27001 is a set of requirements to plan, implement, operate and improve an Information Security Management System. It is composed by a set of requirements for information security management (section 4 to 10), and a set of controls (Annex A), which can be used to treat relevant risks.

    Considering these definitions, you can understand SIEM as an implementation way for some controls from Annex A (primarily those from sections A.12.4 Logging and monitoring, A.13.1 Network security management, and A.16 Information security incident management).

    A proper integration between ISO 27001 and SIEM is ensured based on the results of risk assessment and risk treatment, were relevant risk are identified and treated by the application of controls defined in the above-mentioned sections.

    This article will provide you further explanation about ISO 27001 security controls:

    These materials will also help you regarding ISO 27001:

  • Risk Analysis

    First you need to define the risk management team. The next step is to define the risk management plan and select the methodology for risk assessment. Most use methodology is FMEA (Failure mode and effects analysis), but of course, you are free to use any methodology that you find applicable, and that covers all aspects of SO 14971:2019 Medical devices — Application of risk management to medical devices. After you define your methodology, you execute risk management. According to the ISO 14971:2019 following steps must be covered: risk identification, risk estimation, risk evaluation, implementation of risk control measures and estimation of residual risks. 

    For more details, please see the following article:

  • How to use ISO 14971 to manage risks for medical devices https://advisera.com/13485academy/blog/2017/09/21/how-to-use-iso-14971-to-manage-risks-for-medical-devices/

    Our Premium toolkit has step-by-step guidance on how to perform risk management processes, how to perform identification, evaluation, and addressing of risks that arise from design and development, production and service delivery, sterilization, and post-delivery processes. Also, in our Toolkit is described which persons need to be involved according to their role in the organization. Recommended technology is FMEA (Failure mode and effects analysis). All reports required by new ISO 14971:2019 Medical devices — Application of risk management to medical devices are prepared so that you can totally be in compliance with the state-of-the-art.  When you buy the Toolkit and start to implement documents, you have a one-hour free talk with the consultant, so for any other doubts, you are free to request a call with an expert.

  • You can see the details of the ISO 13485 & ISO 14971 Premium Documentation Toolkit here: https://advisera.com/13485academy/iso-13485-iso-14971-premium-documentation-toolkit/ "

     
Page 444-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +