Search results

Home / Search

Category:
Select
Select

11272 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Maintenance

    In the maintenance procedure, basically, how you will do the maintenance, where to register, your failure maintenance intervention method, your periodic maintenance types, your predictive maintenance types, and their frequencies should be explained. It is also good to mention your analysis method and actions to be taken for frequent maintenance failures.

    It may also be necessary to mention how and where to store spare parts and their minimum & criticality levels. Maintenance instructions should be written separately for the equipment. It would be good to have information such as how often equipment will be maintained, where to check, and how often to change.

  • How would ISO 27001 help secure system from ransomware attack?

    The systematic approach for information security provided by ISO 27001 can help an organization justify, by means of risk assessment and legal requirements (e.g., laws, regulations, and contracts), why implementing security measures against ransomware attacks is important, and, by means of controls listed in its Annex A, which controls can be used (e.g., A.8.13 Information backup, A.8.8 Management of technical vulnerabilities, and A.8.7 Protection against malware).

    This article will provide you with further explanation about treatment against malware:

  • Information security policy review

    Depending upon the quantity and severity of information security incidents, you should review some elements of the Information Security Policy, such as:

    • risk management: are the process steps and acceptance criteria properly defined?
    • responsibilities: responsibilities for implementation, maintenance properly assigned
    • support: all required resources to implement and improve information security are available

    Please note that in most cases the information security incidents will point to minor adjustments in specific controls or processes.

    For further information, see:

  • Residual Risk Question

    Please note that the information about measures taken to mitigate risk and the residual risk level can be found in Appendix 2 - Risk Treatment Sheet of the Risk Assessment and Treatment Report

    You can find this document through the link “Documents” in the left panel in Conformio main screen, path ISO 27001 >> Lists reports statements and plans.

  • Information about undesirable event and conducting investigation

    1. through which communication channels does the user send a message about an undesirable event to the manufacturer of the medical device?
    By the address that is on the medical device box or in instruction use. Today of course it is mostly used by e-mail. The point is that it should be documented, and not conducted by phone.
    2. In which cases the competent authority itself conducts an investigation?"
    The competent authority can make an investigation if they receive any information regarding some adverse events or the possibility of a fake medical device.

  • Is proficiency testing required when using outside lab?

    While PT performance can be used as objective evidence of individual competence, the laboratory needs to participate in a formal scheme or an alternative external proficiency assessment. Please have a look at https://community.advisera.com/topic/pt-ilc/ which will provide more information on the mandatory requirement for the laboratory to participate in proficiency testing (PT).

  • Appointing Data Controller

    Every company is at some point a data controller, for common personal data processing operations like hiring, payroll, financial reporting, etc, and its responsibilities are detailed in Article 24 – Responsibility of the controller. If your question is related to Data Protection Officer, the requirements of a company whether to designate a DPO or not are detailed in Article 37 GDPR - Designation of the data protection officer. Namely, a company must designate a DPO if it is a public authority or body, or if its core activities consist of processing operations that require regular and systematic monitoring of data subjects on a large scale; or if its core activities consist of processing on a large scale of special categories of data and personal data relating to criminal convictions and offenses. However, designating a DPO can be seen as a highly-recommended organizational measure to lower the risks related to personal data processing.

    If the company decides to designate a DPO, we recommend taking the EU GDPR Data Protection Officer Course on Advisera (link below) and working with the EU GDPR Documentation Toolkit provided by Advisera (link below) that contains all necessary documentation to become GDPR-compliant.

    Please also consult these resources:

  • What are the laws and regulations to be included in the ISO 27001 Register of Requirements?

    Please note that information security is not related only to personal information. Some examples of information that also may require to be protected can be related to business information (e.g., strategic plans, product R&D information), and financial information (e.g., tax payment records).

    Considering that, depending upon the Information Security Management System scope, besides Personal Data protection laws/regulations, organizations also may have to be compliant with other legal requirements (laws, regulations, or contracts) related to information, like the ones you mentioned.

    Our recommendation is for you to consult a legal advisor in your country.

    For further information, see:

Page 45-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +