Search results

Home / Search

Category:
Select
Select

11275 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Joint Controllers

    According to article 26 of GDPR, the joint controllers must “determine their respective responsibilities for compliance with the obligations under this Regulation […] by means of an arrangement between them […]  The arrangement referred to in paragraph 1 shall duly reflect the respective roles and relationships of the joint controllers vis-à-vis the data subjects”. So, since you mentioned that joint controllers A and B have such an agreement, the agreement should include each controller’s responsibilities related to each phase of personal data processing. If Company B suffered a data breach, then company B should be held accountable, but it depends a lot on what is exactly written in the data sharing agreement related to responsibilities, who is doing the reporting to the relevant data protection authority, and of course to what was communicated to the data subjects, as requested by Art 26 GDPR: “The essence of the arrangement shall be made available to the data subject.”.

    Please check these links:

  • GSPR

    According to the MDR Article 10, point 9, The quality management system shall address at least the following aspects: 

    b) identification of applicable general safety and performance requirements and exploration of options to address those requirements;

    So there is no direct requirement for the procedure, but as part of your QMS, there must be an explanation for the general safety and performance requirements. 

    For more information, see:

    • EU MDR Article 10 - General obligations of manufacturers https://advisera.com/13485academy/mdr/general-obligations-of-manufacturers/

    • Outsourced development

      Please note that, in a general way, when you have any part of the software development performed by personnel hired by external parties then you have outsourced development, regardless of the level of control your management have over this team, or the organization’s resources they have access to.

    • Maintenance

      In the maintenance procedure, basically, how you will do the maintenance, where to register, your failure maintenance intervention method, your periodic maintenance types, your predictive maintenance types, and their frequencies should be explained. It is also good to mention your analysis method and actions to be taken for frequent maintenance failures.

      It may also be necessary to mention how and where to store spare parts and their minimum & criticality levels. Maintenance instructions should be written separately for the equipment. It would be good to have information such as how often equipment will be maintained, where to check, and how often to change.

    • How would ISO 27001 help secure system from ransomware attack?

      The systematic approach for information security provided by ISO 27001 can help an organization justify, by means of risk assessment and legal requirements (e.g., laws, regulations, and contracts), why implementing security measures against ransomware attacks is important, and, by means of controls listed in its Annex A, which controls can be used (e.g., A.8.13 Information backup, A.8.8 Management of technical vulnerabilities, and A.8.7 Protection against malware).

      This article will provide you with further explanation about treatment against malware:

    • Information security policy review

      Depending upon the quantity and severity of information security incidents, you should review some elements of the Information Security Policy, such as:

      • risk management: are the process steps and acceptance criteria properly defined?
      • responsibilities: responsibilities for implementation, maintenance properly assigned
      • support: all required resources to implement and improve information security are available

      Please note that in most cases the information security incidents will point to minor adjustments in specific controls or processes.

      For further information, see:

    • Residual Risk Question

      Please note that the information about measures taken to mitigate risk and the residual risk level can be found in Appendix 2 - Risk Treatment Sheet of the Risk Assessment and Treatment Report

      You can find this document through the link “Documents” in the left panel in Conformio main screen, path ISO 27001 >> Lists reports statements and plans.

    • Information about undesirable event and conducting investigation

      1. through which communication channels does the user send a message about an undesirable event to the manufacturer of the medical device?
      By the address that is on the medical device box or in instruction use. Today of course it is mostly used by e-mail. The point is that it should be documented, and not conducted by phone.
      2. In which cases the competent authority itself conducts an investigation?"
      The competent authority can make an investigation if they receive any information regarding some adverse events or the possibility of a fake medical device.

    • Is proficiency testing required when using outside lab?

      While PT performance can be used as objective evidence of individual competence, the laboratory needs to participate in a formal scheme or an alternative external proficiency assessment. Please have a look at https://community.advisera.com/topic/pt-ilc/ which will provide more information on the mandatory requirement for the laboratory to participate in proficiency testing (PT).
Page 45-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +