Search results

Home / Search

Category:
Select
Select

11272 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • ISO standard for physical security

    I'm assuming you are referring to an ISO standard for physical security. Considering that, please note that physical security is a broad topic (e.g., from the protection of facilities to protection of credit card readers), so without further detail is not possible to give you a more precise answer.

    What I can tell you is that most of ISO standards related to physical security are related to Information Technology (e.g., ISO/IEC TS 30104:2015 Information Technology — Security Techniques — Physical Security Attacks, Mitigation Techniques, and Security Requirement, ISO/IEC TS 22237-6:2018 Information technology — Data center facilities and infrastructures — Part 6: Security systems, and ISO/IEC NP 24383 Information technology — Physical network security for the accommodation of customer premises cabling infrastructure and information technology equipment)

    In this ISO site, you can make a search more detailed according to your demands: <a href="https://www.iso.org/search.html?q=physical%20security&hPP=10&idx=all_en&p=0&hFR%5Bcategory%5D%5B0%5D=standard

    " class="content-link Link" target="_blank">https://www.iso.org/search.html?q=physical%20security&hPP=10&idx=all_en&p=0&hFR%5Bcategory%5D%5B0%5D=standard

    This article will provide you further explanation about physical security and ISO 27001:- Physical security in ISO 27001: How to protect the secure areas https://advisera.com/27001academy/blog/2015/03/23/physical-security-in-iso-27001-how-to-protect-the-secure-areas/- How to implement equipment physical protection according to ISO 27001 A.11.2 – Part 1 https://advisera.com/27001academy/blog/2016/04/18/how-to-implement-equipment-physical-protection-according-to-iso-27001-a-11-2-part-1/- How to implement equipment physical protection according to ISO 27001 A.11.2 – Part 2 https://advisera.com/27001academy/blog/2016/04/26/how-to-implement-equipment-physical-protection-according-to-iso-27001-a-11-2-part-2/- How to implement equipment physical protection according to ISO 27001 A.11.2 – Part 2 https://advisera.com/27001academy/blog/2016/04/26/how-to-implement-equipment-physical-protection-according-to-iso-27001-a-11-2-part-2/

  • Customer feedback

    For European market there is a guidelines from European comission on the following link 

    https://ec.europa.eu/growth/content/draft-guide-distribution-medical-devices-including-vitro-diagnostic-medical-devices_en

    For American market, please follow guidelines from FDA on the following link

    https://www.fda.gov/medical-devices/device-registration-and-listing/who-must-register-list-and-pay-fee

  • ISO 9001 for R&D

    Who decides the product specification, the supplier, the customer, or a co-creation? If the supplier decides the final product specification, clause 8.3 applies.

    If the customer defines the final product specification, clause 8.3 does not apply. Although remains the question about development (what raw materials to use, what production process to use, what process parameters to follow, what process control to follow, what quality control to follow.

    The following material will provide you information about applicability of clauses:

    - What clauses can be excluded in ISO 9001:2015? - https://advisera.com/9001academy/blog/2015/07/07/what-clauses-can-be-excluded-in-iso-90012015/2015/
    - Free webinar on demand - ISO 9001:2015 clause 4 - Context of the organization, interested parties, and scope - https://advisera.com/9001academy/webinar/iso-90012015-clause-4-context-of-the-organization-interested-parties-and-scope-free-webinar-on-demand/
    - free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    - book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • GDPR and local legislation

    Do state authorities have to comply with GDPR? Are there any restrictions?

    Yes, all controller entities must comply with the GDPR provisions. There is one exemption for state authorities and these cannot rely on legitimate interest when processing personal data.

    How does the GDPR compare to the national laws?

    The EU GDPR is called in legal terms “lex generalis” meaning that it can be overwritten by special national laws such as Criminal Code, Tax code, etc.

    Which will prevail in a conflict between GDPR and national laws?

    If the conflict is between a special national law and the GDPR the national law will prevail.

    Does an IP constitutes persoanl data?

    Personal data is defined in art. 4 as “means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”. IP is an identification number thus is considered personal data.

    Can you please provide an example on what automated decision making means?

    A classic example of automated decision making is automated credit checking performed by banks. Basically some algorithm is deployed to calculate the eligibility of a loan based on age, studies, income, gender, etc. to automatically generate a report on the solvability of the potential client.

    If you want to find out more about the EU GDPR check out this EU GDPR Foundations Course (https://advisera.com/training/eu-gdpr-foundations-course//)

  • Certification bodies in Germany

    Please note that you can be ISO 27001 certified by any organization recognized as a certification body by an accreditation body. In Germany, the accreditation body is the German National Accreditation Body (Deutsche Akkreditierungsstelle, DAkkS).

    From this DAkkS site (https://www.dakks.de/en/content/accredited-bodies-dakks) you can find German certification bodies for ISO 27001.

    This search result (https://www.dakks.de/en/content/accredited-bodies-dakks) provided 9 certification bodies in Germany (TÜV SÜD, SGS-TÜV, and DQS among others). Please note that TÜV is a designation, not the name of an organization, i.e., not all organizations named TÜV are related or part of a bigger company.

    This article can provide you further information about certification bodies:
    - How to choose a certification body https://advisera.com/blog/2021/01/11/how-to-choose-an-iso-certification-body/

  • ISO 9001 and service industry examples

    There are scholars that say that everything is a service, that a product can be considered as a physical manifestation of a service or set of services. Some even say that a product is a service avatar.

    Some examples of services are:

    • Selling cars at a stand;
    • Repairing machines;
    • Consulting services about implementing ISO 9001; 
    • Restaurant services; 
    • Hospital services; 
    • School services; 
    • Banking services.

    The following material will provide you information about ISO 9001 and services:

    - Should universities implement ISO 9001? - https://advisera.com/9001academy/blog/2015/04/21/should-universities-implement-iso-9001/
    - Would hospitals benefit from ISO 9001? - https://advisera.com/9001academy/blog/2015/07/21/would-hospitals-benefit-from-iso-9001/
    - How does ISO 9001 help maintain service levels? - https://advisera.com/9001academy/blog/2016/09/13/how-does-iso-9001-help-maintain-service-levels/

  • Designing IM structure and processes

    Designing a process and related roles, responsibilities, documentation, etc. can be treated like designing a service, i.e. in your case – as an item in design/build activity.

  • Collecting customer requirements and clause connection

    I want to know how I can collect the customers’ requirements.

    Explicit customer requirements are usually collected in conversations or communications with them. For example, when ordering an item, customers are identifying the product, the quantity, the location and the delivery time. Implicit requirements are requirements taken granted by the general market. They can be quantity per package, for example. Some requirements customers may not know are relevant, it is up to the supplier's commercial to try to understand how and where the product will be used. When we go to the hairdresser to cut our hair, to say that we want to cut our hair is not enough, we have to explain how we want it cut and how much. Those are our requirements as customers.

    I want to know how I can connect in practical the following ISO 9001-2015 Clauses: (4.1+4.2) with (6.1.1) with (6.1.2)

    There is more than one way to connect those clauses. Note that my approach is not unique nor it may be the best, but this is just how I work, and see it work.

    With clause 4.2 organizations determine who are the relevant interested parties and what are their relevant requirements. That is important because these parties affect an organization's business. For example, an organization determines that a regulator is a relevant interested party. The regulator sets rules and can fine the organization if those rules are not followed. One of those rules can be the composition of a product A.(a)

    With clause 4.1, the same organization determines as relevant an external issue, the trend to more demanding rules about the composition of product A.(b) The same organization determines as a relevant internal issue the difficulty of controlling the composition of product A due to the use of old production equipment. (c)

    When your organization connects those three dots: a+b+c it becomes aware of an important risk (clause 6.1.1). If the regulator increases the requirement for product A composition, the organization will not be able to enforce the regulation.

    With this kind of exercise your organization can determine a list of risks and opportunities. Normally, organizations do not have the resources to act upon every risk and opportunity. So, organizations have to classify their risks and opportunities to determine priorities for action. Clause 6.1.2 is about the action plans to manage relevant risks and opportunities. For example, in this case, the action plan could be around revamping the production equipment to improve the ability to control product A composition.

    I want to know how I can connect in practical the following ISO 9001-2015 Clauses:(8.1) with (9.1 +9.3)

    From clause 8.1 I underline the need to define product/service specifications and the need for process operation settings. Then, there is the need to define and implement product/service and process control. For example, your organization performs quality control every hour, and following that control, decisions are made about acting on the process or on the product/service.

    Clause 9.1.1 is about planning when to gather information about the process and product performance. For example, someone will monthly collect data about product/service defects, or process productivity. Clause 9.1.3 is about looking into monthly data information and making decisions about the process.

    Clause 9.3 is about stepping back, seeing the whole picture about process performance, and connecting with the context, making decisions about the quality management system. For example, what needs to be improved, what is working, and what resources are needed.

    The following material will provide you information about the context and the risk-based approach:

    - ISO 9001 – How to address risks and opportunities in ISO 9001 - https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
    - Free Whitepaper - Case study for ISO 9001:2015 transition in a construction company - https://info.advisera.com/9001academy/free-download/case-study-for-iso-9001-2015-transition-in-a-construction-company
    - free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    - Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Requirements for tenders for ISO 45001 and 14001

    ISO 45001:2018 has some requirements for procurement, contained in clause 8.1.4. For general procurement, you need a process to make sure that products and services meet the needs of the OHSMS. For contractors specifically, you need to coordinate the process to identify any hazards and control any OH&S risks that affect wither your organization or the contractor so that you can have the OHSMS requirements met by the contractor. For outsourcing, you need to control these functions to be consistent with legal requirements so as to achieve the outcomes needed for the OHSMS.

    ISO 14001:2015 does not include any specific requirements for procurement or purchasing. However, in both cases you will need to ensure that any tenders include information necessary to maintain the EMS and OHSMS requirements; in other words let your suppliers know what they need to know to give you what you want to meet your requirements for all management system standard.

    For some more information about outsourcing and ISO 14001, see the article: How to manage outsourced suppliers in line with ISO 14001:2105, https://advisera.com/14001academy/blog/2017/07/11/how-to-manage-outsourced-suppliers-in-line-with-iso-140012105/

  • Ignoring EU GDPR principles

    A controller must ensure the processing of personal data complies with all six of the following general principles:

     

    1. Lawfulness, fairness, and transparency - Personal data must be processed lawfully, fairly and in a transparent manner;

    2. Purpose limitation - Personal data must be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (with exceptions for public interest, scientific, historical or statistical purposes);

    3. Data minimization - Personal data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;

    4. Accuracy - Personal data must be accurate and, where necessary, kept up to date. Inaccurate personal data should be corrected or deleted;

    5. Retention - Personal data should be kept in an identifiable format for no longer than is necessary (with exceptions for public interest, scientific, historical or statistical purposes); and

    6. Integrity and confidentiality - Personal data should be kept secure.

     

    If you want to find out more about the EU GDPR check out this EU GDPR Foundations Course (https://advisera.com/training/eu-gdpr-foundations-course//)
Page 472-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +