Search results

Calibration of measurement equipment

You asked:

Question - In relation to recalibration or our own equipment What information would you look for on the calibration certificate to determine the equipment needs to be recheck and why? 

I assume you are referring to external calibration? The certificate should not specify the recalibration date. The decision is that of the laboratory based on need, meaning assurance of test results generated using your equipment. The unbroken chain of calibrations is what provides the Metrological traceability for your results, to meet ISO 17025 clause 6.5.

The calibration interval will vary depending on the type of equipment, in terms of its robustness. The accreditation bodies typically have requirements and or guidelines on this, guided by ILAV (see link below). Some sectors of work and instruments will require a mathematical calculation to determine that the interval is suitable. Typically however, the laboratory itself must look at the need to make the interval shorter due to risk, or justify increasing the interval due to lack of risk. Take an analytical balance for example, that is well looked after. You may typically have it calibrated externally say once a year. Then you perform intermediate checks (verification) before use that verify that the balance is still calibrated and fit for use. Based on risk, you set the range your verified mass should fall within. You should of course, use calibrated mass pieces of a suitable class depending on the type of balance. Then you watch for trends. If you see the performance deteriorating, to minimise risk you would have the next external calibration sooner.

You also asked

What key requirements should I consider when managing all equipment in our lab to insure reliable result? Equipment register?"

Look at Clause 6.4 (Equipment) in ISO 17025, together with clause 6.5 Metrological Traceability where all the requirements are stated. Any that can jeopardise the competency of the laboratory to generate valid results must be considered, risk assessed and controls put in place. For example if am instrument is potentially unstable (drifts) then you would run reference samples (of known result) more often. When those results fail, then the unknown results are not reliable and corrective action must be taken, which may include recalibration.

For more information, have a look at:

• The response to the question Is it necessary having third party come to certify accuracy of my equipment periodically at https://community.advisera.com/topic/is-it-necessary-having-third-party-come-to-certify-accuracy-of-my-equipment-periodically/
• The article: What does ISO 17025:2017 require for laboratory measurement equipment and related procedures? at https://advisera.com/17025academy/blog/2019/07/25/iso-17025-measurement-requirements-of-the-standard/
  The ISO 17025 toolkit document template: Equipment and Calibration Procedure at https://advisera.com/17025academy/documentation/equipment-and-calibration-procedure

Also refer to  ILAC P10:07/2020 ILAC Policy on Metrological Traceability of Measurement Results and ILAC G24:2007 Guidelines for the determination of calibration intervals of measuring instruments, available from https://ilac.org/publications-and-resources/

GDPR clarifications

Is consent needed to transfer personal data to other countries outside EU?

Not necessarily. Content is needed only as an exemption if the other safeguards in Chapter 5 of the GDPR. If you want to find out more about international data transfers check out this webinar : “How to make personal data transfers to other countries compliant with GDPR” (https://advisera.com/webinars/how-to-make-personal-data-transfers-compliant-with-gdpr-free-webinar-on-demand/).

Do I need to have a data processing agreement with data controllers?

Although not mandated by the EU GDPR it is a best practice to have a Controller to Controller Agreement in place. You can find such a template at : https://advisera.com/eugdpracademy/documentation/controller-to-controller-data-processing-agreement/

When can legitimate interest be used as a legal basis?

It can be used but you need to perform a Legitimate Interest Assessment to prove that your interest is not infringing upon the rights and freedoms of the data subjects.

Do I need to insert data protection specific clauses in work contracts?

The GDPR does not specifically require such clauses to be included in the labor agreements however you need to ensure that you have in place appropriate confidentiality clauses.

Can I delete the data of a former emplyee if he makes a request?

The right to be forgotten in not an absolute right especially when we are taking about labor law. As a company you have some legal obligations so you need to ensure that you are not breaking such obligations before deleting the unnecessary data.

How much time do I have do delete the data?

The GDPR allows for one month before you need to respond to a request. However, if the request is complex you can extent the period to a maximum of 3 months. You can find out more about data subject rights in our webinar : Data Subject Rights under the EU GDPR (https://advisera.com/eugdpracademy/webinar/data-subject-rights-under-the-eu-gdpr-free-webinar-on-demand/).

GDPR Data Protection office course and GDPR Fundamental course

The EU GDPR Foundations is meant to build general knowledge about the EU GDPR and is around 8 hours while the EU GDPR Data Protection Officer Course is more detailed and is more aimed towards persons fulfilling the role of Data Protection Officer. Additionally, the EU GDPR Data Protection Officer Course takes around 15 hours to complete.

ISO 22301 templates update

Good morning, as you know, buy the package of documents for 27001 and 22301.

Since October, version 22301 2019 is already available, can you please confirm if you plan to update the documents that have changed or if, on the contrary, it will remain in the purchased version?

We are working on the updates of ISO 22301 templates, and as soon as we finish the updated versions they will be sent to all customers who purchased the toolkit within last 12 months, without charge.

Access control policy

Great answer by referring to exactly where the topic document can be found with content. 👍

Supplier compliance

First is important to note that being compliant is different than being certified.

If an organization fulfills ISO 27001 requirements then it is ISO 27001 compliant.

If an organization is ISO 27001 certified, it means that an accredited certification body has independently verified that the organization fulfills ISO 27001 requirements.

Considering that, since the UK office is not included in the certification, you should audit this office, by using your own auditors or a third-party auditor in your behalf, to verify if the UK office is ISO 27001 compliant.  

Frame time for non conformity closing

Please, can you elaborate a little bit more?

Thank you.

Environmental action, hazards and risks for oil and gas company

Any meaningful environmental action should start with a complete environmental survey to determine and assess environmental aspects and impacts. Impact assessment will allow an organization to define priorities for environmental action. Each organization, based on location, based on interested parties, based on each country or economic zone regulation, based on its own experience and history will have its own environmental hazards and risks.

The following material will provide you more information about aspects and impacts:

- 4 steps in identification and evaluation of environmental aspects - https://advisera.com/14001academy/knowledgebase/4-steps-in-identification-and-evaluation-of-environmental-aspects/
- Environmental aspect identification and classification - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/environmental-aspect-identification-and-classification/
- Free webinar - Free webinar - ISO 14001: Identification and evaluation of environmental aspects - https://advisera.com/14001academy/webinar/iso-14001-identification-and-evaluation-of-environmental-aspects-free-webinar-on-demand/
- Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
- Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/

Signature in the Advisera's Documentation

Please note that ISO 27001 requires that documents must be approved, and the organizational information presented in the templates only identifies who was involved in the creation and approval process.

Signing the document, either physical or electronic, is one way to ensure it was approved by authorized person, but if you can provide another way to ensure this proper approval you can delete the parts of the text about signature.

For example, for electronic documents, if you use a document management system (DMS), most probably it has an approval feature that can be used to evidence proper approval.

For physical documents, the use of personalized stamps or seals can substitute the signature.

This article will provide you further explanation about managing documents:
- Document management in ISO 27001 & BS 25999-2 https://advisera.com/27001academy/blog/2010/03/30/document-management-within-iso-27001-bs-25999-2/

These materials will also help you regarding managing documents:
- Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/

ISMS risk calculation

The main standard for information security risk management is the ISO 27005, which you can see a preview at this link: https://www.iso.org/standard/75281.html

These articles will provide you further explanation about risk identification and calculation:
- ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
- ISO 27001 risk assessment: How to match assets, threats, and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
- How to assess consequences and likelihood in ISO 27001 risk analysis https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#assessment

These materials will also help you regarding risk identification and calculation:
- The basics of risk assessment and treatment according to ISO 27001 [free webinar] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/