Search results

Exclusión del requisito de diseño

Si ustedes aunque fabrican ese kit y lo diseñan sólo van a certificar los procesos de reparación y venta entiendo que la cláusula 8.3 de diseño y desaarrollo puede ser excluida. Sin embargo, tienen que contemplar la posibilidad de si existe un mínimo trabajo de diseño y desarrollo durante la reparación y en ese caso debería de incluir la cláusula. Así mismo la venta puede estar sujeta al requisito de diseño y desarrollo, por ejemplo si su organización es la responsable del transporte de los productos que vende y tiene que diseñar la ruta del transporte, entonces tendría que incluir la cláusula de diseño y desarollo en el alcance del SGC. 

Para más información sobre la exclusión de la cláusula de diseño y desarrollo en ISO 9001:2015 vea los siguientes materiales:

- Artículo - What clauses can be excluded in ISO 9001:2015? - https://advisera.com/9001academy/blog/2015/07/07/what-clauses-can-be-excluded-in-iso-90012015/2015/
- Webinar gratuito - ISO 9001:2015 clause 4 - Context of the organization, interested parties, and scope - https://advisera.com/9001academy/webinar/iso-90012015-clause-4-context-of-the-organization-interested-parties-and-scope-free-webinar-on-demand/
- Inscríbase gratis en este curso -  Curso de Fundamentos de la nroma ISO 9001:2015 - https://advisera.com/es/formacion/curso-fundamentos-iso-9001/
- Libro – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

Background report

After ensuring that you have established the identity of the requestor you have one month to provide an answer.

In your case, you can need to provide the requested information using the same channel you received the request e. g email.

The full process is described in the Data Subject Access Request Procedure in the Toolkit you purchased as well as in this EU GDPR Data Subject Access Request Flowchart (https://info.advisera.com/eugdpracademy/free-download/eu-gdpr-data-subject-access-request-flowchart)

Template content - Access control policy

Please note that the original English text is "When allocating privileges the person responsible must take into account business and security requirements for access (defined in risk assessment), ..."

Considering this text, business and security requirements for access are not defined in the risk assessment. The risk assessment only provides additional information that must be considered when defining such accesses. An example of business requirement for access is remote access to some roles (e.g., sales staff, remote developers, etc.)

Starting ISMS implementation

Unfortunately, these templates are available only in English. To see the free downloadable material we have in German, please access this link: https://advisera.com/27001academy/de/kostenlose-downloads/

Top Management Audit

I cannot give a checklist, but I can provide you with the raw materials to develop your own checklist. You can start by listing all the topics in ISO 9001:2015 (you can see that for ISO 14001:2915 they are almost the same) that can be related with top management. The following article - How to perform an ISO 9001 audit of top management without fear - https://advisera.com/9001academy/blog/2019/05/15/iso-9001-top-management-audit-how-to-perform-it-successfully/ give you a good start.

You can get much more detailed information in the following links:

- Article - ISO 9001 Audit Checklist - https://advisera.com/9001academy/knowledgebase/iso-9001-audit-checklist/
- Article – about the checklist technique - ISO 9001 audit checklist for laboratory - https://advisera.com/9001academy/blog/2018/09/04/iso-9001-audit-checklist-for-laboratory/
- Enroll for free - ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-9001-internal-auditor-course/
- book – ISO Internal Audit: A Plain English Guide - https://advisera.com/books/iso-internal-audit-plain-english-guide/

Integrating ISO 13485 and ISO 27001 & GDPR

You can use the following documents for both ISO 13485 and ISO 27001 because they are practically the same:
- Internal audit procedure
- Procedure for document and record control
- Corrective action procedure

All the other documents are different because they fulfill requirements specific to each standard, so these other documents cannot be integrated.

This way you can have an integrated system and reduce your administrative effort.

Development of an ISMS

For development of an ISMS compliant with ISO 27001, the leading ISO standard for information security management, I suggest to take a look at the free demo of our ISO 27001 Documentation toolkit at this link: https://advisera.com/27001academy/iso-27001-documentation-toolkit/

These articles will provide you further explanation about ISMS compliant with ISO 27001:
- What is ISO 27001 https://advisera.com/27001academy/what-is-iso-27001/
- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
- Where to start from with ISO 27001 https://advisera.com/27001academy/knowledgebase/iso-27001-where-to-start-most-important-materials/

These materials will also help you regarding ISMS compliant with ISO 27001:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

Handling and storing of reference accessories of Multi-product calibrator

From your question, I assume you are asking how to include such items in your existing equipment procedure, as you may not have covered all the components and accessories. To include the accessories of your Multi-product calibrator, you can reference documented criteria as guided by the manufacturer of the components in the product manual. If not specified, simply reference best practices for a particular item, for example “roll electrical cable to avoid kinks, and secure with a suitable tie”. Remember, a record is mandatory, so create a checklist with the required acceptance criteria, listing for example “cables were coiled”, “transported in a case”, “no visible kinks or damage evident”. When using the equipment, use the checklist to acknowledge that the criteria were met and retain your record as evidence.

For an overview of ISO 17025:2017 requirements, please read the following article:

What does ISO 17025:2017 require for laboratory measurement equipment and related procedures? https://advisera.com/17025academy/blog/2019/07/25/iso-17025-measurement-requirements-of-the-standard/  

Controls from Annex A

1 - Is there a documentation by specific Advisera that encompasses the controls in Annex A?

Answer: In your toolkit the documents which cover controls from Annex A are located on Folder 08 Annex A Aecurity controls. To know which document covers which control, please see the List of documents file included in your toolkit.

Additionally, at Advisera site you have access to several articles and free downloadable materials covering controls from ISO 27001 Annex A (without more details about your needs we cannot point specific material, but feel free to send additional emails with specific doubts).

2 - Is a specific document necessary for each of the 114 controls?

Answer: ISO 27001 does not require you to document each and every control - in the List of documents that you received together with your toolkit you will see which documents are mandatory, and which are not.

In the toolkit you bought you have not only documents covering the mandatory requirements of the standard, but also documents covering the most common controls and practices adopted.

These articles will provide you further explanation about mandatory documents and controls from Annex A:

- List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
- Overview of ISO 27001:2013 Annex A https://advisera.com/27001academy/iso-27001-controls/
- How to structure the documents for ISO 27001 Annex A controls https://advisera.com/27001academy/blog/2014/11/03/how-to-structure-the-documents-for-iso-27001-annex-a-controls/
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
- Where to start from with ISO 27001 https://advisera.com/27001academy/knowledgebase/iso-27001-where-to-start-most-important-materials/

Surveillance audit for a new facility

Is this new facility within the scope of your quality management system? If the answer is no, your organization does not need to do anything

If the answer is yes, your organization should communicate that change to the certification body, together with a plan for the integration of that new facility in the quality management system.

For example, when an organization acquires another facility, ISO 9001:2015 clause 6.3 is used, some of the things that need to done can be: training people in the new practices and procedures; introducing the new procedures; creating/changing quality control plans; integrating infrastructure in the system, calibrating monitoring resources, … 

As an auditor I would like to see an integration planning and evidences of implementation and effectiveness verification. For example, everything can start with determining risks and opportunities coming from that new facility added into the quality management system. 

You can get much more detailed information in the following links:

- Article - QMS Change Management in 7 steps – https://advisera.com/9001academy/blog/2016/11/29/qms-change-management-in-7-steps/
- Article - How to address risks and opportunities in ISO 9001 - https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
- Enroll for free - ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-9001-internal-auditor-course/
- book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/