Search results

Question about pH meter

There are four possible components that could be the issue, namely the meter, ion selective electrode, application (including sampled) and the technique. To troubleshoot, I suggest you contact the supplier and ensure you have the manual and handling instructions for both the meter and electrode. Then work systematically to isolate the problem
You can refer to the ASTM D1179-16(2021)e1 Standard Test Methods for Fluoride Ion in Water or EPA method SW-846 Test Method 9214: Potentiometric Determination of Fluoride in Aqueous Samples with Ion-Selective Electrode, for a method, including the principle of calibration. 
See here https://www.astm.org/d1179-16r21e01.html and https://www.epa.gov/hw-sw846/sw-846-test-method-9214-potentiometric-determination-fluoride-aqueous-samples-ion

Mandatory and nonmandatory documents.

1. I hope everything is well with you

I have A question about ISO27001 Implementation Tool kit does the toolkit contain or cover all the documents that I will need to comply with ISO27001 because I notice for example when I Review the document internal audit checklist regarding control A6 YOU Need evidence for the are all information security responsibilities clearly defined through one or several documents? For example, and if that compliant or not my question here I MUST CONDUCT Document for the A.6.1.1 AND A6.1.2 AND A6.1.3 AND A6.1.4 THIS IS MY QUESTION

Please note that our ISO 27001 Documentation Toolkit covers all mandatory documents and some documents that are not mandatory. Many of the clauses and controls you mentioned do not need to be documented according to the standard, and in our opinion, it would be an overhead to document each and every one of them in a small company. 

Our toolkit is created specifically for smaller companies that want to implement ISO 27001 in a quick way, without unnecessary paperwork; for larger companies that require more documents, we recommend getting some other solution.

Regarding control A.6.1.1 (Information security roles and responsibilities), all document templates include defined roles and responsibilities for defined activities. Controls A.6.1.2 (Segregation of duties) to A.6.1.4 (Contact with special interest groups) do not require documentation, and simple records of contacts performed and activity logs demonstrating segregated activities will be sufficient.

2. Also I’m confused regarding the document I Downloaded from ISO27001 Academy named checklist of mandatory documentation required by ISO27001 BECAUSE the document contain the part explain the nonmandatory documents

And this part contain for example document about BYOD I CONFUSED BECAUSE THE DOCUMANTION TOOLKIT CONTAIN THE BYOD DOCUMENT WHICH IS RIGHT THE DOCUMANTION TOOLKIT OR THE DOCUMENTS WHICH I Downloaded from the ISO 27001 Academy

Please explain to me

Please note that nonmandatory documents presented in the article are the ones commonly adopted by organizations to make information security management easier, but they do not need to be implemented by all organizations. The BYOD policy is an example.

ISO 27001:2022 Documentation Toolkit

Question about MSA Implement

As mentioned earlier, measuring instruments can measure more than one feature. If these 3 different features you mentioned are important for product suitability, that is, product characteristics that need to be measured; It is preferred that the MSA study be performed for each measurement feature.

MDR/ISO 13485 risk management of "SYSTEM"

It should be done for its individual parts. 

Which ISO standards are mandatory to purchase as an official version?

Yes, you are right, ISO 13485 and ISO 14971 are mandatory. As for other standards, it depends on what your medical device is.

For all medical devices are also applicable following standards:

• ISO 20417:2021 Information from the manufacturer
• ISO 10993-1:2018 Biocompatibility
• ISO 15223-1:2021 Labelling
• IEC 62366-1:2015 Usability

There are also a lot of different technical standards. For example, if your medical device is sterile, then you need to have ISO standards relating to your type of sterilization. If your device requires electricity, then it has to be electromagnetic compatible.

List of all harmonized standards are published on several links as follows:

• https://health.ec.europa.eu/medical-devices-topics-interest/harmonised-standards_en
• https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.LI.2020.090.01.0001.01.ENG&toc=OJ:L:2020:090I:TOC
• https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2021.129.01.0153.01.ENG

• ISO 27001:2022 Documentation Toolkit

  Dear All,

  Trust all is well

  The advisera document toolkit for ISO 27001, ISO 9001& ISO 14001 has been a great help to our organization. We have a partnership with Advisera..

  
  The much-awaited ISO 27001:2022 is finally here. Just want to ask the following questions:-

  1. Whether ISO 27001:2013 version documentation toolkit can used in the transition of ISO 27001:2022 version. If yes, How can it be done and If no, please provide the reason also?
  2. When will be Advisera ISO 27001:2022 documentation toolkit will be available? Any timelines for that
  3. Can u please provide the quotes for Advisera ISO 27001:2022 Documentation toolkit?

  Looking forward to hearing from you

• Query Related to ISO 27001

  From your scenario, I’m understanding that your customer is a solution provider that does not own the operational infrastructure.

  Considering that, ISO 27001 certification is possible for this customer considering the protection of the information in the process it controls (i.e., sales marketing).

  Since the IT solutions provided are outsourced, these are out of the scope (these could be handled by means of contracts/services agreements signed with such providers).

  For further information, see:

  • Tool for defining the ISO 27001 ISMS scope https://advisera.com/insight/chatbot-tool-iso-27001-scope/
  • 6-step process for handling supplier security according to ISO 27001 https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/

• ISO 27001:2013 Certification

  Please note that ISO 27001 provides a systematic way to implement Information Security management, and its sequence is a bit different from what you proposed:

  1. getting management buy-in for the project
  2. defining ISMS basic framework (e.g., scope, objectives, organizational structure), by understanding the organizational and the requirements of interested parties
  3. development of risk assessment and treatment methodology
  4. perform a risk assessment and define a risk treatment plan
  5. controls implementation (e.g., policies and procedures documentation, acquisitions, etc.)
  6. people training and awareness
  7. controls operation
  8. performance monitoring and measurement
  9. perform internal audit
  10. perform management critical review
  11. address nonconformities, corrective actions, and opportunities for improvement.

  In short:

  • part of the mandatory documents and records are created before risk assessment and treatment processes (e.g., scope, objectives, organizational structure), and the other part after it (e.g., policies and procedures documentation related to implemented controls, internal audit report, management review, etc.)
  • controls are implemented after the approval of the Statement of Applicability, not before

  This article will provide you with further explanation about ISO 27001 implementation:

  • ISO 27001 implementation steps https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/

• A.8.11 Data Masking

  The implementation of data masking as a good practice or to fulfill a requirement will depend on the results of risk assessment (i.e., relevant risks), and the existence of applicable legal requirements (e.g., laws, regulations, or contracts).

  In case you have relevant risks or legal requirements demanding the implementation of data masking, implementing control A.8.1.1 control would be a requirement, otherwise, its implementation could be seen as a good practice.

  Regarding its balance with the business day to day operation, you should evaluate the positive impact of its implementation (e.g., reduction of costs due to information security incidents) against negative effects (e.g., reduction in processes performance or productivity), so you can evaluate the extension on ho implement the control.

  For example, for some processes, you may implement heavy masking practices and still have acceptable operational results, and for others, even the slighted practices won’t be worth it (and for these cases you may have to accept the risk, since applying the control will bring more problems than solving them).

  This article will provide you with further explanation about applying controls:

  • Risk treatment https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#treatment