Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11275 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Building Management Systems and ISO 14001
For a service-providing organization, where most of the environmental aspects are centered in the operations done at the office, the configuration and management of Building Management Systems can help support the journey to ISO 14001.
A Building Management System manages and monitors equipment such as air-conditioning, energy, ventilation, gas meters, security devices, heating, lighting, and power systems. That equipment may be related to significant environmental aspects. So, a Building Management System helps with what ISO 14001 calls operational control.
You can find more information below:
- Defining and implementing operational control in ISO 14001:2015 - https://advisera.com/14001academy/blog/2016/04/11/defining-and-implementing-operational-control-in-iso-140012015/
- Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-foundations-course/
- Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/
-
What records to create for backup restore?
Please note that ISO 27001 does not prescribe how to record the results of a backup restore test, so you can adopt the record that better fits your needs. It can be a restored log, a report, or a screenshot, as you mentioned. But the most important thing is that this record needs to be validated other way than by the person that performed the restore test.
For example, the backup software may have a feature that validates restoration (then you can use a screenshot of the verification result as a record). Another example is you can perform a restoration of a set of files and ask for the files’ owner to validate the restoration by answering an e-mail or filling a report.
For further information about backup, see:
- Backup policy - How to determine backup frequency https://advisera.com/27001academy/blog/2013/05/07/backup-policy-how-to-determine-backup-frequency/
-
Scope of application of quality standards
By the standards you informed me, I’m assuming you want information about information security standards.
Considering that, NTC refers to Colombian versions of ISO/IEC standards, and the mentioned standards have the following scopes
- NTC ISO/IEC 27000 covers the glossary for information security vocabulary.
- NTC ISO/IEC 27001:2013 and COLOMBIAN TECHNICAL STANDARD NTC-ISO/IEC 27001 cover the requirements for the implementation of an Information Security Management System
- NTC ISO/IEC Guide 73:2002 covers the glossary of risk management vocabulary
- ISO IEC 27005 – 2009 covers the requirements for information security risk management
-
How to become an AS9100 auditor?
Mark, thank you very much for your reply. I really appreciate it. Sometimes it is a challenge trying to find a good starting point. I will dig a little bit more before committing to a particular training course.
-
Customer audits - 17025 requirement?
In all cases if a mandatory ISO 17025 requirement is not applicable to your laboratory, you simply state so in that section of your Quality Manual; or the relevant procedure (if you still need a procedure to cover other process that do apply to you).
You spoke of
the customer requests to monitor laboratory performance being an audit option for clients to 'come and see for themselves'.
The customer requests to monitor laboratory performance could involve a request to receive a report on your evaluation of any agreed service and Quality indicator such as turnaround time; or the validity of results -internal quality control and interlaboratory /PT performance.
You need to show that you would accommodate customer requests of this nature, if they arose.
You also mentioned
demonstrating or explaining in conversation the preparation of items for testing
Yes you are correct in your understanding - here, in your case the process is still relevant. The customer may be interested in you explaining some key aspects of the process to them. Doing this will provide them with confidence in the laboratory.
-
Customer complaint - reporting to the authorities
Yes, you see it correctly. I will paraphrase it: not each complaint will lead to non-conformity and to adverse vents eventually.
In MDR Article 2 Definitions - there is a good definition of what an adverse event is and that should be your guidance:
-
1. adverse event’ means any untoward medical occurrence, unintended disease or injury, or any untoward clinical signs, including an abnormal laboratory finding, in subjects, users, or other persons, in the context of a clinical investigation, whether or not related to the investigational device;
2. serious adverse event’ means any adverse event that led to any of the following:
- death;
- serious deterioration in the health of the subject, that resulted in any of the following: life-threatening illness or injury;
- permanent impairment of a body structure or a body function,
- hospitalisation or prolongation of patient hospitalisation,
- medical or surgical intervention to prevent life-threatening illness or injury or permanent impairment to a body structure or a body function,
- chronic disease,
- fetal distress, fetal death or a congenital physical or mental impairment or birth defect
Our toolkit is tailor-made, so if you think that better logic is to put Registry of Reports to the Authorities from section 08 Customer Complaints and Feedback to 15 Non-conformities, you are absolutely allowed to do that.
-
Is ISO 13485 certification applicable for company which provides eQMS dedicated to medical device industry clients?
If you provide eQMS it is not necessary to have implemented ISO 13485. Rather to me, it seems that it would be helpful to have ISO 9001 and/or ISO 27001.
-
MDR 2017/745
If you put on your own name those glasses frames on the market, then those frames are your medical device. It means that you need to have by yourself prepared Technical documentation according to the Annex II and Annex III of the MDR 2017/745. It means also, that you have to implement ISO 13485 in your company no matter that you are not producing anything by yourself.
If you are not putting those glasses frames with your own brand name, then the Declaration of conformity from the factory is almost enough. Besides that, you need to have also a description of the device, intended purpose, and specification.
For more information, please see:
- EU MDR Annex II - Technical documentation https://advisera.com/13485academy/mdr/technical-documentation/
- EU MDR Annex III - Technical documentation on post-market surveillance https://advisera.com/13485academy/mdr/technical-documentation-on-post-market-surveillance/