Search results

Home / Search

Category:
Select
Select

11277 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Medical device file structure


    Answer:
    There is no template for Medical device file because its content is defined by the Medical Devices Directive 93/42 / EEC (https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CONSLEG:1993L0042:20071011:EN:PDF The Directive states which documents are required. Medical device file template is quite hard to do because there is extremely a lot of different things that are considered medical devices: from spoons for giving antibiotics through a variety of software, infusion tube, gauze and covers for surgery to artificial hearts.

    Medical device files includes descriptions of design records, manufacturing processes, product specifications, device usage guides, quality measurement criteria, levels of compliance with regulatory bodies and quality standards, and, if required, servicing and installation records and their guidelines. For more detailes how to prepare medical device file you can find i n following link: https://advisera.com/13485academy/blog/2017/06/28/how-to-meet-iso-13485-requirements-for-medical-device-files/

  • Legal requirements and security awareness

    Although the call was very interesting for us, some new questions are still emerging and we would like to get support from emails. I will start with two questions:

    1. When I'm looking for my suppliers and they only have EU-U.S. Privacy Shield, Swiss-U.S. Privacy Shield creditations for information privacy, is that enough assuring compliance with ISO 27001 ? And What about SOC2 and SOC 3 ?

    Answer: Considering ISO 27001, your suppliers need to be compliant with the legal requirements your own organization must be compliant with regarding information security, if they will have access to information in the scope of your ISMS. Considering that, if your organization must be compliant with SOC2 and SOC3, and your suppliers will have access to information related to these two requirements, then your suppliers will also have to be compliant with SOC2 and SOC3. If this is not the case, then your suppliers do not need to be compliant with such legal requirements.

    2. Now talking about security awareness for all employees, is the confirmation that all employees watched a series of security awareness videos (like the ones in Advisera eTraining) enough for being compliant with ISO 27001 A.7.2.2 ?

    Answer: Regarding awareness, a confirmation that an employee has watched security awareness videos will be sufficient to comply with control A.7.2.2. But you must note that this controls also cover training and education, and for these evaluations of improvement after the training or education activities are also required.

    This article will provide you further explanation about awareness and training:
    - How to perform training & awareness for ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/05/19/how-to-perform-training-awareness-for-iso-27001-and-iso-22301/

  • ISO 27005 and ISO 27001


    Answer:

    ISO 27005 is a supporting standard to ISO 27001, detailing how to implement risk management for information security (basically covering ISO 27001 clauses 6.1.2 and 6.1.3).

    Considering that, if you already defined a risk assessment and treatment process for your ISMS, then you have to evaluate if your defined approach is compliant with ISO 27005, and make proper adjustments. If you have not defined your risk assessment and treatment process yet, then you only need to follow ISO 27005 recommendations for each step of ISO 27001 clauses 6.1.2 and 6.1.3.

    This article will provide you further explanation about implementing risk management:
    - ISO 27001 risk assessment & treatment – 6 basic steps https:// advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/

    If you want to see how a risk management process compliant with ISO 27005 looks like, I suggest you to take a look at the free demo of our ISO 27001/ISO 22301 Risk Assessment Toolkit at this link: https://advisera.com/27001academy/iso-27001-22301-risk-assessment-toolkit/

  • IT Service Management implementation


    Answer:
    Depending on the organization (implementing ITSM) as well as process maturity, there are many elements that must "fit" so that ITSM is implemented (which could be very broadly interpreted, anyways).
    So, here are few items that must be in place, adapted to the services you provide and managed:
    processes
    organization
    tool(s)/technology
    partners

    Each of these elements must fit for purpose, be mature and be managed.
    Here are few articles that will give you a hint how to start:
    Ready, steady… go – Starting ITIL implementation https://advisera.com/20000academy/blog/2014/06/10/ready-steady-go-starting-itil-implementation/
    7 effective strategies to gain employee buy-in for ISO 20000 implementation https://advisera.com/20000academy/blog/2017/09/05/7-effective-strategies-to-gain-employee-buy-in-for-iso-20000-implementation/

    This free webinar can help you speed up the implementation "How to use a Documentation Toolkit for the implementation of ITIL / ISO 20000" https://advisera.com/20000academy/webinar/how-to-use-a-documentation-toolkit-for-the-implementation-of-itil-iso-20000-free-webinar-on-demand/

  • Start rolling a plan for the implementation of an IMS

    Answer I recommend an approach like this one: 1. Why does your organization exist? It exists to offer dairy products. Consumers buy dairy products to your company clients and they pay your company for the supplies. So, I start by determining who are the interested parties, what do they want/need from your company, and what does your company want/need from them. 2. Draw a model of how your organization work based on the process-approach. I use this model as the anchor because the company only exists because of clients and consumers. 3. Assess your company’s environmental aspects and impacts based on your processes, products and services. Later, when you decide how to handle the relevant environmental aspects consider what kind of changes or controls should be introduced or improved in each process. This is important because you want to have an IMS, you don’t want people to wear different hats if they are working on quality, environment or health and safety. You want that people do their work and while doing their work they produce good products, minimize environmental impacts and do it safely. 4. Do the same for health and safety. 5. Previous steps will help you develop the operational side of the IMS. 6. Now, you have to develop the strategic side: consider strategic orientation, the context and risk analysis, a common policy and objectives, and you action plans. 7. Develop a monitoring and control plan. 8. Perform internal audits and a management review. The following material will provide you more information about integrated management systems: How to implement integrated management systems – https://advisera.com/articles/how-to-implement-integrated-management-systems/ - Free webinar – How to integrate ISO 9001:2015 and ISO 14001:2015 – https://advisera.com/9001academy/webinar/how-to-integrate-iso-90012015-and-iso-140012015-free-webinar-on-demand/ - Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/ - Enroll for free course - ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/ - ISO 9001, ISO 14001 and ISO 45001 Integrated Documentation Toolkit – https://advisera.com/9001academy/iso-9001-iso-14001-iso-45001-integrated-documentation-toolkit/ - book – THE ISO 14001:2015 COMPANION – A A Straightforward Guide to Implementing an EMS in a Small Business – /books/the-iso-14001-2015-companion/ - book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Scope determination


    Answer

    An organization can have several lines of products, can have different markets, can provide different services. Once an organization decides to implement a quality management system (QMS) and certify it, the organization is not obliged to integrate all those services, lines and products under the QMS and subject all activities to certification. Deciding the scope of the QMS is not a technical decision, it is a management decision.

    The certificate describes the scope of the QMS in order to avoid misleading any interested party. If financing services are very important for your organization’s offer perhaps it is useful to integrate them in the list.

    The following material will provide you more information about scope definition:
    - ISO 9001 – How to define the scope of the QMS according to ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/how-to-define-the-scope-of-the-qms-according-to-iso-90012015/
    - free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
    - book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Getting clients as consultant


    Answer:

    When people ask me: how do I get clients as consultant? I draw the following picture:

    https://www.screencast.com/users/ccruz5284/folders/Default/media/d7757910-6e7d-4700-8cea-94c64790b56a

    People must be aware of your existence and must be aware of your competence, and trust on your competence. I wrote a blogpost precisely for people like you facing the challenge of starting a business as consultants.

    The following material will provide you information about getting clients as consultant:
    - How to get new clients for your ISO 9001 consultancy - https://advisera.com/9001academy/blog/2019/03/05/how-to-get-new-clients-for-your-iso-9001-consultancy/
    - Free webinar – How to sell ISO consulting services - https://advisera.com/9001academy/webinar/how-to-sell-iso-consulting-services-free-webinar-on-demand/
    - Free online course - ISO 14001:2015 Lead Implementer Course - https://advisera.com/training/iso-14001-lead-implementer-course/

  • Alternatives for implementing a QMS


    Answer
    I start with a question: is there any relevant advantage for your company in being ISO 9001 certified? An organization can implement a quality management system according to ISO 9001 at its own pace and not advance to certification. However, if certification can give your company a boost in credibility and image, particularly among potential clients, then, perhaps it is worth getting it. During implementation year you will need a 60/80% time of a person for being p roject leader. So, you can get the help of a consultant, you can hire a quality manager/project leader with previous experience in implementation projects, you can hire someone to be the quality manager, even without experience, and train him or her on ISO 9001 and get help with documentation from a tool kit.

    Please check the following material, Advisera developed these kinds of products/services with organizations like yours in mind:
    - Article – Six Key Benefits of ISO 9001 Implementation - https://advisera.com/9001academy/knowledgebase/six-key-benefits-of-iso-9001-implementation/
    - Free webinar on demand - Overview of ISO 9001 implementation steps - https://advisera.com/9001academy/webinar/overview-of-iso-9001-implementation-steps-free-webinar-on-demand/
    - Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
    - ISO 9001:2015 Documentation Toolkit - https://advisera.com/9001academy/iso-9001-documentation-toolkit/
    - Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Human resources in ISO 9001

    1. Is it applicable to consider human resource policy among policies necessary during implementation of QMS
    2.What human resource policy should reflect in context with QMS.
    3. Which human resource policy suite best when implementing QMS

    Answer:

    Since all questions are related I will anwer them together. Basically human resources policies need to be aligned with the human resources requirements that are found in ISO 9001.

    On the one hand, in the standard there are requirements for the people that are involved in the QMS processes and on the other hand, there are requirements for the people that need to achieve conformity of products and services. This is reflected in clause 7.1.2.

    Also in clause 7.2, Competence, there are specific requirements to ensure people are competent adquiring the necessary knowledge. This also must be reflected in the HR procedure (if the organization decide to have it) or HR policies of the company.

    For more information about human resource s requirements in ISO 9001:2015, see the following materials:
    - Article - How to create an ISO 9001:2015 human resources audit checklist: https://advisera.com/9001academy/blog/2019/02/28/how-to-create-an-iso-90012015-human-resources-audit-checklist/
    - Article - Understanding Resource Management in ISO 9001: https://advisera.com/9001academy/blog/2014/02/11/understanding-resource-management-iso-9001/
    - Free on-line training - ISO 9001:2015 Foundations Course: https://advisera.com/training/iso-9001-foundations-course/
    - Discover ISO 9001:2015 though practical examples: https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Opportunities around environmental aspects


    Answer:

    For example, imagine that during the environmental assessment your organization determined that waste generation is a relevant environmental aspect. When evaluating context your organization can determine certain trends relevant for the environment such as: technological innovations that allow a more efficient use of raw materials reducing the waste generated. So, when you consider together that environmental aspect and the technological evolution, you can identify an opportunity to increase raw material yield and reduce an environmental impact.


    The following material will provide you information about an environmental aspects and opportunities:
    - ISO 14001 – 4 steps in identification and evaluation of environmental aspects - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/4-steps-in-identification-and-evaluation-of-environmental-aspects/ uation-of-environmental-aspects/
    - ISO 14001 risks and opportunities vs. environmental aspects - https://advisera.com/14001academy/blog/2016/06/06/iso-14001-risks-and-opportunities-vs-environmental-aspects/
    - free online training ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
    - book - THE ISO 14001:2015 COMPANION – A Straightforward Guide to Implementing an EMS in a Small Business - https://advisera.com/books/the-iso-14001-2015-companion/
Page 551-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +