Search results

Home / Search

Category:
Select
Select

11272 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • ISO 20000 Tool


    Answer:
    In some of my recent implementation I used GLPI. But, there are also some other tools like described in the article "Free tools for ITSM – supporting IT Service Management for zero tool cost" https://advisera.com/20000academy/knowledgebase/free-tools-for-itsm/

    Also, this article can help you choose appropriate tool "
    5 things to beware of when selecting an ITSM tool" https://advisera.com/20000academy/blog/2016/03/08/5-things-to-beware-of-when-selecting-an-itsm-tool/

  • High Risk Apetite

    Answer: Risk appetite does not depend ONLY on the nature of the business, because other aspects can affect it (e.g., cultural and technological issues).

    The risk appetite can always be challenged, specially by the risk management officer, but you have to keep in mind that final decision is always up to top management (they set where the line must be drawn, depending on their perception of the risks). If you do not agree with their decision, then you have to review the data you present to them, or try to understand how they perceive risk, so you can adjust your approach or change your mind. In any case you have to be careful not to try to push your opinion too much (remember that the final decision is up to them).

  • What standards or procedures to follow for medical mobile app?


    Answer:

    Design and development of medical mobile apps should follow the local regulatory requirements in the country where you will be producing these mobile apps, and should also follow some guidance from the ISO 13485 standard. You can look at clause 7.1 Product Realization and 7.3 Design and Development for some basic guidance on the documentation. As for design specification of the UI/UX of these mobile apps, there are no standards nor other requirements, so you have to tailor them towards the intended use of the mobile apps.

    For more information, please read article:
    How to manage design and development of medical devices according to ISO 13485:2016
    https://advisera.com/13485academy/blog/2017/08/24/how-to-manage-design-and-development-of-medical-devices-according-to-iso-134852016/

  • Developing a checklist


    Answer:
    Below you can find an article about developing an ISO 9001 audit checklist, a link to our internal audit toolkit (with a preview to our Internal Audit Checklist), a link to a free course on ISO 9001:2015 Internal auditor course and a link to a book on internal audits.
    - Article - ISO 9001 Audit Checklist - https://advisera.com/9001academy/knowledgebase/iso-9001-audit-checklist/
    - Article - ISO 9001:2015 Internal Audit Toolkit - https://advisera.com/9001academy/iso-9001-2015-internal-audit-toolkit/
    - [free course] ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-9001-internal-auditor-course/
    - book - ISO Internal Audit: A Plain English Guide - https://advisera.com/books/iso-internal-audit-plain-english-guide/

  • Managing regulations of different countries


    Answer:

    First it is important to define how the regulations will be identified and by whom, and after that how you will control them. For that I suggest these templates:
    - Procedure for Identification of Requirements https://advisera.com/27001academy/documentation/procedure-for-identification-of-requirements/
    - List of Legal, Regulatory, Contractual and Other Requirements https://advisera.com/27001academy/documentation/list-of-legal-regulatory-contractual-and-other-requirements/

    In case you have the regulations documents in electronic form, you also have to consider a documentation repository with control and searching capabilities, so I'd suggest you to take a look at our Conformio platform at this link: https://advisera.com/conformio/

    With Conformio’s bu ilt-in document management system, all your company documents and files are maintained in one place, allowing multi-user access in a safe and secure environment to store all your valuable information.

    For further information see:
    - How to identify ISMS requirements of interested parties in ISO 27001 https://advisera.com/27001academy/blog/2017/02/06/how-to-identify-isms-requirements-of-interested-parties-in-iso-27001/
    - Does ISO 27001 help CCPA compliance? https://advisera.com/27001academy/blog/2018/10/16/does-iso-27001-help-ccpa-compliance/

  • Surveillance audit schedule


    Answer:

    After a successful certification audit, the certification auditor must provide the organization with a general agenda for the surveillance audits, which will display the intended audits for the surveillance cycle. Near each surveillance audit the certification auditor must align the details of the audit with the organization. So, in short the organization must have an idea of the scope of the next audit.

    Considering the size of your organization, most probably all the scope will be audited on each surveillance audit, but you have to check this information with your certification body.

    For further information see:

    - Surveillance visits vs. certification audits https://advisera.com/27001academy/knowledgebase/surveillance-visits-vs-certification-audits/

  • List of Legal, Regulatory, Contractual and Other Requirements

    First it is important to note that you only have to develop such list if control A.18.1.1 (Identification of applicable legislation and contractual requirements) is applicable to your organization (the main clauses of the standard only require that such information must be considered with no need to document it).

    Regarding a partially filled document, unfortunately such information is protected by confidentiality agreements with our customers, but here is a practical example of how to fill this template:

    Consider that, a customer named Jon has a service level agreement with your company which defines, on clause 32-b, that access to all information provided by the customer to information system ABC are restricted to customer personnel only. In this case the person responsible for system ABC is responsible to ensure compliance of the system to this requirement. Then your document would be like this:

    Interested party: Customer Jon
    Requirement: Clause 32-b (Information provided to system ABC are restricted to customer's personnel)
    Document: Service level agreement
    Person responsible for compliance: System ABC administrator
    Deadline: when system ABC is made available for customer use

    Besides Service Level Agreements, you should consider laws and regulations applicable to the locations where you operate. For identification of specific requirements for your organization we recommend you to seek for expert legal advise.

  • Can the same set of documents be used for the new company?


    Answer:

    You can use the existing technical file and documents for the same product that you will be producing in the new company.

    For more information, please read article:

    How to meet ISO 13485:2016 requirements for medical device files
    https://advisera.com/13485academy/blog/2017/06/28/how-to-meet-iso-13485-requirements-for-medical-device-files/

  • Using the risk approach to design control practices


    Answer
    Let us imagine that you observed the activities around the reception of customer goods to be stored in your warehouse. Let us suppose that you only noted the following activities:
    Receive truck;
    Check papers;
    Determine storage location;
    Unload truck;
    Store goods;
    Update inventory.

    Now, you can apply the risk-based approach and think, with people that work on the process, what can go wrong in the process?

    And you list things like:
    Receiving goods not addressed to us;
    Receiving goods (quantities and/or references) different from what is the cargo manifest;
    Receiving goods with damaged or violated packaging;


    Now, if you apply a risk evaluation you can classify risks as critical or not critical. If your organization considers any of the risks determined as critical, you should consider an action plan to handle those risks. One of the action plans can be checking quantities and references during unloading of the cargo and recording the result somewhere. Another action plan could be creating a set of pictures that will be used to classify a damaged or violated packaging as relevant, to be recorded and communicated immediately to the client.

    Your organization will not use the products but will be responsible for their quantities and state while in your warehouse.

    The following material will provide you information about the risk approach:
    - Article - How to address risks and opportunities in ISO 9001 - https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
    - How to identify risk significance in ISO 9001:2015 - https://advisera.com/9001academy/blog/2019/01/14/how-to-identify-risk-significance-in-iso-90012015/
    - How to identify risk controls in ISO 9001:2015 - https://advisera.com/9001academy/blog/2019/01/21/how-to-identify-risk-controls-in-iso-90012015/
    - ISO 9001:2015 Risk Management Toolkit - https://advisera.com/9001academy/iso-90012015-risk-management-toolkit/
    - Free course – ISO 9001 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
    - Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

  • Audit evidence and management review purpose


    Answer: If control A.12.6.1 (Management of technical vulnerabilities) is applicable to your organization, and it is implemented by means of Vulnerability Assessment and Penetration Testing, then you may have to show the results to the auditors as evidence that this control is implemented and working properly. Of course you do not have to show all results, only the quantity required to evidence the control is implemented

    For further information, read:
    - How to use penetration testing for ISO 27001 A.12.6.1 https://advisera.com/27001academy/blog/2016/01/18/how-to-use-penetration-testing-for-iso-27001-a-12-6-1/

    2. What is the difference between an internal review and internal audit?

    Answer: I'm assuming you are referring to management review. Considering that, while the internal audit purpose is to verify if processes were planned according defined requirements and are being performed as planned, the purpose of management review is to evaluate if the expected results are bein g achieved and if plannings need to be adjusted.

    These articles will provide you further explanation about management review and internal audit:
    - Why is management review important for ISO 27001 and ISO 22301? https://advisera.com/27001academy/blog/2014/03/03/why-is-management-review-important-for-iso-27001-and-iso-22301/
    - How to prepare for an ISO 27001 internal audit https://advisera.com/27001academy/blog/2016/07/11/how-to-prepare-for-an-iso-27001-internal-audit/
Page 562-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +