Search results

Home / Search

Category:
Select
Select

11275 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Question from ISO 27001 Foundations Course

    Please note that at the beginning of the video (at the 10th second) it is said that requirements and interested parties need to be “determined”, which is different from being documented. You only need to identify them.

    Only in the case that control A.18.1.1 - Identification of applicable legislation and contractual requirements is deemed applicable for an ISMS, such requirements and interested parties need to be documented.  

  • Links between 14001, 27001 and 45001

    Please note that ISO 31000 is only one of many available approaches for risk management an organization can adopt (other examples are NIST RMF, German BSI, USA OCTAVE-S, etc.), according to their specific business needs, and promoting a single approach over others is not an objective of ISO.

    If an organization has implemented a systematic risk management approach that works for its context and is aligned with applicable legal requirements, then it is enough to be compliant with ISO management standards.

    Please also note that, in general, legal requirements that demand the implementation of an ISO standard are not specific to mandatory risk management approaches.

  • Applying Project Checklist for ISO 13485:2016 Implementation in a food processing organization

    Although there are some similarities, food processing has its own requirements, and our project checklist is not completely applicable to food processing organizations. HACCAP checklist is more applicable for that type of organization, but also some other standards that are specified for the food industry. 

  • Mandatory information in Conformity Declaration for Medical Device Class I

    If the new product has the same intended purpose, same name, and same GMDN, then yes, it is not necessary to have a new Declaration of conformity. This situation is called medical device family and for one medical device family, it is OK to have a unique Declaration of conformity. Usually, in cases when there are a lot of models, then there is an annex to the Declaration of conformity with the whole list of models.

    What I am concerned about here is the use of GMDN codes. EU published EU codes which are called EMDN codes and all medical devices under the MDR must have that codes. In the links are EMDN codes and a database where you can find which codes are applicable for your medical device family.

    For more information, see:

    Considering the UDI, for the class I medical devices, according to Article 123, the deadline for implementation of UDI is May 2025. So, this means that there is still no need to have a BASIC UDI on the Declaration of conformity.

    For further information, see:

    The next thing which is important to be on the Declaration of conformity according to the MDR is the Single registration number (SRN), so please check if that information is on it.

  • GDPR implementation

    There are many methodologies in order to drive a GDPR-compliance project. At Advisera, we have an EU GDPR Toolkit containing 39 document templates – all documents required by GDPR, plus commonly used non-mandatory documents – which can help you drive your GDPR-compliance project, as the toolkit is designed in a structured way, allowing you to start the project while filling the documents in the first directory, Preparations for the Project. This directory contains a Readiness Assessment Template and a Project Plan Template, which can be filled using our step-by-step indications in the comments from the documents. Then you can start filling the templates available in all the directories in the toolkit. The toolkit also provides you access to video tutorials, email support, expert review of a document, one hour of live one-on-one online consultations with a GDPR expert, and many other benefits.

    We can also help you with free GDPR training (at the end you can purchase a certification), free articles, and free webinars.

    Please also consult these resources:

  • ISO 13485 Internal Auditor

    One solution is that all of you are educated for internal auditors and audit each other. Another solution is to hire an external company that will provide the internal audit for you. It can be a consultant company that knows the ISO 13485 (you need proof of that), or a person who is an auditor for other notify bodies and with whom you will have a contract that he/she is your internal auditor.   

  • Special Interest Groups

    Examples of special interest groups are manufacturers, specialized forums, and professional associations. The government is another example of a special interest group.

    This article will provide you with further explanation about special interest groups:

  • SOA Based ISMS Manual

    If I understood correctly, you’ve sent the SoA-based ISMS Manual.

    Considering that, first is important to note that an SoA compliant with ISO 27001 must contain the following information:

    • All applied controls
    • Justification for inclusions
    • Implementation status
    • justification for exclusions of controls from Annex A

    In case any of this information is missing, the SoA document will not be accepted by an auditor.

    As for the 2nd level document (the SoA Based ISMS Manual), we do not recommend such an approach to our customers, because this kind of document requires a great effort to be written but is of very limited use for employees in the company. Instead, you should focus on writing the security policies and procedures (included in your toolkit) that describe how to implement and maintain security in your company.

    For further information about an ISMS manual, please see:

Page 62-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +